Lucene search
K

12 matches found

Github Security Blog
Github Security Blog
added 2024/08/08 4:30 p.m.7 views

Gas mispricing in cosmwasm-vm

Component: wasmvm Criticality: Medium ACMv1: I:Moderate; L:Likely Patched versions: wasmvm 1.5.4, 2.0.3, 2.1.2 Some Wasm operations take significantly more gas than our benchmarks indicated. This can lead to missing the gas target we defined by a factor of 10x. This means a malicious contract cou...

7.3AI score
Exploits0References7Affected Software3
OSV
OSV
added 2024/08/08 4:30 p.m.8 views

GHSA-RG2Q-2JH9-447Q Gas mispricing in cosmwasm-vm

Component: wasmvm Criticality: Medium ACMv1: I:Moderate; L:Likely Patched versions: wasmvm 1.5.4, 2.0.3, 2.1.2 Some Wasm operations take significantly more gas than our benchmarks indicated. This can lead to missing the gas target we defined by a factor of 10x. This means a malicious contract cou...

5.3CVSS7.3AI score
Exploits0References7
RustSec
RustSec
added 2024/08/08 12:0 p.m.5 views

CWA-2024-004: Gas mispricing in cosmwasm-vm

Some Wasm operations take significantly more gas than our benchmarks indicated. This can lead to missing the gas target we defined by a factor of 10x. This means a malicious contract could take 10 times as much time to execute as expected, which can be used to temporarily DoS a chain. For more...

7.3AI score
Exploits0Affected Software1
OSV
OSV
added 2024/08/08 12:0 p.m.42 views

RUSTSEC-2024-0361 CWA-2024-004: Gas mispricing in cosmwasm-vm

Some Wasm operations take significantly more gas than our benchmarks indicated. This can lead to missing the gas target we defined by a factor of 10x. This means a malicious contract could take 10 times as much time to execute as expected, which can be used to temporarily DoS a chain. For more...

7.3AI score
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2024/08/08 12:0 a.m.10 views

Gas mispricing in cosmwasm-vm

Component: wasmvm Criticality: Medium ACMv1: I:Moderate; L:Likely Patched versions: wasmvm 1.5.3, 2.0.2, 2.1.1...

7.2AI score
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/08/08 12:0 a.m.8 views

Gas mispricing in cosmwasm-vm

Component: wasmvm Criticality: Medium ACMv1: I:Moderate; L:Likely Patched versions: wasmvm 1.5.3, 2.0.2, 2.1.1...

7.2AI score
Exploits0References8Affected Software1
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.8 views

Memory corruption in getBytes32FromBytes() can likely lead to loss of funds

Lines of code Vulnerability details Description The LibBytes library is used to read and store uint128 types compactly for Well functions. The function getBytes32FromBytes will fetch a specific index as bytes32. / @dev Read the ith 32-byte chunk from data. / function getBytes32FromBytesbytes memo...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.11 views

NFTFloorOracle's asset and feeder structures can be corrupted

Lines of code Vulnerability details NFTFloorOracle's addAsset and addFeeder truncate the assets and feeders arrays indices to 255, both using uint8 index field in the corresponding structures and performing uint8assets.length - 1 truncation on the new element addition. 2^8 - 1 looks to be too tig...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/07/14 12:0 a.m.12 views

buyoutPrice precision is lost in Buyout's start and Migration's commit

Lines of code Vulnerability details Buyout's start now determine the price for buyout with the truncation to 1% of supply. When buyout initiator brings in the big enough amount of fractional tokens current formula can yield substantial mispricing of initiator's fractional tokens value, which will...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/02/20 12:0 a.m.11 views

totalAssets() can overflow leading to the incorrect pricing of assets

Lines of code Vulnerability details The TurboSafe's totalAssets function is used by ERC4626.previewDeposit, ERC4626.previewMint, ERC4626.previewWithdraw, and ERC4626.previewRedeem. These preview functions are called directly by the non-preview versions and therefore if totalAssets has the wrong...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/30 12:0 a.m.6 views

Cvx3CrvOracle can report stale prices

Handle hyh Vulnerability details Impact Whenever Chainlink's latestRoundData for any reason returns some not recent, but positive price, it will be used as current price by Cvx3CrvOracle's peek and get despite there will be no confirmation for it. This way an attacker can monitor Chainlink oracle...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2022/01/24 12:0 a.m.11 views

calculateQuoteTokenQty() Does Not Check Rebase Event May Cause MisPricing

Handle Meta0xNull Vulnerability details Impact // xy=k - we track these internally to compare to actual balances of the ERC20's When Rebase Event Happen, the curve change and affect Pricing for Both Buy & Sell. calculateBaseTokenQty Do Check if Experience Quote Token Decay / a Rebase Down event a...

6.9AI score
Exploits0
Rows per page
Query Builder