164 matches found
CVE-2021-41593
Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure...
CVE-2024-34478
btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of...
CVE-2024-34694
LNbits is a Lightning wallet and accounts system. Paying invoices in Eclair that do not get settled within the internal timeout about 30s lead to a payment being considered failed, even though it may still be in flight. This vulnerability can lead to a total loss of funds for the node backend. Th...
EUVD-2026-0818
ERC7984ERC20Wrapper: once a wrapper is filled, subsequent wrap requests do not revert and result in loss of funds...
EUVD-2019-4573
Malware in sbrugna...
EUVD-2021-0992
Malware in sbrugna...
EUVD-2020-19425
Malware in sbrugna...
EUVD-2024-40254
Malicious code in bioql PyPI...
EUVD-2022-7361
Malicious code in bioql PyPI...
EUVD-2024-1900
Malicious code in bioql PyPI...
EUVD-2021-28606
Malicious code in bioql PyPI...
EUVD-2021-28605
Malicious code in bioql PyPI...
CVE-2022-39389
Lightning Network Daemon lnd is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments a...
CVE-2024-43366
zkvyper is a Vyper compiler. Starting in version 1.3.12 and prior to version 1.5.3, since LLL IR has no Turing-incompletness restrictions, it is compiled to a loop with a much more late exit condition. It leads to a loss of funds or other unwanted behavior if the loop body contains it. However,...
LNbits Security Vulnerabilities
LNbits is a Python server open-sourced by LNbits. A security vulnerability exists in versions of LNbits prior to 0.12.6 that stems from the fact that if a payment invoice in Eclair is not cleared within an internal timeout period, it will be treated as a payment failure, even if the payment is...
GO-2024-2818 Consensus failures in github.com/btcsuite/btcd
Incorrect implementation of the consensus rules outlined in BIP 68 and BIP 112 making btcd susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of funds...
Race Condition
btcd is vulnerable to a Race Condition. The vulnerability is due to the incorrect implementation of consensus rules as outlined in BIP 68 and BIP 112, specifically by treating the transaction version as a signed integer instead of unsigned. This misinterpretation can lead to a chain split and...
CVE-2024-34478
btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of...
CVE-2024-1631
Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...
CurveTricryptAdapter::primitiveOutputAmount & Curve2PoolAdapter::primitiveOutputAmount can swap without slippage tolerance
Lines of code Vulnerability details Impact While there is a “Slippage protection” implementation in the contract if uint256minimumOutputAmount outputAmount revert SLIPPAGELIMITEXCEEDED; There is no validation that minimumOutputAmount is not set to 0. This can result in lost of funds. Although Oce...