Lucene search
K

13 matches found

vulnersOsv
vulnersOsv
•added 2025/08/20 8:51 p.m.•6 views

x402-native-token-payment-demo (>=0.0.0 <=0.0.1) potentially affected by unknown CVE via x402-hono (=0.3.4)

x402-hono NPM version =0.3.4 is affected by a known vulnerability. The following packages have a transitive dependency on x402-hono and may be impacted: - x402-native-token-payment-demo =0.0.0, =0.0.1 Source cves: unknown CVE Source advisory: OSV:GHSA-3J63-5H8P-GF7C...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
•added 2025/08/20 8:51 p.m.•10 views

x402-native-token-payment-demo (>=0.0.0 <=0.0.1) potentially affected by unknown CVE via x402-hono (=0.3.4)

x402-hono NPM version =0.3.4 is affected by a known vulnerability. The following packages have a transitive dependency on x402-hono and may be impacted: - x402-native-token-payment-demo =0.0.0, =0.0.1 Source cves: unknown CVE Source advisory: SNYK:JS-X402HONO-12239901...

5.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/10/30 12:0 a.m.•8 views

Risky use of Static Address

Lines of code Vulnerability details Impact We see a native token address used as 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE which is fine to use to denote native ether, but if this contract were to be deployed in another chain like Polygon, this would cause inconsistency issues. Proof of Concept...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/08/10 12:0 a.m.•11 views

LendingLedger Lack of method to rescue accidentally sent Canto

Lines of code Vulnerability details Impact There is no function to rescue Canto accidentally sent to LendingLedger so if governance fat-finger those Canto could be lost forever. Proof of Concept There is no function to transfer native token out of LendingLedger Tools Used Manual inspection...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/08/10 12:0 a.m.•18 views

check for the reentrancy attack is missed in the claim function

Lines of code Vulnerability details Impact the function claim in the LendingLedger.sol will send native token $CANTO to the msg.sender by .call which it can be EOA or Contracts, because there is no any RA checks the caller can make double call in the same time to get himself more tokens reward th...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/07/21 12:0 a.m.•6 views

InterchainProposalExecutor will fail if any proposal requires value transfer, breaking core logic

Lines of code Vulnerability details Impact Proposals which are sent from a source chain using InterchainProposalSender to a destination chain to be executed using InterchainProposalExecutor are intended to support function calls that include transfers of ETH, or other native token. However, the...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/12/19 12:0 a.m.•9 views

Pair.sol : baseTokenReserves() can be manipulatable if the base token is native token

Lines of code Vulnerability details Impact Price manipulation in following functions wherever the baseTokenReserves; is called. buyQuote, sellQuote, addQuote, removeQuote Proof of Concept function baseTokenReserves internal view returns uint256 return baseToken == address0 ? addressthis.balance -...

6.6AI score
Exploits0
Code423n4
Code423n4
•added 2022/08/03 12:0 a.m.•13 views

Malicious DepositBase may stole dust fund from ReceiverImplementation

Lines of code Vulnerability details Impact Malicious DepositBase may stole dust fund from ReceiverImplementation Proof of Concept // @dev This function is used for delegate by DepositReceiver deployed above // Context: msg.sender == AxelarDepositService, this == DepositReceiver function...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/03 12:0 a.m.•9 views

[WP-H1] OrderFulfiller.sol#_applyFractionsAndTransferEach() Orders with offerItem.itemType == ItemType.NATIVE are not processed properly

Lines of code Vulnerability details // Reduce available value if offer spent ETH or a native token. if offerItem.itemType == ItemType.NATIVE // Ensure that sufficient native tokens are still available. if amount etherRemaining revert InsufficientEtherSupplied; // Skip underflow check as a...

6.5AI score
Exploits0
Code423n4
Code423n4
•added 2022/03/15 12:0 a.m.•10 views

Can deposit native token for free and steal funds

Lines of code Vulnerability details Impact The depositErc20 function allows setting tokenAddress = NATIVE and does not throw an error. No matter the amount chosen, the SafeERC20Upgradeable.safeTransferFromIERC20UpgradeabletokenAddress, sender, addressthis, amount; call will not revert because it...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/02/17 12:0 a.m.•13 views

[WP-H5] RewardDistributor.setBribeVault() can cause users who haven't claimed their native tokens yet can not claim the reward anymore

Lines of code Vulnerability details In the current implementation, RewardDistributor.claim is using if token != bribeVault token is from rewardsrewardIdentifier.token to detect whether it's a ERC20 token or native token ETH. However, this is not a trustworthy way to determine whether the reward i...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2021/11/01 12:0 a.m.•9 views

Slingshot: Incorrect initial balance fetched for native token in executeTrades()

Handle hickuphh3 Vulnerability details Impact The executioner contract only supports ERC20ERC20 token trades. Native token swaps are supported by either wrapping / unwrapping the ERC20 wrapped native token before / after the trades respectively. When exchanging from the native token, the wrapping...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2021/11/01 12:0 a.m.•11 views

DOS attack possible for Token->ETH trades

Handle pmerkleplant Vulnerability details Impact Any user's trade from some token to a native token e.g. ETH can be DOSed if an attacker sends native tokens to the Executioner contract. If the attacker watches for trades, he/she could either make the whole trade fail or, depending on the...

6.6AI score
Exploits0
Rows per page
Query Builder