MAL-2025-38568 Malicious code in volcano-nebula-lsp8 (npm)

The package volcano-nebula-lsp8 was found to contain malicious code...

Malicious code in volcano-nebula-lsp8 (npm)

The package volcano-nebula-lsp8 was found to contain malicious code...

Unrestricted Name and Symbol Modification in LSP7 and LSP8 Digital Assets

Lines of code Vulnerability details I HAVE ALREADY SUBMITTED THIS ISSUE HOWEVER I MESSED UP THE LINKS FOR IT. CAN YOU PLEASE DISREGARD THE PREVIOUS SUBMISSION? Impact The owner of a contract in LSP8IdentifiableDigitalAsset and LSP7DigitalAsset can arbitrarily change the name and symbol of a token...

Unrestricted Name and Symbol Modification in LSP7 and LSP8 Digital Assets

Lines of code Vulnerability details Impact The owner of a contract in LSP8IdentifiableDigitalAsset and LSP7DigitalAsset can arbitrarily change the name and symbol of a token after its deployment. This ability is due to the inheritance of the setData function from ERC725YCore.sol implemented in...

LSP8Burnable extension incorrectly inherits LSP8IdentifiableDigitalAssetCore

Lines of code Vulnerability details Bug Description The LSP8Burnable contract inherits from LSP8IdentifiableDigitalAssetCore: LSP8Burnable.solL15 abstract contract LSP8Burnable is LSP8IdentifiableDigitalAssetCore However, LSP8 extensions are supposed to inherit LSP8IdentifiableDigitalAsset instea...

LSP8 and LSP9's ERC-165 interface ID differs from their specification

Lines of code Vulnerability details Bug Description According to LSP7's specification, the ERC-165 interface ID for LSP7 token contracts should be 0x5fcaac27: ERC165 interface id: 0x5fcaac27 However, INTERFACEIDLSP7 has a different value in the code: LSP7Constants.solL4-L5 // --- ERC165 interface...