Lucene search
+L

6 matches found

OSV
OSV
added 2026/05/22 12:15 a.m.8 views

MAL-2026-4582 Malicious code in ignite-market-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3632f7802511e2852d33925ab4d8612fe588de1f8a1d832011cd3588d23f62bc The package's preinstall lifecycle hook in package.json runs wget --quiet...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 12:13 a.m.14 views

Malicious code in ignite-market-contractstest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9babd9b088785649368dbf885050b6a15b218a6b38d2dcd058f0c9eda5109da package.json declares a preinstall lifecycle hook that runs wget --quiet...

5.8AI score
Exploits0References2
Code423n4
Code423n4
added 2023/10/26 12:0 a.m.17 views

DoS Any Market by Frontrunning Creation with a Codehash Change

Lines of code Vulnerability details Impact Any market contract can be DoSed by sending a 1 wei transaction to the market address that will be created for a user. When an account has no code and has never been interacted with, the codehash will be bytes320. This will result in market creation...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2022/03/09 12:0 a.m.15 views

[WP-H3] money-market-contracts/oracle#feed_prices() delayed transaction may disrupt price feeds

Lines of code Vulnerability details The implementation only takes two attributes: asset and price. And the lastupdatedtime of the record will always be set to the current block.time. This makes it possible for the price feeds to be disrupted when the network is congested, or the endpoint is down...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/03/09 12:0 a.m.8 views

Missing allowlist checks on tokens in CrossAnchorBridge could cause loss of funds

Lines of code Vulnerability details Impact The CrossAnchorBridge contract accepts any ERC20 token and transfers them to the wormhole bridge. There were allowlist checks on the tokens before, but they were commented out in this version for the audit. If a user transfers, for example, non-supported...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/03/09 12:0 a.m.14 views

Simple interest calculation is not exact

Lines of code Vulnerability details Impact The borrow rate uses a simple interest formula to compute the accrued debt, instead of a compounding formula. pub fn computeinterestraw state: &mut State, blockheight: u64, balance: Uint256, aterrasupply: Uint256, borrowrate: Decimal256, targetdepositrat...

6.7AI score
Exploits0
Rows per page
Query Builder