12 matches found
Gas mispricing in cosmwasm-vm
Component: wasmvm Criticality: Medium ACMv1: I:Moderate; L:Likely Patched versions: wasmvm 1.5.4, 2.0.3, 2.1.2 Some Wasm operations take significantly more gas than our benchmarks indicated. This can lead to missing the gas target we defined by a factor of 10x. This means a malicious contract cou...
GHSA-RG2Q-2JH9-447Q Gas mispricing in cosmwasm-vm
Component: wasmvm Criticality: Medium ACMv1: I:Moderate; L:Likely Patched versions: wasmvm 1.5.4, 2.0.3, 2.1.2 Some Wasm operations take significantly more gas than our benchmarks indicated. This can lead to missing the gas target we defined by a factor of 10x. This means a malicious contract cou...
CWA-2024-004: Gas mispricing in cosmwasm-vm
Some Wasm operations take significantly more gas than our benchmarks indicated. This can lead to missing the gas target we defined by a factor of 10x. This means a malicious contract could take 10 times as much time to execute as expected, which can be used to temporarily DoS a chain. For more...
RUSTSEC-2024-0361 CWA-2024-004: Gas mispricing in cosmwasm-vm
Some Wasm operations take significantly more gas than our benchmarks indicated. This can lead to missing the gas target we defined by a factor of 10x. This means a malicious contract could take 10 times as much time to execute as expected, which can be used to temporarily DoS a chain. For more...
Gas mispricing in cosmwasm-vm
Component: wasmvm Criticality: Medium ACMv1: I:Moderate; L:Likely Patched versions: wasmvm 1.5.3, 2.0.2, 2.1.1...
Gas mispricing in cosmwasm-vm
Component: wasmvm Criticality: Medium ACMv1: I:Moderate; L:Likely Patched versions: wasmvm 1.5.3, 2.0.2, 2.1.1...
Memory corruption in getBytes32FromBytes() can likely lead to loss of funds
Lines of code Vulnerability details Description The LibBytes library is used to read and store uint128 types compactly for Well functions. The function getBytes32FromBytes will fetch a specific index as bytes32. / @dev Read the ith 32-byte chunk from data. / function getBytes32FromBytesbytes memo...
NFTFloorOracle's asset and feeder structures can be corrupted
Lines of code Vulnerability details NFTFloorOracle's addAsset and addFeeder truncate the assets and feeders arrays indices to 255, both using uint8 index field in the corresponding structures and performing uint8assets.length - 1 truncation on the new element addition. 2^8 - 1 looks to be too tig...
buyoutPrice precision is lost in Buyout's start and Migration's commit
Lines of code Vulnerability details Buyout's start now determine the price for buyout with the truncation to 1% of supply. When buyout initiator brings in the big enough amount of fractional tokens current formula can yield substantial mispricing of initiator's fractional tokens value, which will...
totalAssets() can overflow leading to the incorrect pricing of assets
Lines of code Vulnerability details The TurboSafe's totalAssets function is used by ERC4626.previewDeposit, ERC4626.previewMint, ERC4626.previewWithdraw, and ERC4626.previewRedeem. These preview functions are called directly by the non-preview versions and therefore if totalAssets has the wrong...
Cvx3CrvOracle can report stale prices
Handle hyh Vulnerability details Impact Whenever Chainlink's latestRoundData for any reason returns some not recent, but positive price, it will be used as current price by Cvx3CrvOracle's peek and get despite there will be no confirmation for it. This way an attacker can monitor Chainlink oracle...
calculateQuoteTokenQty() Does Not Check Rebase Event May Cause MisPricing
Handle Meta0xNull Vulnerability details Impact // xy=k - we track these internally to compare to actual balances of the ERC20's When Rebase Event Happen, the curve change and affect Pricing for Both Buy & Sell. calculateBaseTokenQty Do Check if Experience Quote Token Decay / a Rebase Down event a...