EUVD-2024-37397

Malicious code in bioql PyPI...

EUVD-2024-35250

Malicious code in bioql PyPI...

CVE-2024-38533

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version 1.5.0...

CVE-2024-38533

The CVE-2024-38533 entry concerns ZKsync Era, a Layer 2 rollup for Ethereum. The issue is an invalid stack access caused by addresses used to access the stack not being properly converted to cells. Affected versions are prior to 1.5.0; the vulnerability is mitigated by upgrading to version 1.5.0....

CVE-2024-38533 ZKsync Era invalid stack addressing conversion

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version 1.5.0...

CVE-2024-35229

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern fa,b; checkifaexecutedlast in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a...

CVE-2024-35229

CVE-2024-35229 concerns ZKSync Era (Matter Labs) prior to v1.3.10. A bug in the evaluation order of Yul function arguments is triggered by the pattern f(a(),b()); check_if_a_executed_last(), exposing a vulnerability in how arguments are evaluated. The issue has been fixed in v1.3.10. Affected dep...

CVE-2024-35229 ZKsync Era evaluation order of Yul function arguments

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern fa,b; checkifaexecutedlast in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a...

CVE-2024-35229 ZKsync Era evaluation order of Yul function arguments

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern fa,b; checkifaexecutedlast in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a...

CVE-2023-46232

The CVE concerns era-compiler-vyper (EraVM Vyper compiler for zkSync Era). Before 1.3.10, a bug in initialization of the first immutable variable for Vyper contracts could occur when a String or Array allocates more 256‑bit words than are initialized; the second word’s index could be left unset (...

CVE-2023-46232 era-compiler-vyper First Immutable Variable Initialization vulnerability

era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype version 1.3.10, a bug prevented the initialization of the first immutable variable for Vyper contracts meeting certain criteria. The proble...