Lucene search
K

4 matches found

OSV
OSV
added 2024/12/04 6:9 p.m.11 views

GHSA-JCXM-7WVP-G6P5 Modified package published to npm, containing malware that exfiltrates private key material

Earlier today, a publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from...

8.3CVSS6AI score0.00431EPSS
Exploits0References4
Code423n4
Code423n4
added 2023/03/07 12:0 a.m.8 views

Centralization Risk for trusted owners

Lines of code https://github.com/code-423n4/2023-02-ethos/blob/73687f32b934c9d697b97745356cdf8a1f264955/Ethos...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.8 views

Malicious relayer could exploit sponsor vaults

Lines of code Vulnerability details Impact Sponsor vaults drained Proof of Concept reimburseRelayerFees uses SponsorVault funds to repay users the fees they pay to relayers. A malicious relayer could create a large number of transactions with the max reimbursed relay fee specified in SponsorVault...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/11/22 12:0 a.m.10 views

User can refund the received airdropped (free) "key"

Handle GiveMeTestEther Vulnerability details Impact User can refund the received airdropped free "key". If a lot of users received a airdropped "key" they can drain the funds of the lock. e.g. key owner cannot withdraw anything, user that purchased a key can't cancel and refund. Proof of Concept ...

6.8AI score
Exploits0
Rows per page
Query Builder