36 matches found
CVE-2021-41153
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a...
CVE-2019-16761
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions 1.0....
CVE-2019-16762
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to...
EUVD-2019-0725
Malware in sbrugna...
EUVD-2019-0765
Malware in sbrugna...
GHSA-M9C9-MC2H-9WJW Lodestar snappy checksum issue
Impact Unintended permanent chain split affecting greater than or equal to 25% of the network, requiring hard fork network partition requiring hard fork Lodestar does not verify checksum in snappy framing uncompressed chunks. Vulnerability Details In Req/Resp protocol the messages are encoded by...
Lodestar snappy checksum issue
Impact Unintended permanent chain split affecting greater than or equal to 25% of the network, requiring hard fork network partition requiring hard fork Lodestar does not verify checksum in snappy framing uncompressed chunks. Vulnerability Details In Req/Resp protocol the messages are encoded by...
GHSA-53RV-HCVM-RPP9 Lodestar snappy decompression issue
Impact Unintended permanent chain split affecting greater than or equal to 25% of the network, requiring hard fork network partition requiring hard fork Description Lodestar client may fail to decode snappy framing compressed messages. Vulnerability Details In Req/Resp protocol the message are...
Lodestar snappy decompression issue
Impact Unintended permanent chain split affecting greater than or equal to 25% of the network, requiring hard fork network partition requiring hard fork Description Lodestar client may fail to decode snappy framing compressed messages. Vulnerability Details In Req/Resp protocol the message are...
GHSA-V6RW-HHGG-WC4X Evmos vulnerable to DOS and transaction fee expropiation through Authz exploit
Impact What kind of vulnerability is it? Who is impacted? An attacker can use this bug to bypass the block gas limit and gas payment completely to perform a full Denial-of-Service against the chain. Disclosure Evmos versions below v11.0.1 do not check for MsgEthereumTx messages that are nested...
Replay Attack because EIP712 DOMAIN_SEPARATOR stored as immutable
Lines of code Vulnerability details Impact Loss of fund due to replay attacks. Approvals made on one chain could be replayed when there is a fork without owner's consent. Proof of Concept The issue is in the ERC1155PermitSignatureExtension.sol which is inherited by the OceanERC1155.sol and...
Upgraded Q -> M from #34 [1670783427149]
Judge has assessed an item in Issue 34 as M risk. The relevant finding follows: Selfdestruct is prone to being changed in a future hard fork --- The text was updated successfully, but these errors were encountered: All reactions...
DeFiChain’s Grand Central Hard Fork Is Now LIVE
By Deeba Ahmed It is time to welcome a brand-new token consortium and on-chain governance framework, Grand Central hard fork, to… This is a post from HackRead.com Read the original post: DeFiChain’s Grand Central Hard Fork Is Now LIVE...
Upgraded Q -> M from 42 [1666367610163]
Judge has assessed an item in Issue 42 as Medium risk. The relevant finding follows: Permit signature replay across forks Details: GolomTrader.sol defines chainId at contract deployment without reconstructing it for every signature. However, as stated in the security considerations section of...
Chain ID Is Not Resistant To Hard Fork and Other Token Supports In The Oracle Contract
Lines of code Vulnerability details Impact During the code review, It has been observed only the following chain ids are supported for the chainlink. 1 and 42 - The contracts are not upgradeable therefore If there is any hard fork or new chain support, the contract should be deployed again with...
GHSA-PVH2-PJ76-4M96 Specification non-compliance in JUMPI
Impact In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. Patches This is a high severity security advisory if you use evm crate for...
CVE-2021-41153
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a...
CVE-2021-41153 Specification non-compliance in JUMPI
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a...
Ethereum Contains Consensus Flaw During Block Processing
Impact A vulnerability in the Geth EVM could cause a node to reject the canonical chain. Description A memory-corruption bug within the EVM can cause a consensus error, where vulnerable nodes obtain a different stateRoot when processing a maliciously crafted transaction. This, in turn, would lead...
GHSA-9856-9GG9-QCMQ Ethereum Contains Consensus Flaw During Block Processing
Impact A vulnerability in the Geth EVM could cause a node to reject the canonical chain. Description A memory-corruption bug within the EVM can cause a consensus error, where vulnerable nodes obtain a different stateRoot when processing a maliciously crafted transaction. This, in turn, would lead...