A Contrastive Federated Semi-Supervised Learning Intrusion Detection Framework for Internet of Robotic Things

In intelligent industry, autonomous driving and other environments, the Internet of Things IoT highly integrated with robotic to form the Internet of Robotic Things IoRT. However, network intrusion to IoRT can lead to data leakage, service interruption in IoRT and even physical damage by...

MAL-2024-6990 Malicious code in moving-average (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in moving-average (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Moving average precision is lost

Lines of code Vulnerability details Now the precision is lost in moving average calculations as the difference is calculated separately and added each time, while it typically can be small enough to lose precision in the division involved. For example, 10000 moves of 990 size, numObservations =...

PRICE's getCurrentPrice() can return zero price

Lines of code Vulnerability details Currently no price validity check is performed in getCurrentPrice. This way zero ohmEthPriceFeed.latestRoundData produced prices will yield zero getCurrentPrice which will be passed over to the logic. Also, negative OHM price or zero / negative reserve...

getLastPrice() return wrong price

Lines of code Vulnerability details Impact operate and addObservation both of them use PRICE.getLastPrice but it will return wrong price. So all the updates are just random prices Proof of Concept 1- keeper invoke beat on Heart.sol 2- this operator.operate; to trigger price range update and marke...

_movingAverage may drift

Lines of code Vulnerability details Impact The moving average is critical for the RBS-system. Its current calculation allows for compounding drift, randomly as well as maliciously, detaching from the true value, which invalidates the entire system, including affecting the way funds are handled...

The _movingAverage always have the same value as _movingAverage + (currentPrice / numObs)

Lines of code Vulnerability details Impact On updateMovingAverage the calculate new moving average is always movingAverage == movingAverage + currentPrice / numObs Proof of Concept 1- keeper invoke beat on Heart.sol 2- this PRICE.updateMovingAverage; to updating the moving average on the Price...

Malicious Package

Overview moving-average is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using moving-avera...