5 matches found
CVE-2026-59252
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...
CVE-2026-59252
The CVE-2026-59252 entry describes a missing gas_limit validation in ZenHive mpp when configured as a fee payer (fee_payer: true). The MPP.Methods.Tempo payment method co-signs and broadcasts a client-supplied EVM transaction without ensuring the client-supplied gas_limit is sufficient, allowing ...
The check for msg.value in distributeFees is unnecessary and may cause error
Lines of code Vulnerability details Impact Transactions may fail because of this redundant check. Proof of Concept The function distributeFees will revert if msg.value == 0: function distributeFeesuint256 tokenId public onlyOwner payable if msg.value == 0 revert NothingToDistribute; balancestoken...
WithContext is not called on state changing operation
Lines of code Vulnerability details Impact Any state transition function must update keeper using WithContext function having latest context, otherwise incorrect state will be used. It was observed that CallEVM function misses the same Proof of Concept 1. Observe the CallEVM function func k Keepe...
Nonce is not updated after EVM Transaction
Lines of code Vulnerability details Impact It was observed that nonce is not updated while performing the EVM transaction. This could lead to Replay attacks Proof of Concept 1. Observe the CallEVM function func k Keeper CallEVM ctx sdk.Context, from common.Address, to common.Address, amount...