280 matches found
No check for active Arbitrum Sequencer
Lines of code Vulnerability details Impact If the Arbitrum sequencer goes down, the stale ratio will be used during the swap. Proof of Concept readChainlinkFeed gets the price from chainlink oracle and the ratio is used during the swap. function readChainlinkFeed uint256 quoteAmount,...
The function will not work properly on Optimism due to use of block.number
Lines of code Vulnerability details Impact On Optimism, the block.number is not a reliable source of timing information and the time between each block is also different from Ethereum. This is because each transaction on L2 is placed in a separate block and blocks are not produce at a constant...
Attacker can steal CrossDomainMessenger and OptimismPortal token balances or tokens of anyone give approval for those contracts
Lines of code Vulnerability details Impact Contracts CrossDomainMessenger and OptimismPortal are part of the bridge protocol and they are responsible for sending messages between two network. they both call arbitrary address with arbitrary data that user specified and it would give attacker to...
CrossDomainMessenger relayMessage Vulnerability
Lines of code Vulnerability details Impact The vulnerability allows an attacker to manipulate the sender address sender parameter when relaying a message from Layer 2 L2 to Layer 1 L1 in a cross-domain scenario. The issue arises due to the use of the L2CrossDomainMessenger contract address...
kernel: rtw89: ser: fix CAM leaks occurring in L2 reset
In the Linux kernel, the following vulnerability has been resolved: rtw89: ser: fix CAM leaks occurring in L2 reset The CAM, meaning address CAM and bssid CAM here, will get leaks during SER system error recover L2 reset process and ieee80211restarthw which is called by L2 reset process eventuall...
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2023-1759)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In TBD of TBD, there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with n...
Measuring the withdrawal delay in block production time won't work properly on chains where the production time is not 12 seconds
Lines of code Vulnerability details Proof of Concept For withdrawals other than beaconChainETH, the variables withdrawalDelayBlocks and MAXWITHDRAWALDELAYBLOCKS will be used to enforce a delay for withdrawals in StrategyManager.sol. Currently MAXWITHDRAWALDELAYBLOCKS is set to 50400. uint256 publ...
Ubuntu 20.04 LTS : Linux kernel (BlueField) vulnerabilities (USN-6020-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6020-1 advisory. It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use...
CVE-2023-28368
TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQUNV11.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential...
Design/Logic Flaw
TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQUNV11.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential...
CVE-2023-28368
The CVE concerns TP-Link L2 switch T2600G-28SQ. Affected firmware versions prior to T2600G-28SQ(UN)_V1_1.0.6 Build 20230227 use vulnerable SSH host keys, enabling a fake device to spoof the legitimate unit. If an administrator is tricked into logging into the impersonator, credential information ...
CVE-2023-28368
TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQUNV11.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential...
Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-5985-1)
The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5985-1 advisory. It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use...
Upgraded Q -> 2 from #215 [1679863603573]
Judge has assessed an item in Issue 215 as 2 risk. The relevant finding follows: L1 + L2 --- The text was updated successfully, but these errors were encountered: All reactions...
[bootloader] A bytecode hash without the bytecode (preimage) can be marked as known, breaking the prover
Lines of code Vulnerability details This is a report of a finding in bootloader.yul. While the file is out of scope of the contest, the sponsor stated that they would still accept findings in the file and would judge them separately from the contest. Impact A bytecode hash for which the bytecode...
Sending L2 ---> L1 message without paying gas for published data due to uint256 overflow
Lines of code Vulnerability details Impact Due to this bug, a user can send arbitrarily long messages greater than a certain length from L2 to L1 without paying for the gas that is required for publishing data on L1. Proof of Concept Below is a PoC contract called "Test" that illustrates the bug...
Possible loss of funds when withdrawing from L2 to L1
Lines of code Vulnerability details Impact Context To initiate a withdrawal from L2 to L1, a user can call L2EthToken.withdraw method, then funds will be available to calim on L1 via finalizeEthWithdrawal method of MailboxFacet. function withdrawaddress l1Receiver external payable override The...
Attacker could potentially burn the token balance of totalSupply and L2EthContract
Lines of code Vulnerability details Impact Attacker potentially can burn all L2EthContract and totalSupply tokens Proof of Concept function withdrawaddress l1Receiver external payable override uint256 amount = msg.value; // Silent burning of the ether unchecked balanceaddressthis -= amount;...
No check for active sequencer
Lines of code Vulnerability details Impact The protocol will operate at the previous stale rates. Proof of Concept Chainlink recommends that all Optimistic L2 oracles consult the Sequencer Uptime Feed to ensure that the sequencer is live before trusting the data returned by the oracle, even if...
K11546763: Linux kernel vulnerability CVE-2021-3653
Security Advisory Description A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "intctl" field, this...