6 matches found
Malicious code in madan-poke10 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d7e0b1aa788464bd5a9bc55a0b06155270ca6b26c6d20e4b6c2a41c607faf3c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dewanto-bakso45-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ad39bf392654576593d213ea870a321642cba3aae762bbaf65e935ff9b85ae6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in zain-brengkes90-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b99d2f20b224560b548e9db431def8b8c9c368e842547fc01bd4ff2c7f093476 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-58929 Malicious code in tiara-kue66-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dff865ed42651e8de3d4e42296091c689b3482b928a376fdc5cd837160ce616b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Reentrancy vulnerability in Basket contract's initialize() method.
Handle broccolirob Vulnerability details A malicious "publisher" can create a basket proposal that mixes real ERC20 tokens with a malicious ERC20 token containing a reentrancy callback in it's approve method. When the initialize method is called on the newly cloned Basket contract, a method calle...
Reentrancy in settleAuction(): malicious publisher can bypass index timelock mechanism, inject malicious index, and rug the basket
Handle kenzo Vulnerability details The settleAuction function calls withdrawBounty before setting auctionOngoing = false, thereby allowing reentrancy. Impact A malicious publisher can bypass the index timelock mechanism and publish new index which the basket's users won't have time to respond to...