6 matches found
CVE-2026-35679
Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was sometimes not verifying Sprout proofs...
Malicious Package
@solana/web3.js is a Malicious Package allowing an attacker to steal private key material and drain funds from applications directly handling private keys...
Reentrancy in mint function leads to various problems
Lines of code Mint function in minter contract: Mint function in core contract: Vulnerability details Bug Description When minting NFTs, users will using the mint function. This function will mint a NFT using the safeMint function. The problem is that this mint will be done before crucial variabl...
Admin can drain user funds from the Pool or buy assets for free
Lines of code Vulnerability details Impact We assume that the admin is honest, however there is still possibility of exploiting asset policy contract to and set price to 0 in oder to buy an asset for free - or even worse - drain user funds by setting the price really high in...
recoverERC20 can drain user's funds
Lines of code Vulnerability details recoverERC20 function is deployed so users who have accidently sent erc20 tokens to the contract be able to recover them. recoverERC20 uses ifminAmountRewardTokentoken != 0 revert Errors.CannotRecoverToken; to check if token was set to one of the RewardTokens o...
Microtransit EV Android App Has Logic Design Flaws
Microbus EV APP is a car time-share rental service software. Microtransit EV Android APP has a logical design vulnerability, the attacker logs into the system by grabbing packets to modify the user ID, logs into any account, and also performs unauthorized operations, such as funds consumption...