Lucene search
K

13 matches found

OSV
OSV
added 2025/03/04 9:20 a.m.3 views

MAL-2025-2104 Malicious code in gas-fee-saver (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 904ff1206c8caf54d8e6e4625ec9690c0925700de436af0685916b90e17003ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/04 9:20 a.m.3 views

Malicious code in gas-fee-saver (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 904ff1206c8caf54d8e6e4625ec9690c0925700de436af0685916b90e17003ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Code423n4
Code423n4
added 2023/11/13 12:0 a.m.15 views

Missing gas fee limit

Lines of code Vulnerability details The use of .callvalue: balance"" does not limit the gas sent along with the Ether, potentially allowing all gas in the transaction to be used by the receiver. // Set a specific gas limit for the call if applicable uint256 gasLimit = someGasLimit; // Define...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/03 12:0 a.m.8 views

[H] Eth remains stuck in contract due to reversion in convertToPeUSD

Lines of code Vulnerability details Impact ETH sent with this call will not be refunded to the caller upon revert. Proof of Concept Due to a discrepancy in the convertToPeUSD function where the call to mintVault implemenation from transferFrom is non-existent, the subsequent call to...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/04/03 12:0 a.m.6 views

Malicious user can force victims to waste a lot of gas when they redeem their dMute

Lines of code Vulnerability details Proof of Concept When redeeming, the user must iterate through all the elements of userLock to destroy any redeemed locks. foruint256 i = userLocksmsg.sender.length; i 0; i-- UserLockInfo memory lockinfo = userLocksmsg.senderi - 1; // recently redeemed lock,...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/03/18 12:0 a.m.11 views

Operator can cause funds to be stolen by manipulating gas fee refund

Lines of code Vulnerability details Impact An operator can manipulate the refund of gas fee mechanism to steal from the bootloader balance. Inside refundCurrentL2Transaction function in the bootloader where the refund is happening for the refund recipient at L1097, the operator provides a value f...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/11/14 12:0 a.m.9 views

Upgraded Q -> M from #403 [1668467487185]

Judge has assessed an item in Issue 403 as M risk. The relevant finding follows: 1. No upper limit check on flash loan fee No upper limit check on setFlashLoanFee. Although only admin can set this, human error can lead to higher percente swap, leading to excess swap and gas fee. Or admin can rug...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/10/25 12:0 a.m.7 views

Users can create beam request for a destination chain without paying a fee.

Lines of code Vulnerability details Impact When a user creates a beam request for a destination chain, the user can input zero as a value for gasLimit. With this, the user is able to make the request without paying any fees to Hologram since messagingModule.getHlgFeetoChain, gasLimit, gasPrice;...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/10/25 12:0 a.m.14 views

If user sets a low gasPrice the operator would have to choose between being locked out of the pod or executing the job anyway

Lines of code Vulnerability details During the beaming process the user compensates the operator for the gas he has to pay by sending some source-chain-native-tokens via hToken. The amount he has to pay is determined according to the gasPrice set by the user, which is supposed to be the maximum g...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/08/17 12:0 a.m.10 views

Function may fail when called due to the imprecise length of arrays to be looped (initialize function)

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Even though the array is calldata, there are...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/07/15 12:0 a.m.11 views

Accidentally cancel order

Lines of code Vulnerability details Accidentally cancel order Impact Some market maker's limit order might be accidentally cancelled, and has to be resubmitted again. If the user did not do this on purpose, without knowing the fact that the order has been cancelled, it may lead to unexpected...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/07/11 12:0 a.m.7 views

Upgraded Q -> M from 270 [1657580270573]

Judge has assessed an item in Issue 270 as Medium risk. The relevant finding follows: 6.L- Admin config ProtocolFee and gasFee missing max amount check which can be used to take fund from user With PROTOCOLFEEBPS 10000 more than 100%, the exchange can steal user WETH who might approve max WETH...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/05/30 12:0 a.m.8 views

Griefing Attack By Extending The Reward Duration

Lines of code Vulnerability details Proof-Of-Concept The Gauge.notifyRewardAmount notifies the contract of a newly received rewards. This updates the local accounting and streams the reward over a preset period Five days. It was observed that this function is callable by anyone regardless of...

6.5AI score
Exploits0
Rows per page
Query Builder