CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2025/10/23 4:25 p.m.•2 views

GO-2025-3997 github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks in github.com/MANTRA-Chain/mantrachain

github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks in github.com/MANTRA-Chain/mantrachain...

8.8CVSS7AI score0.00077EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•19 views

EUVD-2025-31776

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.00077EPSS

Exploits0References5

Cvelist•added 2025/10/02 7:36 p.m.•22 views

CVE-2025-61595 MANTRA tx gas limit is not enforced in send hooks

8.8CVSS0.00077EPSS

CVE•added 2025/10/02 7:36 p.m.•14 views

CVE-2025-61595

CVE-2025-61595 pertains to MANTRA Chain. Versions up to 4.0.1 do not enforce the tx gas limit in send hooks, allowing gas to be spent beyond remaining and enabling recursive calls in the wasm contract, potentially causing exponential gas consumption. The issue is fixed in version 4.0.2. Affected ...

8.8CVSS6.3AI score0.00077EPSS

CNNVD•added 2025/10/02 12:0 a.m.•2 views

Mantrachain 安全漏洞

Mantrachain is a blockchain software open source by MANTRA Chain. A security vulnerability exists in Mantrachain version 4.0.1 and earlier, which stems from an unenforced transactional gas limit that could lead to exponential gas consumption...

8.8CVSS8.8AI score0.00077EPSS

OSV•added 2025/09/30 9:6 p.m.•3 views

GHSA-QWVM-WQQ8-8J69 github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks

Impact send hooks can spend more gas than what's remained in tx, combined with recursive calls in the wasm contract, can amplify the gas consumption exponentially. Patches It's patched in v4.0.2 and v5.0.0 Workarounds Is there a way for users to fix or remediate the vulnerability without upgradin...

8.8CVSS6.8AI score0.00077EPSS

Exploits0References6

Github Security Blog•added 2025/09/30 9:6 p.m.•10 views

github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks

8.8CVSS6.8AI score0.00077EPSS

Exploits0References6Affected Software4

Veracode•added 2024/04/18 5:25 a.m.•11 views

Denial Of Service (DOS)

github.com/evmos/evmos is vulnerable to a Denial Of Service. The vulnerability is due to improper handling of nested MsgEthereumTx messages, allowing bypass of the block gas limit and causing indefinite chain halts...

OSV•added 2024/04/17 5:35 p.m.•12 views

GHSA-V6RW-HHGG-WC4X Evmos vulnerable to DOS and transaction fee expropiation through Authz exploit

Impact What kind of vulnerability is it? Who is impacted? An attacker can use this bug to bypass the block gas limit and gas payment completely to perform a full Denial-of-Service against the chain. Disclosure Evmos versions below v11.0.1 do not check for MsgEthereumTx messages that are nested...

9.1CVSS7.1AI score

Code423n4•added 2023/11/13 12:0 a.m.•5 views

Missing deadline checks

Lines of code Vulnerability details Consider addings implementation to handle the expiration of the transaction for additional security. To implement a transaction expiration mechanism in the emergencyWithdraw add a timestamp check to ensure that the transaction is executed only within a certain...

6.9AI score

Code423n4•added 2023/11/10 12:0 a.m.•8 views

payable.transfer() call will result in loss of unused Ether

Lines of code Vulnerability details Impact batchContribute function carries out funding and transfer in batches by using the payable.transfer call. This is unsafe as transfer has hard coded gas budget and can fail when the user is a smart contract. This way programmatical usage of batchContribute...

Code423n4•added 2023/11/10 12:0 a.m.•9 views

Unbounded iteration over all index

Lines of code Vulnerability details Impact The transactions could fail if the array get too big and the transaction would consume more gas than the block limit. This will then result in a denial of service for the desired functionality and break core functionality. Proof of Concept Functions like...

7.2AI score

Code423n4•added 2023/11/10 12:0 a.m.•16 views

Send Ether will call instead of transfer

Lines of code Vulnerability details Impact transfer automatically forwards exactly 2300 gas to the receiving contract. This limitation can restrict smart contract's ability to interact with other contracts that require more gas for their operations like receiving eth, leading to failed transactio...

7.6AI score

Code423n4•added 2023/11/03 12:0 a.m.•6 views

Upgraded Q -> 2 from #659 [1699030291397]

Judge has assessed an item in Issue 659 as 2 risk. The relevant finding follows: L-01 updateScores will result in DoS if pass a user with an already updated score Impact If updateScores is called for a user who is already updated in the same round, the function will misbehave, causing it to repea...

Code423n4•added 2023/10/11 12:0 a.m.•7 views

No check proxy contract is deployed

Lines of code Vulnerability details The deployProxyDelegatorIfNeeded function in ERC20MultiDelegate.sol does not verify that a proxy contract has been successfully deployed before emitting an event indicating its creation. Impact Both createProxyDelegatorAndTransfer and processDelegation function...

6.9AI score

Code423n4•added 2023/10/06 12:0 a.m.•14 views

Unbounded tick arrays; add max length check to prevent gas issues.

Lines of code Vulnerability details Impact Tick arrays like tickTracking can grow unbounded. Could hit gas limit. As ticks are crossed, new TickTracking elements are pushed: function crossTicks bytes32 poolIdx, int24 exitTick, int24 entryTick internal tickTrackingpoolIdxexitTick.push...

6.8AI score

Code423n4•added 2023/10/06 12:0 a.m.•4 views

The while loop used in all the accrueXXXPositionTimeWeightedLiquidity function could make a call reach the block gas limit

Lines of code Vulnerability details Proof of Concept If a user neither modifies his position nor claims rewards for a very long time, it might become impossible for him to do any action involving the internal functions accrueAmbientPositionTimeWeightedLiquidity or...

6.8AI score

Code423n4•added 2023/10/06 12:0 a.m.•13 views

FallBack Function might revert

Lines of code Vulnerability details The performFallbackCall function appears to be designed to send a message to the RootBridgeAgent using the lzReceive function. It includes the settlement nonce encoded as part of the message. Overall, the function seems fine for its intended purpose, but there...

7.3AI score

Code423n4•added 2023/10/04 12:0 a.m.•8 views

Gas Limit Issues/DoS with Block Gas Limit

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Iterating through the users array without a limitation might cause the function to consume a lot of gas, especially when the array size is large. It may potentially reach the block gas limit and get...