CVE-2026-43941

Electerm CVE-2026-43941 affects version 3.8.15 and earlier. The terminal hyperlink handler forwards any URL clicked in the terminal directly to shell.openExternal without protocol validation. An attacker controlling terminal output (e.g., via a malicious SSH server, compromised remote host, or ma...

Brillig: Heap corruption in foreign call results with nested tuple arrays

Description Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructions are processed block-by-block in BrilligBlock::compileblock. When the compiler encounters an Instruction::Call with a Value::ForeignFunction target, it invokes...

EUVD-2022-0912

Malicious code in bioql PyPI...

Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details getvirtualprice was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified state, and...

Reentrancy on batchRefund making external call

Lines of code Vulnerability details Impact Reentrancy can occur when the refund function being called inside the batchRefund function allows external contract calls that can trigger the batchRefund function again before the previous execution is completed. Proof of Concept The batchRefund functio...

FallBack Function might revert

Lines of code Vulnerability details The performFallbackCall function appears to be designed to send a message to the RootBridgeAgent using the lzReceive function. It includes the settlement nonce encoded as part of the message. Overall, the function seems fine for its intended purpose, but there...

Stealing extra mint fund by applying reentrancy attack on _execute with calling approve() again due to external call before crucial state update

Lines of code Vulnerability details Impact By applying reentrancy attack involving the function mintIfThresholdMet, an user can steal extra amount of mint fund. Proof of Concept The functions mintIfThresholdMet make external mint call prior to updating the txnHashToTransaction state. If the real...

CVE-2023-40015

Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...

Design/Logic Flaw

Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...

Xxe

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in...

No data validation, will result in all funds from the DAO contract stolen

Lines of code Vulnerability details Impact The vulnerability relies on the proposal creation function which forwards the proposal once accepted for the DAO contract to execute. Each proposal has a set of actions attached. struct Action address to; uint256 value; bytes data; function createProposa...

Malicious member can steal funds from the DAO contract.

Lines of code Vulnerability details Impact The malicious member can steal assets from DAO protocol. Proof of Concept The protocol allows the member to have the voting power to create a proposal createProposal. Where the action struct in the parameter refers to be consumed by the DAO's execute...

applySingleTargetPermissions function can consume all gas

Lines of code Vulnerability details Impact An extensive array of items can be passed in the function applySingleTargetPermissions, and it can consume all gas, and the transaction can be reverted. As this is an external function, the hacker can call it directly from the DAO contract Proof of Conce...

reentrancy in TimeswapV2Option.collect()

Lines of code Vulnerability details Impact collect function doesn't respect the check-effect-interaction pattern, where in the case if a param.data is provided it makes an external call to the caller, right after that, it updates option short amount state. in the case if the caller calls back int...

reentrancy in TimeswapV2Option.collect()

Lines of code Vulnerability details Impact collect function doesn't respect the check-effect-interaction pattern, where in the case if a param.data is provided it makes an external call to the caller, right after that, it updates option short amount state. in the case if the caller calls back int...

INCORRECT FUNCTION CALLS

Lines of code Vulnerability details Impact In Vault.sol, WithdrawProxy.sol and PublicVault.sol, name is making an incorrect external call to return its output variable. Apparently, it is calling ERC20asset.symbol instead of ERC20asset.name. Devoid of an accurate name description, this could lead ...

refPerTok() for one asset might revert and break the protocol

Lines of code Vulnerability details Impact It turns out that function refPerTok might revert for some assets. For example for CTokenFiatCollateral an external call might revert. As a result refPerTok also reverts. Function refPerTok is called in a loop for all assets inside...

EXTERNAL CALL TO UNTRUSTED PARTIES

Lines of code Vulnerability details Impact Functions in this contract or inherited functions can be reentered. Proof of Concept In Vault.sol the withdrawAVAX and redeemAVAX functions make an external call to the msg.sender by way of safeTransferETH. This allows the caller to reenter this and othe...

Authorization Bypass

OpenZeppelin Contracts is vulnerable to authentication bypass. The vulnerability exists because initializer modifier is not properly handled which allows an attacker to cause reentrancy by executing an external call to an untrusted address...

arbitrary low level call

Lines of code Vulnerability details Impact An attacker may perform call to an arbitrary address with controlled calldata Proof of Concept File: contracts\DepositHandler.sol: 23 if callee.code.length == 0 revert NotContract; 24: success, returnData = callee.calldata; 25 references: Tools Used vsco...