EUVD-2022-0528

Malicious code in bioql PyPI...

CVE-2021-45698

An issue was discovered in the ckb crate before 0.40.0 for Rust. A getblocktemplate RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction...

Volatility update bypassed with small transactions

Lines of code Vulnerability details Impact Volatility, and by extension the fee rate increase due to volatility can be circumvented by starting swaps with a token amount. The volatility is accumulated only at specific intervals, similar to the cumulative number of bins crossed. This is an issue...

Protocol fee rate can be arbitrarily modified by the owner and the new rate will apply to all existing orders

Lines of code Vulnerability details function matchOneToOneOrders OrderTypes.MakerOrder calldata makerOrders1, OrderTypes.MakerOrder calldata makerOrders2 external uint256 startGas = gasleft; uint256 numMakerOrders = makerOrders1.length; requiremsg.sender == MATCHEXECUTOR, 'OME';...

Upgraded Q -> M from 268 [1654474507101]

Judge has assessed an item in Issue 268 as Medium risk. The relevant finding follows: High feeRate can break core protocol function PROBLEM There is no maximum input value on setFee in Cally.sol. But if the owner sets it to a uint greater than 1e18, the users will not be able to call exercice as...

Upgraded Q -> M from 286 [1654474962848]

Judge has assessed an item in Issue 286 as Medium risk. The relevant finding follows: No min/max fee rate Line Refrences Cally.solL119-121 Description Limits for the fee rate should be set to avoid mistakes when setting the fee. A fee rate that is over 100% could result in the exercise function n...

[WP-M3] PRIMARY_FOUNDATION_FEE can be bypassed

Lines of code Vulnerability details The protocol is charging a different fee rate when the NFT is sold by the creator for the first time on the platform, the fee rate is currently set to a constant value of 15%. For other sales, the fee rate is only 5%. if isCreator &&...

RPC call failure in ckb

An issue was discovered in the ckb crate before 0.40.0 for Rust. A getblocktemplate RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction...

GHSA-8GJM-H3XJ-MP6W RPC call failure in ckb

An issue was discovered in the ckb crate before 0.40.0 for Rust. A getblocktemplate RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction...

CVE-2021-45698

An issue was discovered in the ckb crate before 0.40.0 for Rust. A getblocktemplate RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction...

Information disclosure

An issue was discovered in the ckb crate before 0.40.0 for Rust. A getblocktemplate RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction...

CVE-2021-45698

The CVE-2021-45698 issue affects the Rust crate ckb prior to 0.40.0. The get_block_template RPC may fail when it should select a higher-fee transaction, impacting block template construction. The vulnerability is described consistently across sources (NVD/Red Hat and related advisories) as a get_...

CVE-2021-45698

An issue was discovered in the ckb crate before 0.40.0 for Rust. A getblocktemplate RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction...

Miner fails to get block template when a cell used as a cell dep has been destroyed.

Impact The RPC getblocktemplate fails when a cell has been used as a cell dep and an input in the different transactions. Say cell C is used as a dep group in the transaction A, and is destroyed in the transaction B. The node adds transaction A first, then B into the transaction pool. They are bo...

RUSTSEC-2021-0107 Miner fails to get block template when a cell used as a cell dep has been destroyed.

Impact The RPC getblocktemplate fails when a cell has been used as a cell dep and an input in the different transactions. Say cell C is used as a dep group in the transaction A, and is destroyed in the transaction B. The node adds transaction A first, then B into the transaction pool. They are bo...