Lucene search
K

9 matches found

Snyk
Snyk
added 2026/01/28 4:33 p.m.4 views

Malicious Package

Overview gravity-bridge-site is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/24 5:55 p.m.2 views

Malicious code in gravity-bridge-site (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ae232ba265c5a6f6819814f2baf364c618baaaac7305273d18133f5eebab1f95 The OpenSSF Package Analysis project identified 'gravity-bridge-site' @ 1.1.0 npm as malicious. It is considered malicious because: - The packag...

6.9AI score
Exploits0
OSV
OSV
added 2024/12/24 5:55 p.m.9 views

MAL-2024-12118 Malicious code in gravity-bridge-site (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ae232ba265c5a6f6819814f2baf364c618baaaac7305273d18133f5eebab1f95 The OpenSSF Package Analysis project identified 'gravity-bridge-site' @ 1.1.0 npm as malicious. It is considered malicious because: - The packag...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/06/23 12:0 a.m.12 views

Canto pool could be drained.

Lines of code Vulnerability details Impact It was written that there a limit for 10 USDC /10 USDT /0.01 ETH, which currently equals to 10 USDT/ 10 USDC/ 18 USDT almost. These limits are for 4 Canto. Which means code accepts the Canto price at max: 2,5 USDC or equavalent. It is also written in the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/05/09 12:0 a.m.13 views

Attackers can prevent the transfer of the highest-value Cosmos to Ethereum transactions

Lines of code Vulnerability details In order to ensure that profitable batches are eventually created we must avoid locking up the high fee 'good transactions' into obviously bad batches. To add to the difficulty we don't actually know what any token in this process is worth or what ETH gas costs...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2022/05/09 12:0 a.m.12 views

Administrators can rug users

Lines of code Vulnerability details The Cudos Network is a special-purpose blockchain designed to provide high-performance, trustless, and permissionless cloud computing for all. To be considered trustless, both the incentives and the code must be aligned to prevent the possibility of...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/05/09 12:0 a.m.25 views

ERC20 tokens with before/afterTokenTransfer hooks can be manipulated to cause submitBatch to fail

Lines of code Vulnerability details Impact Currently submitBatch processes a batch of Cosmos to Ethereum transactions. As part of this method ERC20 tokens are transferred to the desired destination from the Gravity bridge, as approved by the current validator set. For ERC20 tokens without a...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/05/09 12:0 a.m.9 views

Admin has ability to rugpull all tokens

Lines of code Vulnerability details Impact Currently it is possible for the admin to pull all tokens belonging to the Gravity bridge. In normal circumstances this is probably fine, but if the admin account were compromised this would lead to the bridge being drained of locked funds. Furthermore, ...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/08/26 12:0 a.m.25 views

Arbitrary Logic Enables ERC20 Theft

Handle ElliotFriedman Vulnerability details Severe Issue: ERC20 Token Theft Using Arbitrary Logic There are 2 ways that this bug can be used to drain funds from the bridge. Both are catastrophic and result in total loss of funds. The 1st method is horrible, the second method is diabolical as it c...

7.1AI score
Exploits0
Rows per page
Query Builder