12 matches found
GHSA-WG2X-RV86-MMPX SPV Merkle proof malleability allows the maintainer to prove invalid transactions
Summary By publishing specially crafted transactions on the Bitcoin blockchain, the SPV maintainer can produce seemingly valid SPV proofs for fraudulent transactions. The issue was originally identified by Least Authority in the tBTC Bridge V2 Security Audit Report as Issue B: Bitcoin SPV Merkle...
SPV Merkle proof malleability allows the maintainer to prove invalid transactions
Summary By publishing specially crafted transactions on the Bitcoin blockchain, the SPV maintainer can produce seemingly valid SPV proofs for fraudulent transactions. The issue was originally identified by Least Authority in the tBTC Bridge V2 Security Audit Report as Issue B: Bitcoin SPV Merkle...
PT-2024-40497 · Bitcoin · Bitcoind
Name of the Vulnerable Software and Affected Versions: Bitcoin affected versions not specified Description: The issue allows an attacker to create seemingly valid SPV proofs for fraudulent transactions by publishing specially crafted transactions on the Bitcoin blockchain. This is achieved by...
OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
Impact When the verifyMultiProof, verifyMultiProofCalldata, processMultiProof, or processMultiProofCalldata functions are in use, it is possible to construct merkle trees that allow forging a valid multiproof for an arbitrary set of leaves. A contract may be vulnerable if it uses multiproofs for...
Merkle verifier library verifies intermediate inputs
Lines of code Vulnerability details Vulnerability details Description MerkleVerifier provides a set of functions for verification of a Merkle proof by performing an inclusion check of input against a binary tree. This is implemented as consecutively hashing concatenated sibling nodes until a root...
A malicious user can claim and successfuly steal a gobbler NFT token.
Lines of code Vulnerability details Impact A malicious user can claim and successfuly steal a gobbler NFT token in the function claimGobbler. Proof of Concept The function claimGobbler is used from the mintlisted users to claim a gobbler using a merkle proof. However there is no check to ensure...
Potential DoS in _claim()
Lines of code Vulnerability details Impact An attacker could call claim in an infinite loop to conduct DoS attack. Proof of Concept Here is the implementation of claim: // User provides the the cToken & the amount they should get, and it is verified against the merkle root for that cToken ///...
Verifying criteria is prone to known merkle proof attacks
Lines of code Vulnerability details The Merkle hash root does not indicate the tree depth, enabling a second-preimage attack in which an attacker creates a document other than the original that has the same Merkle hash root. For the example above, an attacker can create a new document containing...
One co-creator with a small share can get 100% of the funds in the splitter
Lines of code Vulnerability details Impact One co-creator with a small share can get 100% of the funds by calling the incrementWindow function from an attacker contract that mimics RoyaltyVault. He can then create one or multiple fake windows and claim them to get the full balance of the splitter...
[WP-H4] Input should be validated on-chain to avoid fund loss caused by admin's misinput
Lines of code Vulnerability details In the current design/implementation, the admin of BribeVault is a super privileged role of the system. However, the inputs of the admin to some of the most critical methods are not being validated properly. This can lead to loss of funds to users caused by the...
Rewards can be claimed if merkle proof is known
Lines of code Vulnerability details Impact The README describes the following when a voting ends: Outside of the Hidden Hand contract scope, after the Tokemak CoRE round ends, proposal data is compiled and these two things happen: - The following is derived from the data: its hash KECCAK-256 and...
Users can lock themselves out of being able to convert VETH, becoming stuck with the deprecated asset
Handle TomFrenchBlockchain Vulnerability details I've put this as a medium issue as we're leaking value as users are stuck with assets which are likely to be worth much less as they are deprecated. It could also be low as it's not exploitable by outside parties and the loss isn't taken by the...