Aether - Adaptive Exploit and Threat Hunting Engine for EVM-based Repositories 5.0

Aether is a Python-based framework for analyzing Solidity smart contracts, generating vulnerability findings, producing Foundry-based proof-of-concept PoC tests, and validating exploits on mainnet forks. It combines Solidity AST parsing, taint analysis, control flow graph analysis, cross-contract...

Aether Smart Contract Security Analysis Framework 4.7.1

Aether is a Python-based framework for analyzing Solidity smart contracts, generating vulnerability findings, producing Foundry-based proof-of-concept PoC tests, and validating exploits on mainnet forks. It combines Solidity AST parsing, taint analysis, control flow graph analysis, cross-contract...

Eclipse Attacks on Ethereum'S Peer-To-Peer Network

Eclipse attacks isolate blockchain nodes by monopolizing their peer-to-peer connections. The attacks were extensively studied in Bitcoin SP'15, SP'20, CCS'21, SP'23 and Monero NDSS'25, but their practicality against Ethereum nodes remains underexplored, particularly in the post-Merge settings. We...

Aether - Adaptive Exploit and Threat Hunting Engine for EVM-based Repositories

Aether is a Python-based framework for analyzing Solidity smart contracts, generating vulnerability findings, producing Foundry-based proof-of-concept PoC tests, and optionally validating those tests on mainnet forks. It combines static analysis, prompt-driven LLM analysis, and AI-ensemble...

Efficient Blockchain-Based Steganography Via Backcalculating Generative Adversarial Network

Blockchain-based steganography enables data hiding via encoding the covert data into a specific blockchain transaction field. However, previous works focus on the specific field-embedding methods while lacking a consideration on required field-generation embedding. In this paper, we propose a...

Entangle Launches Mainnet Leveraging Omnichain Interoperability

By Uzair Amir Dubai, UAE, May 16, 2024 - Entangle, an interoperable data infrastructure layer, announces the successful launch of its… This is a post from HackRead.com Read the original post: Entangle Launches Mainnet Leveraging Omnichain Interoperability...

Miscalculation of OLAS Amount Due to Inaccurate LP Token Price in Specific Bonding Mechanism Scenarios

Lines of code Vulnerability details Impact Incorrect valuation of the LP Token price can result in either an excess issuance of OLAS Tokens, causing a loss to the protocol, or a lower issuance of OLAS Tokens, leading to losses for the user. Proof of Concept The prototype of the create function in...

GHSA-7787-P7X6-FQ3J Candid infinite decoding loop through specially crafted payload

Impact The Candid library causes a Denial of Service while parsing a specially crafted payload with empty data type. For example, if the payload is record ; empty and the canister interface expects record then the rust candid decoder treats empty as an extra field required by the type. The proble...

Default Account fallback lack payable

Lines of code Vulnerability details Impact fallback lack payable,will lead to differences from the mainnet, and many existing protocols may not work Proof of Concept DefaultAccount Defined as follows: DefaultAccount The implementation of the default account abstraction. This is the code that is...

Due to revert found during testing it would be wise to implement a rollback and re-whitelist should it be needed

Lines of code Vulnerability details Impact During testing with the Mainnet fork for the migration testing. We needed to make a distinction between V1 Profiles and V2 profiles within the test code, but this is not so in the standard V2 code, and may cause unforeseen issues after the upgrade. The V...

PT-2023-25174 · Vega · Vega

Name of the Vulnerable Software and Affected Versions: Vega versions prior to 0.71.6 Description: A vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For example, a deposit to the collateral bridge...

Reth flashloan attack

Lines of code Vulnerability details Impact Using a flashloan to manipulate rETH/ETH price a hacker can receive more SafEth shares for the same amount of ether, thus draining all three derivative contracts rETH, SfrxEth and WstEth. Proof of Concept Reth.poolPrice depends on UniswapV3 pool.slot0...

Oracle will become invalid much faster than intended on non-mainnet chains

Lines of code Vulnerability details Description NFTFloorOracle is in charge of answering price queries for ERC721 assets. EXPIRATIONPERIOD constant is the max amount of blocks allowed to have passed for the reading to be considered up to date: uint256 diffBlock = currentBlock - priceInfo.updatedA...

getWETHAddress() returns wrong address

Lines of code Vulnerability details Impact The hardcoded return value is the address of COMP token in mainnet not of WETH in getWETHAddress. grantCompInternal function depends on this return value which will cause unintended issues. Proof of Concept function grantCompInternaladdress user, uint...

CVE-2022-29077

A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node, which may lead to XRPL mainnet DoS or compromise. This exposes all digital assets on the XRPL to a security threat...

CVE-2022-29077

A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node, which may lead to XRPL mainnet DoS or compromise. This exposes all digital assets on the XRPL to a security threat...

CVE-2022-29077

A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node, which may lead to XRPL mainnet DoS or compromise. This exposes all digital assets on the XRPL to a security threat...

Ripple rippled 缓冲区错误漏洞

Ripple rippled is a decentralized cryptocurrency blockchain daemon that implements XRP Ledger in C++ from Ripple, USA. Ripple rippled 1.8.5 previously contained a security vulnerability that allowed an attacker to cause a crash or remotely execute commands on ripple nodes, which could lead to a D...

Possible underflow when exit to mainnet with full amount after receiving tokens from another schain

Lines of code Vulnerability details Impact When tokens are transferred from one schain to another schain, the outgoing messages are not transmitted to the mainnet receiver. The amount of tokens on the receiving schain will increase but when exiting on mainnet with the full amount, it will cause...

No ERC20 safe* versions called on mainnet deposit

Lines of code Vulnerability details Impact Some mainnet tokens like USDT don't correctly implement the EIP20 standard and their transfer/transferFrom function return void instead of a success boolean. Calling these functions with the correct EIP20 function signatures will always revert. Non-safe...