Lucene search
K

14 matches found

The Hacker News
The Hacker News
added 2026/04/23 1:17 p.m.8 views

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes. The supply chain is messy. Packages you did not check are stealing data, adding backdoors, and spreading. Attacking the...

9.8CVSS8.2AI score0.06996EPSS
Exploits6
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/20 6:16 p.m.4 views

Malicious code in layerzero-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e38548e48278e6b84fe1732117aef2c443aee26ea8e5694692002fe7342e1e30 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
OSV
OSV
added 2024/12/20 6:16 p.m.11 views

MAL-2024-12077 Malicious code in layerzero-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e38548e48278e6b84fe1732117aef2c443aee26ea8e5694692002fe7342e1e30 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
HackRead
HackRead
added 2024/03/28 2:29 p.m.10 views

Masa Network Integrates with LayerZero to Power Its Cross-chain AI Data Network

By Waqas Masa Network’s AI Data Marketplace will be an interoperable network for the world’s personal data, launching across multiple blockchains from day one. This is a post from HackRead.com Read the original post: Masa Network Integrates with LayerZero to Power Its Cross-chain AI Data Network...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.70 views

LayerZero endpoint can get blocked by a malicious user (or even a honest one)

Lines of code Vulnerability details Description Contract Endpoint, from LayerZero is the one responsible of sending/receiving messages to/from other chains. Specifically it has function receivePayload, which is called by contract UltraLightNodeV2 the current default library of the protocol after...

7.5AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.24 views

Gas that was sent by LayerZero can get stuck in the contract in some cases

Lines of code Vulnerability details If a tx on the destination chain calls back the chain from where the transaction was initiated by the user, the first transaction on the source chain needs to "airdrop" gas to the destination chain so it is able to call back the source chain. The problem is tha...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.9 views

Incorrect srcAddress check renders all layerzero messages unusable

Lines of code Vulnerability details Impact The source address of LayerZero messages is validated on a wrong part of the calldata, which will cause all cross-chain-messages to fail on a live deployment. Proof of Concept The receivers of cross-chain-messages BranchBridgeAgent and RootBridgeAgent bo...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.18 views

User can selectively turn on the fallback flag to take all ETH on the agent contract as layerzero fee refund

Lines of code Vulnerability details Impact performFallbackCall can revert sliently when refundee is not capable of taking ETH refund from layerzero side Proof of Concept In RootBridgeAgent.sol when the has fall back toggle flag is on, the smart contract aim to perform a fallback call to notify th...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.28 views

Lack of force resume support for LZ which is crucially important to have

Lines of code Vulnerability details Impact The User Application LZReceiver should implement the ILayerZeroUserApplicationConfig interface which includes the forceResumeReceive function. This is very important as in the worst case, it can allow the owner to unblock the queue of messages if somethi...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.11 views

ChainLink should be used as an Oracle for messaging instead of Google Cloud

Lines of code Vulnerability details Impact Each User Application contract e.g. BranchBidgeAgent built on LayerZero will work without configuration using defaults, but a UA will also be able to configure its own. Maia intends to use the default config. However, Google Cloud Oracle is the default a...

6.8AI score
Exploits0
HackRead
HackRead
added 2023/05/30 8:2 p.m.13 views

Tenet and LayerZero Forge Cross-Chain LSD Adoption

By Owais Sultan Tenet and LayerZero Partner to Pioneer Cross-Chain Liquidity for Liquid Staking Derivatives. This is a post from HackRead.com Read the original post: Tenet and LayerZero Forge Cross-Chain LSD Adoption...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/25 12:0 a.m.16 views

LayerZero Channel can be blocked by an attacker

Lines of code Vulnerability details Impact According to the LayerZero docs, the default behavior is that when a transaction on the destination application fails, the channel between the source and destination is blocked. Before any new transactions can be executed, the failed transaction has to b...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/29 12:0 a.m.10 views

Attacker can block LayerZero channel

Lines of code Vulnerability details Impact According to the LayerZero docs, the default behavior is that when a transaction on the destination application fails, the channel between the src and dst app is blocked. Before any new transactions can be executed, the failed transaction has to be retri...

6.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2021/12/14 9:47 p.m.16 views

@0xwen/core (>=0.0.1 <=0.0.3), @0xwen/core-v5 (>=0.0.1 <=0.0.3) +128 more potentially affected by CVE-2021-46320 +1 more via @openzeppelin/contracts-upgradeable (>=3.4.0 <=4.3.3)

@openzeppelin/contracts-upgradeable NPM version =3.4.0, =0.0.1, =0.0.1, =0.0.2, =0.0.1, =2.0.0, =3.0.0-alpha0, =2.0.0, =3.0.1-alpha, =1.0.0, =1.0.0-beta.0, =1.0.0, =1.0.4 and more Source cves: CVE-2021-46320, CVE-2022-39384 Source advisory: OSV:GHSA-9C22-PWXW-P6HX...

7.5CVSS6.6AI score0.01217EPSS
Exploits0
Rows per page
Query Builder