CVE-2026-44059

A flaw was found in Netatalk. This vulnerability, related to a non-reentrant privilege toggle, could allow a local attacker with low privileges to potentially bypass security restrictions. This could lead to a low impact on confidentiality, integrity, and availability of the system...

Vyper 安全漏洞

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper 0.3.10 and earlier versions, which stems from a default function that does not take into account non-re-entrant keys and does not emit locks...

PT-2024-9333 · Sap · Sap Businessobjects Business Intelligence Platform

Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Business Intelligence platform affected versions not specified Description: The issue allows an attacker to access information that would otherwise be restricted under certain conditions. This has a low impact on...

The getPriceAndFee() function performs calculations without implementing reentrancy protection.

Lines of code Vulnerability details Impact An attacker could call getPriceAndFee multiple times concurrently, read intermediate state, and craft calls to exploit any assumptions made between calculations. This could undermine the intended bonding curve pricing logic. Proof of Concept getPriceAndF...

Incorrect Order of Operations in nukeFromOrbit Function

Lines of code Vulnerability details Impact the nukeFromOrbit function, the nonReentrant modifier is correctly applied. This means that the function cannot be reentered while it is already being executed the problem is that The blockAccountstate, accountAddress function is called before...

Lack of Reentrancy guard on auctionSurplus() function

Lines of code Vulnerability details Impact auctionSurplus function have call backs that can lead to reentrancy and manipulating the transfer of tokens. Malicious actor can manipulate token transfer by changing the destination address to himself and get all the extra tokens. Proof of Concept...

PYSEC-2023-305

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Starting in version 0.2.9 and prior to version 0.3.10, locks of the type @nonreentrant"" or @nonreentrant'' do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure...

GHSA-3HG2-R75X-G69M Vyper has incorrect re-entrancy lock when key is empty string

Impact Locks of the type @nonreentrant"" or @nonreentrant'' do not produce reentrancy checks at runtime. Vyper @nonreentrant"" unprotected @external def bar: pass @nonreentrant"lock" protected @external def foo: pass Patches Patched in 3605 Workarounds The lock name should be a non-empty string...

Vyper has incorrect re-entrancy lock when key is empty string

Impact Locks of the type @nonreentrant"" or @nonreentrant'' do not produce reentrancy checks at runtime. Vyper @nonreentrant"" unprotected @external def bar: pass @nonreentrant"lock" protected @external def foo: pass Patches Patched in 3605 Workarounds The lock name should be a non-empty string...

Vyper Security Vulnerability

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper versions 0.2.9 through 0.3.10, which stems from the fact that locks of type @nonreentrant or @nonreentrant are not reentrant-checked at runtime...

Xxe

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in...

CVE-2023-39363 Vyper incorrectly allocated named re-entrancy locks

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in...

PT-2023-26896 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.2.15 through 0.3.0 Description: The issue arises from the incorrect allocation of named re-entrancy locks in Vyper versions 0.2.15, 0.2.16, and 0.3.0. Each function using a named re-entrancy lock gets a unique lock regardless...

Reentrancy Vulnerability in MErc20Delegate.sol

Lines of code Vulnerability details Impact The fallback function delegates calls to the implementation contract using delegatecall. This allows the implementation contract to call back into MErc20Delegate before the original delegatecall completes. An attacker could exploit this vulnerability to...

Possible reentrancy during redemption/swap

Lines of code Vulnerability details Impact Redeemers might charge more collaterals during redemption/swap by the reentrancy attack. Proof of Concept Redeemers can redeem the agToken for collaterals in Redeemer contract and redeem burns the agToken and transfers the collaterals. function redeem...

sellRewards() might be used to steal collaterals/rewards by malicious guardians or sellers.

Lines of code Vulnerability details Impact Malicious guardians or sellers might steal funds using sellRewards. Proof of Concept sellRewards is used to buy collaterals using rewardsagToken through 1inch router. function sellRewardsuint256 minAmountOut, bytes memory payload external returns uint256...

_execSellNftToMarket() re-enter steal funds

Lines of code Vulnerability details Impact re-enter steal funds Proof of Concept execSellNftToMarket The number of changes in the balance to represent whether the corresponding amount has been received function execSellNftToMarket address collection, uint256 tokenId, uint256 amount, bool pushBase...

LiquidityPool.executePerpOrders(): dangerous payable function

Lines of code Vulnerability details Impact The contract LiquidityPool use a dangerous payable function executePerpOrders In this function, users can send ETH mistakenly. We should check the msg.value is 0 or not to void this issue. Proof of Concept function executePerpOrdersbytes calldata...

claimRewards is not re-entrancy safe.

Lines of code Vulnerability details Impact In MultiRewardStaking the function claimRewards doesn’t have nonReentrant which makes it possible to re-enter the function. If one of the reward tokens in ERC-777 token, it is possible to re-enter and claim the reward again and again until the contract i...

Re-entrancy in MultiRewardStaking.claimRewards

Lines of code Vulnerability details Impact If an ERC-777 token is used as reward token for any Staking contract in the system, that reward token can be completely drained from the Staking contract. Proof of Concept Re-entrancy can be done in the MultiRewardStaking.claimRewards function because of...