EUVD-2022-29671

Malicious code in bioql PyPI...

Optimistic MEV in Ethereum Layer 2s: Why Blockspace Is Always in Demand

Layer 2 rollups are rapidly absorbing DeFi activity, securing over $40 billion and accounting for nearly half of Ethereum's DEX volume by Q1 2025, yet their MEV dynamics remain understudied. We address this gap by defining and quantifying optimistic MEV, a form of speculative, on-chain cyclic...

The Magic of Branding: ​Creating an Optimistic Identity for a Security Product

In the world of security, the dominant approach to branding is often based on fear and intimidation. But at Wiz, we're taking a different approach. We believe in the power of optimism and positivity, and we're building a brand that reflects those values...

The function will not work properly on Optimism due to use of block.number

Lines of code Vulnerability details Impact On Optimism, the block.number is not a reliable source of timing information and the time between each block is also different from Ethereum. This is because each transaction on L2 is placed in a separate block and blocks are not produce at a constant...

Underpaying Optimism l2gas(_minGasLimit) may lead to loss of funds

Lines of code Vulnerability details Impact The contract L1StandardBridge.sol is susceptible to a vulnerability where underpaying the l2Gashere in all contract, it used as "minGasLimit" value provided by users can result in a potential loss of funds. This vulnerability exists in the depositERC20 a...

Withdrawal with gas limit more than 28_750_517 can never be executed with CrossDomainMessenger

Lines of code Vulnerability details Impact Withdrawal with gas limit more than 28750517 can never be executed with CrossDomainMessenger. User that will initiate such withdrawal will loose his funds and will not be able to execute the withdrawal, because of reaching maximum block gas limit. Proof ...

Chain split caused by memory corruption in EVM

Lines of code Vulnerability details Chain split caused by memory corruption in EVM We recently found that the op-geth@3fa9e81 repository has a memory corruption vulnerability in EVM, which can cause a consensus error. Specifically, vulnerable nodes obtain a different stateRoot when processing a...

Measuring the withdrawal delay in block production time won't work properly on chains where the production time is not 12 seconds

Lines of code Vulnerability details Proof of Concept For withdrawals other than beaconChainETH, the variables withdrawalDelayBlocks and MAXWITHDRAWALDELAYBLOCKS will be used to enforce a delay for withdrawals in StrategyManager.sol. Currently MAXWITHDRAWALDELAYBLOCKS is set to 50400. uint256 publ...

QuestFactory is suspicious of the reorg attack

Lines of code Vulnerability details Description The createQuest function deploys a quest contract using the create, where the address derivation depends only on the QuestFactory nonce. At the same time, some of the chains Polygon, Optimism, Arbitrum to which the QuestFactory will be deployed are...

Gauge Functionalities Still Accessible After Being "Killed"

Lines of code Vulnerability details Proof-of-Concept The Voter contract contains a killGauge function that allow the emergency council to kill a gauge. The killGauge function will set the isAlive mapping to false. Thus, calling Voter's functions e.g. Voter.updateGauge, Voter.distributegauge again...

Denial Of Service (DoS)

github.com/ethereum-optimism/optimism is vulnerable to Denial Of Service DoS. The vulnerability exists due to a balance is duplicated upon contract self-destruction which allows an attacker to create ETH on Optimism by repeatedly triggering the SELFDESTRUCT opcode, leading to an application crash...

CVE-2022-24916

Optimism before @eth-optimism/[email protected] allows economic griefing because a balance is duplicated upon contract self-destruction...

CVE-2022-24916

Optimism before @eth-optimism/[email protected] allows economic griefing because a balance is duplicated upon contract self-destruction...

Design/Logic Flaw

Optimism before @eth-optimism/email protected allows economic griefing because a balance is duplicated upon contract self-destruction...

CVE-2022-24916

CVE-2022-24916 concerns Optimism before @eth-optimism/[email protected], where a balance can be duplicated upon contract self-destruction, enabling economic griefing. Affected software/component: Optimism’s L2Geth fork (l2geth) used by the Optimism stack. Root cause: balance duplication triggered by ...

CVE-2022-24916

Optimism before @eth-optimism/[email protected] allows economic griefing because a balance is duplicated upon contract self-destruction...

Optimism 安全漏洞

Optimism is a Layer 2 Optimistic Rollup network. It is designed to leverage the strong security guarantees of Ethernet while reducing its cost and latency. There is a security vulnerability in Optimism, no information about this vulnerability is available at this time, please stay tuned to CNNVD ...

optimism.ru Cross Site Scripting vulnerability OBB-2241164

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Identity governance: The power of “Why not?”

Innovation requires the courage to take risks and the leadership skills to show others that risks are worth taking. That’s why I love working with people like Joe Dadzie, a partner group program manager in identity governance. Joe has a long history of championing disruptive technology...

The Mueller Investigation May Be Safe Despite Matt Whitaker

Robert Mueller's work as special counsel may seem imperiled by the acting attorney general, but there's plenty of reason for optimism...