10 matches found
CVE-2024-35202
Bitcoin Core before 25.0 allows remote attackers to cause a denial of service blocktxn message-handling assertion and node exit by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instan...
CVE-2024-35202
Bitcoin Core before 25.0 allows remote attackers to cause a denial of service blocktxn message-handling assertion and node exit by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instan...
CVE-2024-35202
Bitcoin Core before 25.0 allows remote attackers to cause a denial of service blocktxn message-handling assertion and node exit by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instan...
CVE-2024-35202
Bitcoin Core before 25.0 allows remote attackers to cause a denial of service blocktxn message-handling assertion and node exit by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instan...
CVE-2024-35202
CVE-2024-35202 affects Bitcoin Core prior to 25.0. The vulnerability allows remote attackers to cause a denial of service by including transactions in a blocktxn message that are not committed to in a block’s merkle root, triggering a blocktxn-handling assertion and node exit. The issue is associ...
CVE-2024-35202
Bitcoin Core before 25.0 allows remote attackers to cause a denial of service blocktxn message-handling assertion and node exit by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instan...
Reentrancy issue. User can easily mint more than allowed presale, bypassing merkle root limit
Lines of code Vulnerability details Impact Lack of reentrancy protection and code not follow Checks, Effects, Interactions pattern guideline. Here are the Effects stuff happen after Interactions affected by reentrancy: tokensMintedAllowlistAddress: tracking presale minted NFT per address...
getMerkleRoot() might return an unconfirmed root.
Lines of code Vulnerability details Impact Users might claim rewards using an unconfirmed merkle root. Proof of Concept getMerkleRoot returns the merkle root to claim the rewards. function getMerkleRoot public view returns bytes32 if block.timestamp = endOfDisputePeriod return tree.merkleRoot; el...
Merkle root of zero bypasses validation
Lines of code Vulnerability details Impact The merkle root validation happens with this require in validateTokenIds. If the merkle root is zero, this check is skipped. Proof of Concept This require validates that the merkle root is valid. This code is never reached if merkleRoot == bytes230 becau...
Users Can Frontrun Calls to updateRewardsMetadata() And Claim Tokens Twice
Lines of code Vulnerability details Impact The updateRewardsMetadata function is called by the BribeVault contract by the admin role. The function will take a list of distributions which are used to update the associated reward metadata. It is expected that the merkle root will be updated to...