Godot MCP 操作系统命令注入漏洞

Godot MCP is an MCP server developed by Solomon Elias, designed for interfacing with the Godot game engine. Versions of Godot MCP prior to 0.1.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the executeOperation function, which directly...

PT-2026-6397

Impact A Command Injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input e.g., projectPath directly to exec, which spawns a shell. An attacker could inject shell metacharacters like $command or &calc to execute arbitrary comman...

initiator in OptionsPositionManager.executeOperation is not checked

Lines of code Vulnerability details Impact An attacker can execute flashloan pretending to be other user. Proof of Concept LendigPool.flashloan sends which user called in the parameter initiator, but it is not used in executeOperation. Tools Used Manual review. Recommended Mitigation Steps Check ...

executeOperation() doesn't pass/authenticate the initiator address

Lines of code Vulnerability details Impact In OptionsPositionManager.sol executeFlashloan. File: contracts/PositionManager/OptionsPositionManager.sol function executeOperation address calldata assets, uint256 calldata amounts, uint256 calldata premiums, address initiator, bytes calldata params...

Missing check for equal length arrays in executeOperation().

Lines of code Vulnerability details Impact The executeOperation function in the OptionsPositionManager contract doesn't check if the lengths of the arrays submitted are equal. This can lead to unexpected operations. Proof of Concept In the OptionsPositionManager contract, the executeOperation...

OperatorProposal._executeOperation() should refund excess ETH

Lines of code Vulnerability details Impact There are excess ETH in OperatorProposal.executeOperation, and it should be refunded. Proof of Concept OperatorProposal.executeOperation runs data.operator.execute with data.operatorValue of ETH. data.operator.execute value: data.operatorValue...

MIMOProxy: The transferOwnership function does not update _currentProxies, which causes the core functionality to not work

Lines of code Vulnerability details Impact When the transferOwnership function of the MIMOProxy contract is called, currentProxiesnewOwner is not updated, which causes getCurrentProxynewOwner to return 0 or the wrong MIMOProxy contract address when newOwner executes the function in the current...

When a user is given the owner privilege of multiple MIMOProxy through transferOwnership, the user cannot choose which MIMOProxy to use as the current Proxy

Lines of code Vulnerability details Impact currentProxies is only set when the user calls the deployFor function of the MIMOProxyRegistry contract, function deployForaddress owner public override returns IMIMOProxy proxy IMIMOProxy currentProxy = currentProxiesowner; // Do not deploy if the proxy...

MIMOEmptyVault.sol executeOperation() does not transfer the Vault leftover assets to the owner, it is locked in the MIMOEmptyVault

Lines of code Vulnerability details Impact MIMOEmptyVault.sol executeAction is supposed to pay off the debt and return the leftover assets to the owner of the Vault But In fact the emptyVault contract, after executing the executionOperation, only pays back the flash loan, and does not transfer th...

Fund loss or theft by attacker with creating a flash loan and setting SuperVault as receiver so executeOperation() will be get called by lendingPool but with attackers specified params

Lines of code Vulnerability details Impact According to Aave documentation, when requesting flash-loan, it's possible to specify a receiver, so function executeOperation of that receiver will be called by lendingPool. In the SuperVault there is no check to prevent this attack so attacker can use...