186 matches found
Using block.timestamp as the deadline/expiry invites MEV
Lines of code 307 Vulnerability details Impact Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicio...
Sandwich attack on buy()
Lines of code Vulnerability details Impact Function Market:buy does not check or take in a minimum buy amount. This makes users' funds vulnerable to sandwich attacks. buy will increase shareDataid.tokenCount, and thus change the exchange rate of share price. price, fee =...
kernel: nvme-pci: fix mempool alloc size
A flaw was addressed in the Linux kernel’s nvme-pci driver related to how the driver calculated the worst-case number of PRP Physical Region Page lists required for a given I/O request. The implementation previously rounded the allocation to one list instead of correctly converting the maximum si...
kernel: cifs: fix small mempool leak in SMB2_negotiate()
In the Linux kernel, the following vulnerability has been resolved: cifs: fix small mempool leak in SMB2negotiate In some cases of failure dialect mismatches in SMB2negotiate, after the request is sent, the checks would return -EIO when they should be rather setting rc = -EIO and jumping to negex...
Front-Running Vulnerability: Exploiting Reward Updates for Maximized Payouts
Lines of code Vulnerability details Impact Malicious users claim rewards at a higher rate than what was intended by front-running governance actions meant to reduce rewards. This allows them to claim rewards at a higher rate than what was intended, undermining the protocol's intended economic...
setDirectPrice is vulnerable to sandwich attack
Lines of code Vulnerability details Impact In ChainlinkOracle.sol we have setDirectPrice: function setDirectPriceaddress asset, uint256 price external onlyAdmin emit PricePostedasset, pricesasset, price, price; pricesasset = price; This function setDirectPrice allows the admin...
Front-Running Vulnerability in LensHub.sol's commentWithSig and quoteWithSig Functions
Lines of code Vulnerability details Impact A vulnerability has been discovered in LensHub.sol's commentWithSig and quoteWithSig functions. This vulnerability potentially enables an attacker to disrupt users' actions by front-running transactions, resulting in undesirable modifications of comments...
aprove and spend at same block may hard to execute by order
Lines of code Vulnerability details Impact aprove and spend at same block may hard to execute by order Proof of Concept approve: blockExpenditureblock.number = amount + spentThisBlock; spend: uint256 spentThisBlock = blockExpenditureblock.number; if amount + spentThisBlock limit revert...
GO-2023-1883 Denial of service via OOM in github.com/cometbft/cometbft
A bug in the CometBFT middleware causes the mempool's two data structures to fall out of sync. This can lead to duplicate transactions that cannot be removed, even after they are committed in a block. The only way to remove the transaction is to restart the node. This can be exploited by an...
Denial Of Service (DoS)
github.com/cometbft/cometbft is vulnerable to Denial of Service DoS attacks. A list and a map are the two data structures that the mempool utilizes to keep track of unfinished transactions. The same transaction may occur several times if these structures are out of sync, even though they should b...
CometBFT may duplicate transactions in the mempool's data structures
Impact The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time in the sense that the map tracks the index if any of the transaction in the list. Unfortunately, it is possible to have...
GHSA-W24W-WP77-QFFM CometBFT may duplicate transactions in the mempool's data structures
Impact The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time in the sense that the map tracks the index if any of the transaction in the list. Unfortunately, it is possible to have...
CVE-2023-34451
CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time ...
Code injection
CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time ...
CVE-2023-34451 CometBFT may duplicate transactions in the mempool's data structures
CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time ...
CVE-2023-34451
Summary: CVE-2023-34451 affects CometBFT. The mempool’s two data structures (list and map) can fall out of sync, causing duplicate transactions that cannot be fully removed until a restart. This issue is described across multiple sources (NVD, GHSA, OSV) with concrete steps and impact details. Af...
CVE-2023-34451 CometBFT may duplicate transactions in the mempool's data structures
CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time ...
CVE-2023-34451 CometBFT may duplicate transactions in the mempool's data structures
CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time ...
PT-2023-24887 · Cometbft · Cometbft
Name of the Vulnerable Software and Affected Versions: CometBFT versions v0.34.28 and prior, v0.37.0, v0.37.1 Description: The mempool in CometBFT maintains two data structures, a list and a map, to track outstanding transactions. These data structures are supposed to be in sync, with the map...
kernel: md: fix a crash in mempool_free
In the Linux kernel, the following vulnerability has been resolved: md: fix a crash in mempoolfree There's a crash in mempoolfree when running the lvm test shell/lvchange-rebuild-raid.sh. The reason for the crash is this: superwritten calls atomicdecandtest&mddev-pendingwrites and...