17 matches found
Malicious code in solhint-plugin-lido-csm (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f4e1653573c57f50f3e9d72fc8293e9051133742e8ea749ca7dda26c7eb89375 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-6333 Malicious code in solhint-plugin-lido-csm (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f4e1653573c57f50f3e9d72fc8293e9051133742e8ea749ca7dda26c7eb89375 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-12153 Malicious code in lido-on-ethereum (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a3bb60770096d192fa10be6d8db3cb1a517989c512244db517590cf115f7a69 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in lido-on-ethereum (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a3bb60770096d192fa10be6d8db3cb1a517989c512244db517590cf115f7a69 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-9689 Malicious code in lido-mev-monitoring (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in lido-mev-monitoring (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in lido-council-daemon (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 99bf57f31f9431fe457ef726885325190325ba8e48b1adc3b4c0b599405554b6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-9688 Malicious code in lido-council-daemon (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 99bf57f31f9431fe457ef726885325190325ba8e48b1adc3b4c0b599405554b6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Mitigation of M-05: Issue not mitigated, mitigation errors
MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-05: Issue not mitigated, mitigation errors Link to Issue: code-423n4/2023-03-asymmetry-findings812 Comments The issue describes missing checks associated with staking requirements for the WstEth and Reth derivative. The...
Malicious code in lido-dao-test-dp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8b3cda81343e26318448ae8ce053a04b74276f2e99a2af6cdb288720e87fa6e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4305 Malicious code in lido-dao-test-dp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8b3cda81343e26318448ae8ce053a04b74276f2e99a2af6cdb288720e87fa6e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview lido-dao-test-dp is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...
Malicious code in lido-cosmos-docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 91c734ea9798aa522386257ac88af574161a623f65bb9aa4931503a3b2d26bb5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4304 Malicious code in lido-cosmos-docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 91c734ea9798aa522386257ac88af574161a623f65bb9aa4931503a3b2d26bb5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview lido-cosmos-docs is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...
Lido adapter incorrectly calculates the price of the underlying token
Lines of code Vulnerability details Impact The Lido adapter incorrectly calculates the price of WETH in terms of WstETH. The function returns the price of WstETH in terms of stETH. The underlying token which we desire is WETH. Since stETH does not have the same value as WETH the output price...
User may lose ETH when depositing stETH
Lines of code GeneralVault.solL75-L89 LidoVault.solL79-L104 Vulnerability details Impact When the depositCollateral function is used in the LidoVault.sol contract, a user depositing stETH may mistakenly have a non-zero msg.value. The ETH would be passed to the contract and the user would lose tha...