Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.4 views

CVE-2026-28410

The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to version 3.0.0, a flaw in the token vesting contracts allows users to access tokens that should still be locked according to their vesting schedule. This issue has been patched in...

8.1CVSS5.7AI score0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/05 8:11 p.m.29 views

CVE-2026-28410 The Graph: Revocable vesting contracts allows early access to locked tokens

The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to version 3.0.0, a flaw in the token vesting contracts allows users to access tokens that should still be locked according to their vesting schedule. This issue has been patched in...

5.3CVSS0.00228EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/05 8:11 p.m.5 views

CVE-2026-28410

The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to version 3.0.0, a flaw in the token vesting contracts allows users to access tokens that should still be locked according to their vesting schedule. This issue has been patched in...

5.3CVSS5.8AI score0.00228EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/05 8:11 p.m.4 views

CVE-2026-28410 The Graph: Revocable vesting contracts allows early access to locked tokens

The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to version 3.0.0, a flaw in the token vesting contracts allows users to access tokens that should still be locked according to their vesting schedule. This issue has been patched in...

5.3CVSS5.7AI score0.00228EPSS
Exploits0References2
CVE
CVE
added 2026/03/05 8:11 p.m.10 views

CVE-2026-28410

CVE-2026-28410 affects The Graph protocol. Prior to v3.0.0, token vesting contracts contained a flaw enabling early access to tokens that should remain locked; the issue has been patched in v3.0.0. Connected sources confirm affected versions are before 3.0.0 and indicate remediation via upgrade t...

8.1CVSS5.8AI score0.00228EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/05 8:11 p.m.5 views

EUVD-2026-9871

The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to version 3.0.0, a flaw in the token vesting contracts allows users to access tokens that should still be locked according to their vesting schedule. This issue has been patched in...

5.3CVSS5.8AI score0.00228EPSS
Exploits0References2
OSV
OSV
added 2026/03/05 8:11 p.m.2 views

CVE-2026-28410 The Graph: Revocable vesting contracts allows early access to locked tokens

The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to version 3.0.0, a flaw in the token vesting contracts allows users to access tokens that should still be locked according to their vesting schedule. This issue has been patched in...

5.3CVSS5.7AI score0.00228EPSS
Exploits0References4
Code423n4
Code423n4
added 2023/09/27 12:0 a.m.18 views

AfEth price calculation doesn't factor locked tokens held in contract balance

Lines of code Vulnerability details Summary When withdrawals are enqueued in AfEth, the implementation will remove the tokens from the caller and lock these in the contract until the withdrawal is made effective. These tokens still count in the supply, and must not be considered during price...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/28 12:0 a.m.15 views

User can drain all locked tokens during withdrawal and still retain their voting power

Lines of code Vulnerability details Impact In the NFTBaseVault.sol contract, a user can decide to withdraw all locked tokens by calling the withdraw... function until all locked funds are drained and the still retain their voting power. Proof of Concept if a user malicious or not decides not to...

6.8AI score
Exploits0
HackRead
HackRead
added 2023/06/07 2:44 p.m.11 views

Sweat Economy Gives Power to Community over 2 Billion SWEAT Tokens

By Waqas These 2 billion SWEAT tokens, which make up around 13% of the total supply, have been locked in… This is a post from HackRead.com Read the original post: Sweat Economy Gives Power to Community over 2 Billion SWEAT Tokens...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/12/12 12:0 a.m.16 views

User may be blocked from market withdrawal for extended period of time

Lines of code Vulnerability details Impact WithdrawalHook::lastUserPeriodReset is global for all users, which means that each time that lastUserPeriodReset + userPeriodLength it'is able to block user from withdrawal', async = let previousResetTimestamp = await getLastTimestampethers.provider //...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/18 12:0 a.m.10 views

Yearn Curve vault can be removed without withdrawing all deposited tokens. Causing these token to be locked forever unless an owner is added this vault back.

Lines of code Vulnerability details Impact Yearn Curve vault can be removed without withdrawing all deposited tokens. Causing these token to be locked forever unless an owner is added this vault back. Proof of Concept function removeVaultaddress vault external onlyOwner requirevaultsvault !=...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/14 12:0 a.m.17 views

Rebasing tokens lock excess balance in contract

Lines of code Vulnerability details Rebasing tokens lock excess balance in contract If a vault is created with a rebasing ERC20 as its token, additional balance accrued through rebases while the token is owned by the vault may be locked in the contract. If the rebasing token balance decreases whi...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/03/13 12:0 a.m.10 views

Wrong formula when add fee incentivePool can lead to loss of funds.

Lines of code Vulnerability details Impact The getAmountToTransfer function of LiquidityPool updates incentivePooltokenAddress by adding some fee to it but the formula is wrong and the value of incentivePooltokenAddress will be divided by BASEDIVISOR 10000000000 each time. After just a few time,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/03/03 12:0 a.m.14 views

If SChain is Removed Before kill() and getFunds() all Tokens are Locked in the Bridge

Lines of code Vulnerability details Impact If the SChain is removed before all the funds are withdrawn from the bridge they will be permanently locked in the bridge. When a SChain is removed in by the SKALE protocol via the function SchainsInternal.removeSchain the data including the owner will b...

6.7AI score
Exploits0
Rows per page
Query Builder