Lucene search
K

36 matches found

Code423n4
Code423n4
added 2022/03/03 12:0 a.m.10 views

Possible underflow when exit to mainnet with full amount after receiving tokens from another schain

Lines of code Vulnerability details Impact When tokens are transferred from one schain to another schain, the outgoing messages are not transmitted to the mainnet receiver. The amount of tokens on the receiving schain will increase but when exiting on mainnet with the full amount, it will cause...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/25 12:0 a.m.17 views

No ERC20 safe* versions called on mainnet deposit

Lines of code Vulnerability details Impact Some mainnet tokens like USDT don't correctly implement the EIP20 standard and their transfer/transferFrom function return void instead of a success boolean. Calling these functions with the correct EIP20 function signatures will always revert. Non-safe...

6.9AI score
Exploits0
OSV
OSV
added 2021/10/19 3:28 p.m.72 views

GHSA-PVH2-PJ76-4M96 Specification non-compliance in JUMPI

Impact In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. Patches This is a high severity security advisory if you use evm crate for...

8.7CVSS9.7AI score0.00995EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/10/19 3:28 p.m.49 views

Specification non-compliance in JUMPI

Impact In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. Patches This is a high severity security advisory if you use evm crate for...

9.8CVSS9.4AI score0.00995EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/10/18 9:15 p.m.6 views

CVE-2021-41153

The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a...

9.8CVSS7.3AI score0.00995EPSS
Exploits0References2
NVD
NVD
added 2021/10/18 9:15 p.m.50 views

CVE-2021-41153

The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a...

9.8CVSS0.00995EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/10/18 9:0 p.m.60 views

CVE-2021-41153 Specification non-compliance in JUMPI

The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a...

8.7CVSS9.8AI score0.00995EPSS
Exploits0References2
OSV
OSV
added 2021/08/30 4:15 p.m.68 views

GHSA-9856-9GG9-QCMQ Ethereum Contains Consensus Flaw During Block Processing

Impact A vulnerability in the Geth EVM could cause a node to reject the canonical chain. Description A memory-corruption bug within the EVM can cause a consensus error, where vulnerable nodes obtain a different stateRoot when processing a maliciously crafted transaction. This, in turn, would lead...

6.5CVSS7.4AI score0.01527EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2021/08/30 4:15 p.m.49 views

Ethereum Contains Consensus Flaw During Block Processing

Impact A vulnerability in the Geth EVM could cause a node to reject the canonical chain. Description A memory-corruption bug within the EVM can cause a consensus error, where vulnerable nodes obtain a different stateRoot when processing a maliciously crafted transaction. This, in turn, would lead...

7.5CVSS7AI score0.01527EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2021/08/24 12:0 a.m.4 views

PT-2021-7369 · Unknown · Go-Ethereum

Name of the Vulnerable Software and Affected Versions: go-ethereum versions prior to v1.10.8 Description: A consensus-vulnerability in go-ethereum Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain. This issue is related to a memory-corruption bug withi...

7.5CVSS7.1AI score0.01527EPSS
Exploits0References16
OSV
OSV
added 2021/03/09 6:15 p.m.22 views

CVE-2021-21369

Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. In Besu before version 1.5.1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API service. If username and password authentication is enabled for the HTTP JSON-RPC API service, then prio...

6.5CVSS7.1AI score
Exploits0References4
Prion
Prion
added 2021/03/09 6:15 p.m.23 views

Heap overflow

Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. In Besu before version 1.5.1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API service. If username and password authentication is enabled for the HTTP JSON-RPC API service, then prio...

4CVSS6.7AI score0.01503EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2021/03/09 6:10 p.m.68 views

CVE-2021-21369

Hyperledger Besu (Java) prior to v1.5.1 is affected by a denial‑of‑service in the HTTP JSON‑RPC API when HTTP auth is enabled. The vulnerability arises because a login step to obtain a JWT is required before API calls, and an attacker can overload the login endpoint with invalid passwords. Passwo...

6.5CVSS6.6AI score0.01503EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/03/09 6:10 p.m.32 views

CVE-2021-21369 Potential DoS in Besu HTTP JSON-RPC API

Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. In Besu before version 1.5.1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API service. If username and password authentication is enabled for the HTTP JSON-RPC API service, then prio...

6.5CVSS6.8AI score0.01503EPSS
Exploits0References4
Veracode
Veracode
added 2019/07/15 3:38 a.m.10 views

Insecure String Comparison

zencashjs uses an insecure string comparison. This is due to a clash of address prefixes for testnet P2PKH and mainnet P2SH addresses. The package interprets transactions sent to a zt P2SH address on mainnet as P2PKH transactions erroneously. Any funds sent to a mainnet P2SH multisignature addres...

6.8AI score
Exploits0
Node.js
Node.js
added 2019/07/02 10:27 p.m.19 views

Undefined Behavior

Overview Versions of zencashjs prior to 1.2.0 may cause loss of funds when used with cryptocurrency wallets. The package relies on a string comparison of the first two characters of a Horizen address to determine the destination address type of a transaction P2PKH or P2SH. Due to the base58 addre...

6.6AI score
Exploits0Affected Software1
Rows per page
Query Builder