9 matches found
Malicious Package
Overview gravity-bridge-site is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in gravity-bridge-site (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ae232ba265c5a6f6819814f2baf364c618baaaac7305273d18133f5eebab1f95 The OpenSSF Package Analysis project identified 'gravity-bridge-site' @ 1.1.0 npm as malicious. It is considered malicious because: - The packag...
MAL-2024-12118 Malicious code in gravity-bridge-site (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ae232ba265c5a6f6819814f2baf364c618baaaac7305273d18133f5eebab1f95 The OpenSSF Package Analysis project identified 'gravity-bridge-site' @ 1.1.0 npm as malicious. It is considered malicious because: - The packag...
Canto pool could be drained.
Lines of code Vulnerability details Impact It was written that there a limit for 10 USDC /10 USDT /0.01 ETH, which currently equals to 10 USDT/ 10 USDC/ 18 USDT almost. These limits are for 4 Canto. Which means code accepts the Canto price at max: 2,5 USDC or equavalent. It is also written in the...
Attackers can prevent the transfer of the highest-value Cosmos to Ethereum transactions
Lines of code Vulnerability details In order to ensure that profitable batches are eventually created we must avoid locking up the high fee 'good transactions' into obviously bad batches. To add to the difficulty we don't actually know what any token in this process is worth or what ETH gas costs...
Administrators can rug users
Lines of code Vulnerability details The Cudos Network is a special-purpose blockchain designed to provide high-performance, trustless, and permissionless cloud computing for all. To be considered trustless, both the incentives and the code must be aligned to prevent the possibility of...
ERC20 tokens with before/afterTokenTransfer hooks can be manipulated to cause submitBatch to fail
Lines of code Vulnerability details Impact Currently submitBatch processes a batch of Cosmos to Ethereum transactions. As part of this method ERC20 tokens are transferred to the desired destination from the Gravity bridge, as approved by the current validator set. For ERC20 tokens without a...
Admin has ability to rugpull all tokens
Lines of code Vulnerability details Impact Currently it is possible for the admin to pull all tokens belonging to the Gravity bridge. In normal circumstances this is probably fine, but if the admin account were compromised this would lead to the bridge being drained of locked funds. Furthermore, ...
Arbitrary Logic Enables ERC20 Theft
Handle ElliotFriedman Vulnerability details Severe Issue: ERC20 Token Theft Using Arbitrary Logic There are 2 ways that this bug can be used to drain funds from the bridge. Both are catastrophic and result in total loss of funds. The 1st method is horrible, the second method is diabolical as it c...