Lucene search
K

106 matches found

Snyk
Snyk
added 2026/06/11 9:0 p.m.10 views

Malicious Package

Overview solana-mev-bot is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 1:55 a.m.12 views

Malicious code in mev-shield (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9783d5e48d62da6de516b1cf5d36474143528a9c6f33a86892ee558266a4e5ec The package advertises itself as an 'MEV protection layer for Ethereum trading bots' but does the opposite. On npm install, a postinstall script...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/22 1:55 a.m.9 views

MAL-2026-4609 Malicious code in mev-shield (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9783d5e48d62da6de516b1cf5d36474143528a9c6f33a86892ee558266a4e5ec The package advertises itself as an 'MEV protection layer for Ethereum trading bots' but does the opposite. On npm install, a postinstall script...

5.8AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/06/21 12:0 a.m.4 views

Optimistic MEV in Ethereum Layer 2s: Why Blockspace Is Always in Demand

Layer 2 rollups are rapidly absorbing DeFi activity, securing over $40 billion and accounting for nearly half of Ethereum's DEX volume by Q1 2025, yet their MEV dynamics remain understudied. We address this gap by defining and quantifying optimistic MEV, a form of speculative, on-chain cyclic...

7.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/11 12:0 a.m.5 views

First-Spammed, First-Served: MEV Extraction on Fast-Finality Blockchains

This research analyzes the economics of spam-based arbitrage strategies on fast-finality blockchains. We begin by theoretically demonstrating that, splitting a profitable MEV opportunity into multiple small transactions is the optimal strategy for CEX-DEX arbitrageurs. We then empirically validat...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/03 1:32 p.m.2 views

Malicious code in mev-sdk (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/03/03 1:32 p.m.2 views

MAL-2025-1903 Malicious code in mev-sdk (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/16 1:1 p.m.3 views

Malicious code in lido-mev-monitoring (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/10/16 1:1 p.m.2 views

MAL-2024-9689 Malicious code in lido-mev-monitoring (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/12/21 12:0 a.m.7 views

marginTo when opening a position increases slippage

Lines of code Vulnerability details Impact Providing marginTo when opening position will not increase premium but be stolen by MeV. This can be mitigated by providing amountOutMin in swap params but the protocol should guarantee proper swap. Proof of Concept When opening a position a borrower can...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/12/21 12:0 a.m.13 views

lack of slippage protection for increaseLiquidity, and decreaseLiquidity

Lines of code Vulnerability details Impact Lack of slippage protection for increasing and decreasing liquidity can cause the liquidity provider to provide liquidity at an unfavorable price. Or the borrower to borrow/repay in a manipulated pool. Proof of Concept When adding liquidity eventually...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/12/21 12:0 a.m.14 views

liquidator will always take what is left of borrowers premium

Lines of code Vulnerability details Impact A liquidator can manipulate the pool they are swapping in to take any potential left over premium from the borrower. Proof of Concept When liquidating a position the liquidator essentially closes the position on behalf of the borrower for a liquidation...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/12/20 12:0 a.m.13 views

Using block.timestamp as the deadline/expiry invites MEV

Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/12/20 12:0 a.m.10 views

Interest still accuring when repayment is paused, creating debt that cannot be repaid

Lines of code Vulnerability details Impact Interest still accuring when repayment is paused Proof of Concept When the admin pause the lending pool repayment, as timestamp elapses, interest still accuring /// @inheritdoc ILendingPool function accrueInterest public uint lastAccruedTime =...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/12/20 12:0 a.m.14 views

Using block.timestamp as the deadline/expiry invites MEV

Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/12/19 12:0 a.m.12 views

Only ensure the Lp is repaid when close the position invites MEV bot

Lines of code Vulnerability details Impact Only ensure the Lp is repaid when close the position invites MEV bot Proof of Concept in the function closePosition function closePosition DataStruct.ClosePositionParams calldata params, DataCache.ClosePositionCache memory cache, Lien.Info memory lien,...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/12/19 12:0 a.m.8 views

Using block.timestamp as the deadline/expiry invites MEV

Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/12/12 12:0 a.m.9 views

Using block.timestamp as the deadline/expiry invites MEV

Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/12/12 12:0 a.m.18 views

Using block.timestamp as the deadline/expiry invites MEV

Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/12/08 12:0 a.m.8 views

Event Emission

Lines of code Vulnerability details Impact Events such as Swap, Deposit, and Withdraw are emitted with the primitive address as the user parameter, which might not be the actual user msg.sender initiating the transaction. Proof of Concept Provide direct links to all referenced code in GitHub. Add...

7.2AI score
Exploits0
Rows per page
Query Builder