36 matches found
Possible underflow when exit to mainnet with full amount after receiving tokens from another schain
Lines of code Vulnerability details Impact When tokens are transferred from one schain to another schain, the outgoing messages are not transmitted to the mainnet receiver. The amount of tokens on the receiving schain will increase but when exiting on mainnet with the full amount, it will cause...
No ERC20 safe* versions called on mainnet deposit
Lines of code Vulnerability details Impact Some mainnet tokens like USDT don't correctly implement the EIP20 standard and their transfer/transferFrom function return void instead of a success boolean. Calling these functions with the correct EIP20 function signatures will always revert. Non-safe...
GHSA-PVH2-PJ76-4M96 Specification non-compliance in JUMPI
Impact In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. Patches This is a high severity security advisory if you use evm crate for...
Specification non-compliance in JUMPI
Impact In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. Patches This is a high severity security advisory if you use evm crate for...
CVE-2021-41153
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a...
CVE-2021-41153
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a...
CVE-2021-41153 Specification non-compliance in JUMPI
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a...
GHSA-9856-9GG9-QCMQ Ethereum Contains Consensus Flaw During Block Processing
Impact A vulnerability in the Geth EVM could cause a node to reject the canonical chain. Description A memory-corruption bug within the EVM can cause a consensus error, where vulnerable nodes obtain a different stateRoot when processing a maliciously crafted transaction. This, in turn, would lead...
Ethereum Contains Consensus Flaw During Block Processing
Impact A vulnerability in the Geth EVM could cause a node to reject the canonical chain. Description A memory-corruption bug within the EVM can cause a consensus error, where vulnerable nodes obtain a different stateRoot when processing a maliciously crafted transaction. This, in turn, would lead...
PT-2021-7369 · Unknown · Go-Ethereum
Name of the Vulnerable Software and Affected Versions: go-ethereum versions prior to v1.10.8 Description: A consensus-vulnerability in go-ethereum Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain. This issue is related to a memory-corruption bug withi...
CVE-2021-21369
Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. In Besu before version 1.5.1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API service. If username and password authentication is enabled for the HTTP JSON-RPC API service, then prio...
Heap overflow
Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. In Besu before version 1.5.1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API service. If username and password authentication is enabled for the HTTP JSON-RPC API service, then prio...
CVE-2021-21369
Hyperledger Besu (Java) prior to v1.5.1 is affected by a denial‑of‑service in the HTTP JSON‑RPC API when HTTP auth is enabled. The vulnerability arises because a login step to obtain a JWT is required before API calls, and an attacker can overload the login endpoint with invalid passwords. Passwo...
CVE-2021-21369 Potential DoS in Besu HTTP JSON-RPC API
Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. In Besu before version 1.5.1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API service. If username and password authentication is enabled for the HTTP JSON-RPC API service, then prio...
Insecure String Comparison
zencashjs uses an insecure string comparison. This is due to a clash of address prefixes for testnet P2PKH and mainnet P2SH addresses. The package interprets transactions sent to a zt P2SH address on mainnet as P2PKH transactions erroneously. Any funds sent to a mainnet P2SH multisignature addres...
Undefined Behavior
Overview Versions of zencashjs prior to 1.2.0 may cause loss of funds when used with cryptocurrency wallets. The package relies on a string comparison of the first two characters of a Horizen address to determine the destination address type of a transaction P2PKH or P2SH. Due to the base58 addre...