10 matches found
EUVD-2022-6683
Malicious code in bioql PyPI...
CVE-2022-36025
Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations including DELEGATECALL results in...
Incorrect calculation of gasToPay due to dividing before multiplying, rounding error.
Lines of code Vulnerability details Impact In Solidity, it is an error to divide before multiplying because of lots of rounding errors that can come from that. In this case: uint256 pubdataLen; unchecked pubdataLen = message.length + 31 / 32 32 + 64; uint256 gasToPay = pubdataLen...
Division before multiply results in precision loss
Lines of code Vulnerability details Impact Precision loss occurs when division is carried out before multiplication, that can affect gas calculation in terms of publishing the data to L1. Proof of Concept Tools Used Manual Review Recommended Mitigation Steps Recommendation is made for avoiding...
CVE-2022-36025
Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations including DELEGATECALL results in...
CVE-2022-36025 Incorrect Conversion between Numeric Types in Besu Ethereum Client
Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations including DELEGATECALL results in...
Hyperledger Besu 安全漏洞
Hyperledger Besu is an open source application from Hyperledger. It is used to run, maintain, debug and monitor nodes in the Ethernet network. A security vulnerability exists in Hyperledger Besu versions prior to 22.1.3 through 22.7.1, which stems from an error in its 32-bit signed and unsigned...
PT-2022-23124 · Besu · Besu
Name of the Vulnerable Software and Affected Versions: Besu versions 22.1.4 through 22.7.0 Description: The issue is related to an incorrect conversion between numeric types in the calculation of available gas in CALL operations, including DELEGATECALL. This results in incorrect gas being passed...
[M1] Incorrect amount of gas sent in _distributeFunds
Lines of code Vulnerability details Impact In case recipients consume more gas than expected the transaction could revert or cost can be too high. Proof of Concept According to the definition of the variable SENDVALUEGASLIMITMULTIPLERECIPIENTS you intend to use all that gas for all recipients. /...
The amount of gas calculation for refunding is incorrect
Lines of code Vulnerability details Impact While matching the orders the gas cost is calculated so that it can be refunded back to the contract. The calculation for this gas is incorrect. The function keeps track of the gasleft at the beginning of the loop and adds additional amount of gas for pr...