15 matches found
Continuous Discovery of Vulnerabilities in LLM Serving Systems with Fuzzing
LLM inference and serving systems have become security-critical infrastructure; however, many of their most concerning failures arise from the serving layer rather than from model behavior alone. Modern inference engines combine KV cache, batching, prefix sharing, speculative decoding, adapters,...
MAL-2025-35451 Malicious code in test-mlw2-grief-vulns (npm)
The package test-mlw2-grief-vulns was found to contain malicious code...
Malicious code in @malware-test-taras-hewer-grief-preys/test-mlw3-taras-hewer-grief-preys (npm)
The package @malware-test-taras-hewer-grief-preys/test-mlw3-taras-hewer-grief-preys was found to contain malicious code...
Malicious code in test-mlw2-grief-vulns (npm)
The package test-mlw2-grief-vulns was found to contain malicious code...
MAL-2025-8993 Malicious code in @malware-test-taras-hewer-grief-preys/test-mlw3-taras-hewer-grief-preys (npm)
The package @malware-test-taras-hewer-grief-preys/test-mlw3-taras-hewer-grief-preys was found to contain malicious code...
griefer can create maximum length time locks for other users with only dust
Lines of code Vulnerability details Description veOLAS is the voting token for the OLAS protocol. It functions like the curve.fi voting token in that a user gets more votes the longer they lock their tokens. A user can create a lock for themselves or have another user create a lock for them, usin...
Attacker can Grief The Call to depositAsset Making It Impossible For The Victim To Deposit
Lines of code Vulnerability details Impact The attacker can grief the victim , making him unable to deposit asset into the pool. Proof of Concept The attack flow is as follows - Alice decides to deposit assets into the LRTDepositPool.sol , she calls depositPool here At L152 the function makes the...
griefrecoverymethod.com Cross Site Scripting vulnerability OBB-3770967
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
M-02 Unmitigated
Lines of code Vulnerability details Comments In the previous implementation a malicious user could set arbitrary vault hooks for afterClaimPrize and beforeClaimPrize that could be used to gas grief the claimer or cause other claims in the same call to fail by deliberately reverting Mitigation The...
Users with DEPLOY permission can grief each other through CREATE2
Lines of code Vulnerability details Bug Description In ERC725XCore.sol, the deployCreate2 function uses Openzeppelin's Create2.deploy to deploy new contracts: ERC725XCore.solL253-L267 function deployCreate2 uint256 value, bytes memory creationCode internal virtual returns bytes memory newContract...
ETHCrowdfundBase#_calculateRefundAmount can return too many funds to users and brick refunds
Lines of code Vulnerability details Impact Malicious user can honeypot and grief users causing loss of funds Proof of Concept ETHCrowdfundBase.solL227-L230 if fundingSplitRecipient != address0 && fundingSplitBps 0 uint96 feeAmount = amount fundingSplitBps / 1e4; amount -= feeAmount; When a user...
Grief on transfers due to vestingStart during vesting
Lines of code Vulnerability details Impact Past similar finding with the same severity: code-423n4/2022-05-runes-findings30 While centralization risk is acknowledged by the team & the C4udit tool: this may lead to loss of functionality grief. Proof of concept There is no requirement for the start...
Attackers can call update and grief the users from swapping tokens
Lines of code Vulnerability details Impact Attackers can call update and grief the users from swapping tokens An attacker can specify reserve0 and revsere1 in update function and make it very small number and the user will have to supply zero tokens otherwise the function will fail. mitigation :...
Nearly 34 Ransomware Variants Observed in Hundreds of Cyberattacks in Q4 2021
As many as 722 ransomware attacks were observed during the fourth quarter of 2021, with LockBit 2.0, Conti, PYSA, Hive, and Grief emerging as the most prevalent strains, according to new research published by Intel 471. The attacks mark an increase of 110 and 129 attacks from the third and second...
Calling generateFLNQuote twice in every block prevents any migration
Handle camden Vulnerability details Impact and PoC In the Uniswap helper, generateFLNQuote is public, so any user can generate the latest quote. If you call this twice in any block, then the two latest flan quotes will have a blockProduced value of the current block's number. These quotes are use...