7 matches found
Malicious code in flashbot-sdk-eth (npm)
The package flashbot-sdk-eth was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 52a62baf78e0196a1a1b9281fdbc9a6739bdac59ba497de64a461a107a173f97 Any computer that has this package installed or running should be considered fully...
Malicious Package
Overview flashbot-sdk-eth is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2025-47059 Malicious code in flashbot-sdk-eth (npm)
The package flashbot-sdk-eth was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 52a62baf78e0196a1a1b9281fdbc9a6739bdac59ba497de64a461a107a173f97 Any computer that has this package installed or running should be considered fully...
Sandwich attack on buy()
Lines of code Vulnerability details Impact Function Market:buy does not check or take in a minimum buy amount. This makes users' funds vulnerable to sandwich attacks. buy will increase shareDataid.tokenCount, and thus change the exchange rate of share price. price, fee =...
Long term denial of service due to lack of fees in Well
Lines of code Vulnerability details Description The Well allows users to permissionless swap assets or add and remove liquidity. Users specify the intended slippage in swapFrom, in minAmountOut. The ConstantProduct2 implementation ensures Kend - Kstart = 0, where K = Reserve1 Reserve2, and the...
Attacker can collect all positive rebase from the poll
Handle gzeon Vulnerability details Impact The concept of ElasticSwap is not to change relative price upon positive rebase event. However, this allow an attacker to sandwich a known positive rebase event for profit. Proof of Concept 1. Assuming we have pool with 10000 base and 10000 quote token 2...
add liquidity is vulnerable to sandwich attack
Handle jonah1005 Vulnerability details add liquidity is vulnerable to MEV Impact addLiquidity in the VaderRouter and VaderRouterV2 contract does not check the minimum liquidity amount. This makes users' funds vulnerable to sandwich attacks. The team says a minimum amount is not required as the...