8 matches found
CVE-2025-47394
Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations...
The vulnerability of the uprobe_write_opcode() function in the kernel/events/uprobes.c module of Linux operating systems allows a hacker to cause a service failure.
The vulnerability of the uprobewriteopcode function in the kernel/events/uprobes.c module of Linux operating systems is related to incorrect calculations. Exploiting this vulnerability could allow an attacker to cause a service failure...
Using _freefunds() to calculate share price lead to shares miscalculations and could benefit treasury
Lines of code Vulnerability details Impact Function freeFunds calculates the amount of free funds available after profit locking and it's used to for calculating share price, issuing shares during deposit, or burning shares during withdrawal. Value returned by freeFunds is time-dependant, because...
Oracle.sol uses deprecated Chainlink method latestAnswer()
Lines of code Vulnerability details Proof of Concept Chainlink has market the latestAnswer method as deprecated for his price feeds, but the code is using it. Impact The latestAnswer method just returns the price and has no way to check if it is stale. If the project is using a stale price it can...
Black Hat and DEF CON Roundup
There was nothing typical this year at BSides LV, Black Hat USA and DEF CON – also known collectively as Hacker Summer Camp. The weeklong collection of cybersecurity conferences featured an eclectic mix of attendees to learn, network, hack and have fun. The week even included a rare Las Vegas fla...
YieldMath.sol / Log2: >= or > ?
Handle gpersoon Vulnerability details Impact The V1 version of YieldMath.sol contains "=" larger or equal, while the V2 version of YieldMath.sol containt "" larger in the log2 function. This change doesn't seem logical and might lead to miss calculations. The difference is present in a number of...
getBalanceLocked on line 202 of Visor.sol doesn't return the total balance, just the highest balance
Handle Sherlock Vulnerability details Impact Causes some internal miscalculations allowing people to take out locked funds using timeUnlockERC20 and delegatedTransferERC20 Proof of Concept Tools Used Hardhat Recommended Mitigation Steps Calculate balance using balance.add lockData.balance on line...
Carry Propagation
bouncycastle is vulnerable to carry propagation bugs. This bug caused mathematical miscalculations during static Elliptic Curve Diffie Hellman which in rare cases for it to miscalculate elliptic curve scalar multiplication. This allows a malicious user in certain cases to obtain the key...