CVE-2025-54070

OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the lastIndexOfbytes,byte,uint256 function of the Bytes.sol library may access uninitialized memory when the following two conditions hold: 1 the provided buffer length...

Collateralization ratio manipulation can cause a denial of service

Lines of code Vulnerability details Impact Stablecoin redeeming and profit accruing in the SavingsVest contract can be blocked when the collateralization ratio has overflown. Proof of Concept The mitigation recommended in 31 and implemented by the sponsor in this commit doesn't resolve the root...

Tokens can be lost when trying to deposit in SDCaollateral.depositSDAsCollateral() or trying to withdraw SDCaollateral.withdraw()

Lines of code Vulnerability details Impact Some tokens do not return the success of the token submission. Because Since we don’t know for sure how the SD token is implemented, we need to take this into account. Proof of Concept A detailed example is listed in: Tools Used Manual audit Recommended...

Transfers Will Revert On Non-Standard ERC20 Token Contracts

Lines of code Vulnerability details Impact There are several contracts which do not utilise OpenZeppelin's SafeERC20 library when performing token transfers. The FactoryDAO suite of smart contracts intends to support transfers by all tokens, including non-standard tokens such as USDT which does n...