Lucene search
+L

138 matches found

OSV
OSV
•added 2022/10/31 1:3 a.m.•7 views

MAL-2022-3560 Malicious code in hardhat-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d413678735916efe26eb4cd4c106907b9e0fdce0f0bd3c41706a4a64e9b9139 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
•added 2022/10/31 1:3 a.m.•5 views

MAL-2022-3561 Malicious code in hardhat-modern (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 364a19411c6fa78338bfd1eb9f6987f560554219e531430448430f84c4ecb947 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2022/10/27 12:44 a.m.•2 views

Malicious code in modern-hardhat (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 96c131c39f2ccb7fe9bbb345454bfd7e287a9e8f2340eab60bb225d75be91833 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
•added 2022/10/27 12:44 a.m.•7 views

MAL-2022-4662 Malicious code in modern-hardhat (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 96c131c39f2ccb7fe9bbb345454bfd7e287a9e8f2340eab60bb225d75be91833 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Code423n4
Code423n4
•added 2022/10/10 12:0 a.m.•14 views

execute does not work for ERC1155 tokens orders where amount > 1

Lines of code Vulnerability details Impact StandardPolicyERC1155 functions canMatchMakerBid and canMatchMakerBid always return amount == 1, regardless of the function arguments. This means that calling execute on an agreed order of ERC1155 token with an amount 1 will always transfer amount == 1 o...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/08/27 12:0 a.m.•14 views

Multiple storage slot collisions between versions - due to different order in declaration

Lines of code Vulnerability details Impact If we list the sequence of how variables receive slots, we will see the failure to follow "append-only" principle. Many variable added "in-between" V2 version can read/write wrong slots. Proof of Concept Here is the table/list of variable, built taking...

6.9AI score
Exploits0
Snyk
Snyk
•added 2022/08/19 8:11 a.m.•2 views

Malicious Package

Overview hardhat-cover is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score
Exploits0References3
Code423n4
Code423n4
•added 2022/08/17 12:0 a.m.•8 views

interest rate calculate vulnerability

Lines of code Vulnerability details Impact function addinterst uses the interest rate immediately generated by the current block first transaction calculated,it will cause some interest lose. Proof of Concepmt function addinterst uses the interest rate immediately generated by the current block t...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/08/07 12:0 a.m.•12 views

Registry.sol works bad - it fails to delivere expected functionality

Lines of code Vulnerability details Impact The description of Registry.sol is following: /// Deploys new proxies via the factory and keeps a registry of owners to proxies. Owners can only /// have one proxy at a time. But it is not. There are multiple problems: 1. Proxy owner can change and will...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/07/19 12:0 a.m.•12 views

[PNM-002] The expiry of the parent node can be smaller than the one of a child node, violating the guarantee policy

Lines of code Vulnerability details Description By design, the child node's expiry can only be extended up to the parent's current one. Adding these restrictions means that the ENS users only have to look at the name itself's fuses and expiry without traversing the hierarchy to understand what...

7AI score
Exploits0
Code423n4
Code423n4
•added 2022/07/08 12:0 a.m.•12 views

State Variable Shadowing

Lines of code Vulnerability details Impact Check: shadowing-state Severity: High Confidence: High It is possible to use the same variable twice in Solidity, but it can lead to unintended side effects.The TestAllowance.sol contract inherits from TesTBaseWorkflow.sol. In the TestAllowance.sol...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/07/01 12:0 a.m.•6 views

Non view function is called with staticcall in CErc20Delegator

Lines of code Vulnerability details Impact When using CToken implementation with CErc20Delegator, the functions borrowRatePerBlock and supplyRatePerBlock will revert when the underlying functions try to update some states. Detail The v1 of borrowRatePerBlock and supplyRatePerBlock were view...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/26 12:0 a.m.•15 views

Unused Return

Lines of code Vulnerability details Impact Configuration Check: unused-return Severity: Medium Confidence: Medium Description: The return value of this external call is not stored in a local or state variable. Unused return values of function calls are indicative of programmer errors which may ha...

6.5AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/26 12:0 a.m.•17 views

Yieldy: WarmUp expiry can be prolonged by staking from somebody else

WarmUp expiry can be prolonged by staking from somebody else Staking.sol:406 Staking.sol:439-444 Staking.sol:691 Impact When warmUpPeriod is greater than 1, a third person can stake to the victim to prolong the warmUp expiry. The expiry prolongation also happens with cool down, although a third...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/02 12:0 a.m.•13 views

Value Overflow in FulfillmentApplier.sol

Lines of code Vulnerability details Value Overflow in FulfillmentApplier.sol Repo commit referenced: 49799ce156d979132c9924a739ae45a38b39ecdd Impact In aggregateValidFulfillmentOfferItems Line 274 and aggregateValidFulfillmentConsiderationItems Line 571 a variable errorBuffer has been defined as ...

7.3AI score
Exploits0
Github Security Blog
Github Security Blog
•added 2022/03/14 11:22 p.m.•40 views

Inconsistent storage layout for ERC2771ContextUpgradeable

Impact The storage layout of the ERC2771ContextUpgradeable is not constant between versions. - versions 4.0.0, 4.1.0 and 4.2.0, the contract has a length of 51 slots. - since 4.3.0, the contract has a length of 50 slots - future versions will continue using 50 slots. This difference in layout cou...

0.3AI score
Exploits0References3Affected Software1
OSV
OSV
•added 2022/03/14 11:22 p.m.•29 views

GHSA-7J52-6FJP-58GR Inconsistent storage layout for ERC2771ContextUpgradeable

Impact The storage layout of the ERC2771ContextUpgradeable is not constant between versions. - versions 4.0.0, 4.1.0 and 4.2.0, the contract has a length of 51 slots. - since 4.3.0, the contract has a length of 50 slots - future versions will continue using 50 slots. This difference in layout cou...

7.1AI score
Exploits0References3
Code423n4
Code423n4
•added 2022/02/02 12:0 a.m.•10 views

generateFLNQuote() can be used to prevent migration()

Handle GeekyLumberjack Vulnerability details Impact generateFLNQuote can be used to always cause migrate to revert. Effectively ending one of Behodler's main function's operability. Migration is core to Behodler economics. Proof of Concept 1. Attacker would write a script to call generateFLNQuote...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/01/10 12:0 a.m.•9 views

Griefing attack can prevent almost all activity in a pool

Handle harleythedog Vulnerability details Impact Consider the mint function in TimeswapPair.sol. The caller of this function is able to freely specify xIncrease, yIncrease and zIncrease. In particular, it is possible to specify xIncrease and zIncrease to be extremely small values e.g. 1 wei, whil...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/01/10 12:0 a.m.•12 views

Manipulation of the Y State Results in Interest Rate Manipulation

Handle Rhynorater Vulnerability details Impact Due to lack of constraints on user input in the TimeswapPair.solmint function, an attacker can arbitrarily modify the interest rate while only paying a minimal amount of Asset Token and Collateral Token. Disclosure: This is my first time attempting...

6.8AI score
Exploits0
Rows per page
Query Builder