18 matches found
EUVD-2021-1700
Malware in sbrugna...
EUVD-2021-1903
Malware in sbrugna...
CVE-2021-39167
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
CVE-2021-39168
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
MAL-2024-10435 Malicious code in openzepplin-solidity (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 96160503f6efd74b51cbb0434c82e4d7e8e07d087e3d9578d56ab5563071bcd2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
XVSVault implementation cannot be upgraded due to lack of proper mechanism
Lines of code Vulnerability details Summary The XVSVault is expected to be upgradeable in context of xvs staked for claim to venus prime token. The XVSVault will be updated in the Prime.sol with the initializefunction. Impact The Prime.sol cannot be upgraded as clearly mentioned in the scoping...
Upgraded Q -> 3 from #421 [1683219158450]
Judge has assessed an item in Issue 421 as 3 risk. The relevant finding follows: 1. Unchecked Cast May Overflow As of Solidity 0.8 overflows are handled automatically; however, not for casting. For example uint324294967300 will result in 4 without reversion. Consider using OpenZepplin's SafeCast...
reentrancy in MultiRewardStaking::claimRewards for tokens with transfer callbacks, like erc777
Lines of code Vulnerability details Impact An attacker can drain all the tokens from MultiRewardStaking Proof of Concept In claimtRewards important state changes are done after interactions with tokens: File: MultiRewardStaking.sol function claimRewardsaddress user, IERC20 memory rewardTokens...
Unsafe usage of ERC20 transfer and transferFrom
Lines of code Vulnerability details Impact Some ERC20 tokens functions don't return a boolean, for example USDT, BNB, OMG. So the VotingEscrow contract simply won't work with tokens like that as the token. Proof of Concept The USDT's transfer and transferFrom functions doesn't return a bool, so t...
Privilege Escalation via Delegate Call
Handle elprofesor Vulnerability details Impact Using a malicious Module the ModuleRegistry admin can escalate to System admin via delegate call in the Executioner.sol contract. ModuleRegistry and Executioner separate the logic between ModuleRegistry.sol admin and systems admin. The systems admin ...
CVE-2021-39168
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
CVE-2021-39168
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
CVE-2021-39167
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
CVE-2021-39167
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
Code injection
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
CVE-2021-39167
OpenZeppelin Contracts TimelockController vulnerability (CVE-2021-39167) affects the TimelockController in OpenZeppelin’s smart contract library. The issue allows an actor with the executor role to escalate privileges, potentially gaining control over assets. Mitigation in public advisories recom...
CVE-2021-39168
OpenZeppelin's TimelockController vulnerability (OpenZeppelin Contracts) allows an actor with the executor role to escalate privileges. Affected: TimelockController in OpenZeppelin Contracts (readable as part of the OpenZeppelin Contracts library). Root cause: insufficient sanitization/controls a...
OpenZepplin 安全漏洞
OpenZepplin is a library for smart contract development. A security vulnerability exists in OpenZepplin that allows a participant with the role of executor to elevate privileges...