MAL-2026-4496 Malicious code in bandkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2586b0e7114265fe8e85fee87db4b264f1dce9a574916b333af41870369e44a bandkit ships a React/Solidity 'strategy bot' library whose deployment helper hardcodes an XOR-obfuscated Ethereum address...

echidna-credit-union-race-CTF

NOISYECHIDNA — Race Condition CTF This repository implements...

EUVD-2020-22734

Malware in sbrugna...

EUVD-2018-14584

Malware in sbrugna...

EUVD-2018-14583

Malware in sbrugna...

OPC cardsystems Webapp Aufwertung 安全漏洞

OPC cardsystems Webapp Aufwertung is a billing system from OPC cardsystems, Inc. A security vulnerability exists in OPC cardsystems Webapp Aufwertung version 2.1.0 that stems from a transaction reference that can be reused, potentially resulting in an improper transfer of funds...

CVE-2020-2941

Vulnerability in the Oracle Financial Services Funds Transfer Pricing product of Oracle Financial Services Applications component: User Interface. Supported versions that are affected are 8.0.6 and 8.0.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP...

CVE-2024-7747

The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6. This is due to a numerical logic flaw when transferring funds to another user. This makes it possible for authenticated attackers, with...

PT-2024-38555 · WordPress · Terawallet – For Woocommerce

Name of the Vulnerable Software and Affected Versions: Wallet for WooCommerce plugin for WordPress versions up to, and including, 1.5.6 Description: The issue arises from a numerical logic flaw when transferring funds to another user, allowing authenticated attackers with Subscriber-level access...

TRANSFERING FUNDS TO YOURSELF INCREASES YOUR BALANCE

Lines of code Vulnerability details Impact If transferred to yourself, it will cause your balance to increase, thus growing the token balance infinitely. Proof of Concept File: src/market/WildcatMarketToken.sol 54: transferfrom, to, amount; 74: accountsfrom = fromAccount; 78: accountsto =...

Funds added to reserves through sync are accidentally transferred out to users

Lines of code Vulnerability details Impact Wells have the ability to shift funds to other Wells as part of gas-efficient multi-pool swaps. This natspec explanation of this can be find here. The sync function is intended to synchronize the underlying token amounts with the token reserves of the...

A malicious user can call transferWithdrawReserve() multiple times to modify s.withdrawReserve

Lines of code Vulnerability details Impact The function PublicVault.soltransferWithdrawReserve is meants to transfers funds from the PublicVault to the WithdrawProxy. However, this function has no access control, anyone can call it multiple times to modify the withdrawReserve value Proof of Conce...

Anyone can call addLiquidity function and be the router

Lines of code Vulnerability details Impact Anyone can call addLiquidity, meaning that when IAddLiquidityCallbackmsg.sender.addLiquidityCallbacktokenAAmount, tokenBAmount, data; is called, the msg.sender can be a contract that a malicious user has deployed and has a addLiquidityCallbacktokenAAmoun...

Buyers unused ETH funds can be stolen (Direct theft of funds)

Lines of code Vulnerability details Impact The protocol has recognized the need to track buyers ETH in order to refund unused ETH by implementing the returnDust function and setupExecution modifier. The implementation creates an attack vector that allows the seller to steal the unused ETH...

Repeated calls to deliverBribes() risks draining bribe of assets into Gauge

Lines of code Vulnerability details Impact Funds drain from Bribe prematurely with repeated calls to deliverBribes Proof of Concept Calling deliverBribes calls deliverRewards which transfers the amount specified as the rewards due and sends to gauge. Repeated calls to deliverBribes makes repeated...

Funds are transferred to saleRecipient before settlement

This issue has been created to subdivide a multi-part submission to a single, medium severity finding. See issue 50 and in particular, judge @0xleastwood's comment here. --- The text was updated successfully, but these errors were encountered: All reactions...

Schain owners can rug pull users' funds

Lines of code Vulnerability details Impact Once a chain has been killed the chain owner is able to call getFunds on each of the deposit boxes and transfer funds/tokens wherever he/she wishes Even if the owner is benevolent the fact that there is a rug vector available may negatively impact the...

[WP-H32] PoolTemplate.sol Attacker can call Factory#createMarket() and transfer funds from another user's wallet to the pool

Handle WatchPug Vulnerability details function initialize string calldata metaData, uint256 calldata conditions, address calldata references external override require initialized == false && bytesmetaData.length 0 && references0 != address0 && references1 != address0 && references2 != address0 &&...

Lack of access control allows attacker to call wrap() and steal other user's wallet balance

Handle WatchPug Vulnerability details function wrapuint amount, address from, address to, address rewardOwner external override JLP.transferFromfrom, addressthis, amount; JLP.approveaddressMasterChefJoe, amount; // stake LP tokens in Trader Joe's. // In process of depositing, all this contract's ...

Unlimited allowances let anyone move funds to child vaults

Handle 0x0x0x Vulnerability details A malicious attacker can move someones funds between their vaults, since max allowances are given. As a consequence, a malicious user can block activities such as reclaimTokens. Although, funds are not directly stolen, it is possible to revert transactions of...