No gas payment is done before calling the callContract in the Router.sol

Lines of code Vulnerability details Impact In the Axelar documentation it is specified that before calling callContract or callContractWithToken the user needs to first prepay the relayers gas fee on the source chain, but since the functions are not payable, nor does call...

Lack of expiration time for cross-chain message passing

Lines of code Vulnerability details Lack of expiration time for cross-chain message passing Summary Lack of expiration time for cross-chain message passing Vulnerability Detail In the current implementation, the L1CrossDomainMessagern.sol inherits from CrossDomainMessager.sol and...

Py-EVM is vulnerable to arbitrary bytecode injection

Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.executebytecode call that triggers computation.stack.values with '"stack": 100, 100, 0' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed...

CVE-2018-18920

Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.executebytecode call that triggers computation.stack.values with '"stack": 100, 100, 0' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed...