EUVD-2025-4587

Malicious code in bioql PyPI...

GO-2025-3476 Cosmos SDK: Groups module can halt chain when handling a malicious proposal in github.com/cosmos/cosmos-sdk

Cosmos SDK: Groups module can halt chain when handling a malicious proposal in github.com/cosmos/cosmos-sdk...

GHSA-X5VX-95H7-RV4P Cosmos SDK: Groups module can halt chain when handling a malicious proposal

Name: ASA-2025-003: Groups module can halt chain when handling a malicious proposal Component: CosmosSDK Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: = v0.47.15, = 0.50.11 Affected users: Validators, Full nodes, Users on chains that utilize the groups...

Cosmos SDK: Groups module can halt chain when handling a malicious proposal

Name: ASA-2025-003: Groups module can halt chain when handling a malicious proposal Component: CosmosSDK Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: = v0.47.15, = 0.50.11 Affected users: Validators, Full nodes, Users on chains that utilize the groups...

Malicious actor can remove anyone's vote

Lines of code Vulnerability details Impact The GovernorCountingOverridable contract of the protocol is used to record the governance votes for different proposals and it allows the users to delegate their voting power to anyone. The handleVoteOverrides in the GovernorCountingOverridable contract...

SecurityCouncilMemberElectionGovernor propose() function is not properly restricted

Lines of code Vulnerability details summary The propose function in the SecurityCouncilMemberElectionGovernor contract is not properly restricted. This means that any user can call it, including attackers. Description The propose function in the SecurityCouncilMemberElectionGovernor contract is...

Malicious user can create an harmful proposal and execute it by setting a very low quorum .

Lines of code Vulnerability details Impact Malicious user can create an harmful proposal and execute it by setting a very low quorum . Which can lead to very bad consequences . Proof of Concept When creating a proposal, quorum is calculation logic looks like this : // get the quorum requirement f...

It's possible to block some user from voting for (or against) some proposal

Lines of code Vulnerability details Note: Although some code involved is inside a contract which is out of scope, I argue that this finding is in scope, since the vulnerability exists in the in-scope contract. In the Arcade protocol, there are several voting vaults implemented so that users can u...

Malicious proposal can drain the treasury contract and bypass the gscAllowance[token] check

Lines of code Vulnerability details Impact Malicious proposal can drain the treasury contract and bypass the gscAllowancetoken check Proof of Concept See this two function: function gscSpend address token, uint256 amount, address destination external onlyRoleGSCCOREVOTINGROLE nonReentrant if...

Accepted proposal may be recreated at the same address with a malicious proposal if there's a self destruct function in the accepted proposal

Lines of code Vulnerability details Impact A malicious proposal can take over the contract address of the accepted proposal through self-destruct Proof of Concept This issue is regarding the Tornado cash hack, whereby the attacker deploys different contracts at the same address. If the proposal...

Proposal commitment takes all fractional balance in Migration contract

Lines of code Vulnerability details Impact The Migration contract holds all fractional token balance of all proposals. Let's suppose a single vault has multiple proposals going on, and one gets committed. If the target price is satisfied, then a buyout starts // Checks if the current price is...