Lucene search
K

60 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-0996

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00873EPSS
Exploits0References6
Packet Storm News
Packet Storm News
added 2025/07/16 12:0 a.m.5 views

On the Consideration of Vanity Address Generation Via Identity-Based Signatures

An address is indicated as an identifier of the user on the blockchain, and is defined by a hash value of the ECDSA verification key. A vanity address is an address that embeds custom characters such as a name. To generate a vanity address, a classical try-and-error method is employed, and thus t...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/20 12:0 a.m.3 views

A Smart Contract-Based Non-Transferable Signature Verification System Using Nominative Signatures

Nominative signatures allow us to indicate who can verify a signature, and they can be employed to construct a non-transferable signature verification system that prevents the signature verification by a third party in unexpected situations. For example, this system can prevent IOU/loan certifica...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/12/21 12:0 a.m.14 views

Users can avoid liquidation by splitting their positions into smaller ones

Lines of code Vulnerability details Impact Bad debt creation, as the total sum of positions could yield a signicant underwater position, but they would likely not be liquidated as it wouldn't compensate liquidators. Proof of Concept A recent, random transaction on Mantle shows a gas fee of 0.47...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/12/08 12:0 a.m.16 views

Potential Gas Inefficiency due to Unnecessary abi.encode Usage

Lines of code Vulnerability details Impact The function unnecessarily uses abi.encode to convert a uint256 to bytes32, incurring additional gas costs. This doesn't affect correctness but may lead to suboptimal gas usage. Proof of Concept By modifying the fetchInteractionId function to directly ca...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/13 12:0 a.m.11 views

High possibility of DOS

Lines of code Vulnerability details Impact In the claimAuction function there is a high possibility of DOS where the auction winner is unable to claim the NFT due to high gas cost or not enough gas, this is due to the functions having three loops on same array of all bids, they are in the...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/21 12:0 a.m.5 views

A whale can DoS the token service by reaching flowlimit

Lines of code Vulnerability details Impact Clients can't transfer tokens between chains because the flow limit is reached. Proof of Concept In FlowLimit.sol:addFlow, we revert if current flowToAdd + flowAmount flowToCompare + flowLimit: uint256 flowToAdd; uint256 flowToCompare; assembly flowToAdd...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/05 12:0 a.m.8 views

Loss of user funds due to gas Limit set to zero on L2StandardBridge

Lines of code Vulnerability details Impact User loss of funds in the event a deposit fails. Proof of Concept In L2StandardBridge.finalizeDeposit, there exists an issue related to the gas limit setting. In the event of a failed transfer, it attempts to create a return transaction to refund the use...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/04/19 12:0 a.m.8 views

Equity.restructureCapTable only restructures one address at a time

Lines of code Vulnerability details Equity.restructureCapTable allows qualified FPS holders to restructure the system, that is: burning shares of other holders that did not participate in putting equity above water. File: Equity.sol 309: function restructureCapTableaddress calldata helpers, addre...

6.6AI score
Exploits0
NVD
NVD
added 2023/03/22 9:15 p.m.39 views

CVE-2023-28431

Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...

7.5CVSS7.3AI score0.00873EPSS
Exploits0References4
Prion
Prion
added 2023/03/22 9:15 p.m.18 views

Design/Logic Flaw

Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...

5CVSS7.3AI score0.00873EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/03/22 8:11 p.m.69 views

CVE-2023-28431

CVE-2023-28431 describes a vulnerability in Frontier’s modexp precompile used by Substrate. The implementation treats even and odd moduli differently: odd moduli use Montgomery multiplication, while even moduli fall back to a slower plain power algorithm. This mismatch caused a gas-cost discrepan...

7.5CVSS7.3AI score0.00873EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/03/22 8:11 p.m.43 views

CVE-2023-28431 Frontier's modexp precompile is slow for even modulus

Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...

7.5CVSS7.5AI score0.00873EPSS
Exploits0References4
OSV
OSV
added 2023/03/22 8:11 p.m.30 views

CVE-2023-28431 Frontier's modexp precompile is slow for even modulus

Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...

7.5CVSS7.2AI score0.00873EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/03/21 10:31 p.m.30 views

Frontier's modexp precompile is slow for even modulus

Impact Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery multiplication, and even modulus uses the slow plain power algorithm. This gas cost...

7.5CVSS7.1AI score0.00873EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/03/21 10:31 p.m.23 views

GHSA-FCMM-54JP-7VF6 Frontier's modexp precompile is slow for even modulus

Impact Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery multiplication, and even modulus uses the slow plain power algorithm. This gas cost...

7.5CVSS7.4AI score0.00873EPSS
Exploits0References6
Code423n4
Code423n4
added 2023/03/20 12:0 a.m.7 views

Gas Cost Vulnerability

Lines of code Vulnerability details The fuse function iterates through the provided characterList to check for duplicate characters and validate the trays. If the length of characterList is too high, the gas cost for executing the fuse function will also be high, potentially reaching the block ga...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/03/19 12:0 a.m.10 views

Users pay excessive gas cost for sending bytecode hashes to L1

Lines of code Vulnerability details Impact When deploying new contracts, users are forced to pay more gas than is required to publish the bytecode hash to the L1. Proof of Concept When users deploy new smart contracts, the protocol marks the hashes of the bytecodes of the contracts as known and...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/03/01 12:0 a.m.5 views

Upgraded Q -> 2 from #356 [1677633435546]

Judge has assessed an item in Issue 356 as 2 risk. The relevant finding follows: L-01 ERC4626 does not work with fee-on-transfer tokens in project Impact ERC20 token contract can be deposited with the deposit function. With the following part of the code, the ERC20 transfer from msg.sender to the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/01/30 12:0 a.m.9 views

mintReceipt should not allow users to mint after the end of a quest

Lines of code Vulnerability details mintReceipt currently does not have any check that the questId passed as an argument corresponds to an active quest. As the signature will be valid without a deadline, a user can call mintReceipt after the end of a quest, when there is no more funds in the Ques...

6.7AI score
Exploits0
Rows per page
Query Builder