Lucene search
K

186 matches found

Code423n4
Code423n4
added 2023/11/29 12:0 a.m.11 views

Using block.timestamp as the deadline/expiry invites MEV

Lines of code 307 Vulnerability details Impact Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicio...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/11/17 12:0 a.m.11 views

Sandwich attack on buy()

Lines of code Vulnerability details Impact Function Market:buy does not check or take in a minimum buy amount. This makes users' funds vulnerable to sandwich attacks. buy will increase shareDataid.tokenCount, and thus change the exchange rate of share price. price, fee =...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.7 views

kernel: nvme-pci: fix mempool alloc size

A flaw was addressed in the Linux kernel’s nvme-pci driver related to how the driver calculated the worst-case number of PRP Physical Region Page lists required for a given I/O request. The implementation previously rounded the allocation to one list instead of correctly converting the maximum si...

5.8AI score0.00206EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.8 views

kernel: cifs: fix small mempool leak in SMB2_negotiate()

In the Linux kernel, the following vulnerability has been resolved: cifs: fix small mempool leak in SMB2negotiate In some cases of failure dialect mismatches in SMB2negotiate, after the request is sent, the checks would return -EIO when they should be rather setting rc = -EIO and jumping to negex...

5.5CVSS6.3AI score0.00149EPSS
Exploits0References5
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.7 views

Front-Running Vulnerability: Exploiting Reward Updates for Maximized Payouts

Lines of code Vulnerability details Impact Malicious users claim rewards at a higher rate than what was intended by front-running governance actions meant to reduce rewards. This allows them to claim rewards at a higher rate than what was intended, undermining the protocol's intended economic...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/31 12:0 a.m.7 views

setDirectPrice is vulnerable to sandwich attack

Lines of code Vulnerability details Impact In ChainlinkOracle.sol we have setDirectPrice: function setDirectPriceaddress asset, uint256 price external onlyAdmin emit PricePostedasset, pricesasset, price, price; pricesasset = price; This function setDirectPrice allows the admin...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/30 12:0 a.m.11 views

Front-Running Vulnerability in LensHub.sol's commentWithSig and quoteWithSig Functions

Lines of code Vulnerability details Impact A vulnerability has been discovered in LensHub.sol's commentWithSig and quoteWithSig functions. This vulnerability potentially enables an attacker to disrupt users' actions by front-running transactions, resulting in undesirable modifications of comments...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/07/28 12:0 a.m.8 views

aprove and spend at same block may hard to execute by order

Lines of code Vulnerability details Impact aprove and spend at same block may hard to execute by order Proof of Concept approve: blockExpenditureblock.number = amount + spentThisBlock; spend: uint256 spentThisBlock = blockExpenditureblock.number; if amount + spentThisBlock limit revert...

7.2AI score
Exploits0
OSV
OSV
added 2023/07/13 10:19 p.m.48 views

GO-2023-1883 Denial of service via OOM in github.com/cometbft/cometbft

A bug in the CometBFT middleware causes the mempool's two data structures to fall out of sync. This can lead to duplicate transactions that cannot be removed, even after they are committed in a block. The only way to remove the transaction is to restart the node. This can be exploited by an...

8.2CVSS8AI score0.00901EPSS
Exploits1References3
Veracode
Veracode
added 2023/07/12 10:35 a.m.16 views

Denial Of Service (DoS)

github.com/cometbft/cometbft is vulnerable to Denial of Service DoS attacks. A list and a map are the two data structures that the mempool utilizes to keep track of unfinished transactions. The same transaction may occur several times if these structures are out of sync, even though they should b...

8.2CVSS6.7AI score0.00901EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/05 9:34 p.m.15 views

CometBFT may duplicate transactions in the mempool's data structures

Impact The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time in the sense that the map tracks the index if any of the transaction in the list. Unfortunately, it is possible to have...

8.2CVSS6.7AI score0.00901EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/07/05 9:34 p.m.37 views

GHSA-W24W-WP77-QFFM CometBFT may duplicate transactions in the mempool's data structures

Impact The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time in the sense that the map tracks the index if any of the transaction in the list. Unfortunately, it is possible to have...

8.2CVSS8AI score0.00901EPSS
Exploits1References5
NVD
NVD
added 2023/07/03 5:15 p.m.27 views

CVE-2023-34451

CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time ...

8.2CVSS7.9AI score0.00901EPSS
Exploits1References3
Prion
Prion
added 2023/07/03 5:15 p.m.19 views

Code injection

CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time ...

6.4CVSS7.8AI score0.00901EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/07/03 4:35 p.m.17 views

CVE-2023-34451 CometBFT may duplicate transactions in the mempool's data structures

CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time ...

8.2CVSS7.7AI score0.00901EPSS
Exploits1References5
CVE
CVE
added 2023/07/03 4:35 p.m.64 views

CVE-2023-34451

Summary: CVE-2023-34451 affects CometBFT. The mempool’s two data structures (list and map) can fall out of sync, causing duplicate transactions that cannot be fully removed until a restart. This issue is described across multiple sources (NVD, GHSA, OSV) with concrete steps and impact details. Af...

8.2CVSS7.8AI score0.00901EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/03 4:35 p.m.11 views

CVE-2023-34451 CometBFT may duplicate transactions in the mempool's data structures

CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time ...

8.2CVSS6.8AI score0.00901EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/07/03 4:35 p.m.33 views

CVE-2023-34451 CometBFT may duplicate transactions in the mempool's data structures

CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time ...

8.2CVSS8.1AI score0.00901EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/07/03 12:0 a.m.5 views

PT-2023-24887 · Cometbft · Cometbft

Name of the Vulnerable Software and Affected Versions: CometBFT versions v0.34.28 and prior, v0.37.0, v0.37.1 Description: The mempool in CometBFT maintains two data structures, a list and a map, to track outstanding transactions. These data structures are supposed to be in sync, with the map...

8.2CVSS8AI score0.00901EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2023/05/16 8:56 a.m.6 views

kernel: md: fix a crash in mempool_free

In the Linux kernel, the following vulnerability has been resolved: md: fix a crash in mempoolfree There's a crash in mempoolfree when running the lvm test shell/lvchange-rebuild-raid.sh. The reason for the crash is this: superwritten calls atomicdecandtest&mddev-pendingwrites and...

5.5CVSS6.6AI score0.0015EPSS
Exploits0References5
Rows per page
Query Builder