44 matches found
CVE-2026-59695
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet in a single request by naming an arbitrarily high gas price. When the mpp Elixir library is configured as fee payer feepayer: true,...
CVE-2026-59695
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet in a single request by naming an arbitrarily high gas price. When the mpp Elixir library is configured as fee payer feepayer: true,...
CVE-2026-59695 Unbounded max_fee_per_gas in mpp Tempo fee-payer enables single-request wallet drain
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet in a single request by naming an arbitrarily high gas price. When the mpp Elixir library is configured as fee payer feepayer: true,...
CVE-2026-59695
Vulnerability summary (CVE-2026-59695). The ZenHive mpp Elixir library, when configured as a fee payer (fee_payer: true), is vulnerable to an unauthenticated remote client that can drain the fee-payer wallet in a single request. The root cause is improper validation in MPP.Tempo.Transaction.cosig...
CVE-2026-59695 Unbounded max_fee_per_gas in mpp Tempo fee-payer enables single-request wallet drain
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet in a single request by naming an arbitrarily high gas price. When the mpp Elixir library is configured as fee payer feepayer: true,...
EUVD-2025-22951
Malicious code in bioql PyPI...
CVE-2025-54427
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...
CVE-2025-54427
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...
CVE-2025-54427 Polkadot Frontier contains missing `check_inherent` for `note_min_gas_price_target` inflates gas price
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...
CVE-2025-54427
CVE-2025-54427 (Polkadot Frontier) : The vulnerability affects Polkadot Frontier’s note_min_gas_price_target intrinsic. Before commit a754b3d, the check_inherent function was not implemented, allowing the block producer to set the target gas price without verification. This input drives MinGasPri...
CVE-2025-54427 Polkadot Frontier contains missing `check_inherent` for `note_min_gas_price_target` inflates gas price
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...
CVE-2025-54427 Polkadot Frontier contains missing `check_inherent` for `note_min_gas_price_target` inflates gas price
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...
PT-2025-31152 · Parity Technologies · Polkadot Frontier
Name of the Vulnerable Software and Affected Versions: Polkadot Frontier versions prior to a754b3d Description: Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The note min gas price target extrinsic is an inherent extrinsic, callable only by the block...
Polkadot Frontier 代码问题漏洞
Polkadot Frontier is a Polkadot EVM open source application that provides an Ether VM compatibility layer. A code issue vulnerability exists in previous versions of Polkadot Frontier a754b3d that stems from an unimplemented checkinherent function of notemingaspricetarget, which could lead to Gas...
Unraveling Ethereum'S Mempool: the Impact of Fee Fairness, Transaction Prioritization, and Consensus Efficiency
Ethereum's transaction pool mempool dynamics and fee market efficiency critically affect transaction inclusion, validator workload, and overall network performance. This research empirically analyzes gas price variations, mempool clearance rates, and block finalization times in Ethereum's...
CVE-2022-23327
A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node's memory pool, causing a denial of service DoS...
Front-Running Vulnerability: Exploiting Reward Updates for Maximized Payouts
Lines of code Vulnerability details Impact Malicious users claim rewards at a higher rate than what was intended by front-running governance actions meant to reduce rewards. This allows them to claim rewards at a higher rate than what was intended, undermining the protocol's intended economic...
anyone with valid token address can create DOS for accrueInterest() in prime.sol
Lines of code Vulnerability details Impact anyone or attacker with valid token address can create DOSdenial of service for accrueInterest and functions using accrueInterest in prime.sol Proof of Concept a function accrueTokens in PrimeLiquidityProvider.sol has visibility pubic,it means anyone can...
Auctions run at significantly different speeds for different prize tiers
Lines of code Vulnerability details Comments The V5 implementation delegates the task of claiming prizes to a network of claimers. The fees received by a claimer are calculated based on a dutch auction and limited based on the prize size of the highest tier the smallest prize. As a result, it is...
SETTING block.timestamp AS THE DEADLINE COULD LEAD TO HIGHER RATE OF FAILED TRANSACTIONS
Lines of code Vulnerability details Impact The OptionsPositionManager.swapExactTokensForTokens function is used to swap assets for exact assets. Here the exact amount of source token is swapped for an amount of target token. The function uses the IUniswapV2Router01.swapExactTokensForTokens call f...