GHSA-Q6HG-6M9X-5G9C Evmos vulnerable to exploit of smart contract account and vesting

Summary This advisory board aims to describe two vulnerabilities found in the Evmos codebase: - Authorization check on the fundVestingAccount: unauthorized spend of funds. Details Authorization check on the fundVestingAccount With the current implementation, a user can create a vesting account wi...

OpenZeppelin Contracts base64 encoding may read from potentially dirty memory

Impact The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. Although the encode function pads the output for these cases, up to 4 bits o...

Crypto Industry Lost $685 Million in Q3 2023, 30% by Lazarus Group

By Waqas Immunefi Crypto Losses Report: Q3 2023 Sees Highest Losses of the Year. This is a post from HackRead.com Read the original post: Crypto Industry Lost $685 Million in Q3 2023, 30% by Lazarus Group...

GHSA-M6W8-FQ7V-PH4M GovernorCompatibilityBravo incorrect ABI encoding may lead to unexpected behavior

Impact The GovernorCompatibilityBravo module may lead to the creation of governance proposals that execute function calls with incorrect arguments due to bad ABI encoding. This happens if the proposal is created using explicit function signatures, e.g. a proposal to invoke the function foouint256...

GHSA-F854-HPXV-CW9R Drainage of FeeCollector's Block Transaction Fees in cronos

Impact In Cronos nodes running versions before v0.6.5, it is possible to take transaction fees from Cosmos SDK's FeeCollector for the current block by sending a custom crafted MsgEthereumTx. User funds and balances are safe. Patches This problem has been patched in Cronos v0.6.5 on the mempool...

GHSA-9C22-PWXW-P6HX OpenZeppelin Contracts initializer reentrancy may lead to double initialization

Impact Initializer functions that are invoked separate from contract creation the most prominent example being minimal proxies may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in plac...

TimelockController vulnerability in OpenZeppelin Contracts

Impact A vulnerability in TimelockController allowed an actor with the executor role to take immediate control of the timelock, by resetting the delay to 0 and escalating privileges, thus gaining unrestricted access to assets held in the contract. Instances with the executor role set to "open"...

TimelockController vulnerability in OpenZeppelin Contracts

Impact A vulnerability in TimelockController allowed an actor with the executor role to take immediate control of the timelock, by resetting the delay to 0 and escalating privileges, thus gaining unrestricted access to assets held in the contract. Instances with the executor role set to "open"...