14 matches found
Malicious Package
Overview orderbook-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview orderbook-backend is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2025-48602 Malicious code in orderbook-backend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ed7b538ac9c8ab390683e5923fed557542d1a2cbeda2aee3ed14627473bd4779 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in orderbook-backend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ed7b538ac9c8ab390683e5923fed557542d1a2cbeda2aee3ed14627473bd4779 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-35940
Malicious code in orderbook-backend npm...
Malicious code in orderbook-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 520e53ed5a79dd5b7c8eb56d8a963c7688a2425f5ef1bd45fe64668c8954eaf3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-35941
Malicious code in orderbook-sdk npm...
MAL-2025-48603 Malicious code in orderbook-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 520e53ed5a79dd5b7c8eb56d8a963c7688a2425f5ef1bd45fe64668c8954eaf3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Insufficient checks at the smart contract level to ensure that previous user address is the lowest bid that is higher than the bid to be added.
Handle 0xImpostor Vulnerability details Impact I understand that it is Thus, it is up to the frontend to keep track of the orderbook and sort it appropriately. however should there be a custom UI made for these contracts and it is not sorted correctly, some of the logic in the code will break...
Missing call to removeOldBids may affect foreclosure
Handle 0xRajeev Vulnerability details Impact Orderbook.removeBids as commented “///remove bids in closed markets for a given user ///this can reduce the users bidRate and chance to foreclose” removeOldBids is performed currently in Market.newRental and Treasury.deposit to “do some cleaning up, it...
Missing call to removeUserFromOrderbook after user is foreclosed
Handle 0xRajeev Vulnerability details Impact Orderbook’s removeUserFromOrderbook is used to delete/remove user’s bids when they are deemed foreclosed. This is called in Market newRental and Treasury withdrawDeposit when users are determined to be foreclosed given their deposit and bid situation...
Integer overflow
The mintToken function of a smart contract implementation for Orderbook Presale Token OBP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...
CVE-2018-13676
The mintToken function of a smart contract implementation for Orderbook Presale Token OBP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...
Stellar.org: It's possible to put SDX orderbook into invalid state and execute trades at arbitrary price
stellar-core improperly handles creation of a buy offer which crosses existing sell offers immediate execution but can only be filled partially due to a trustline limit on the source account. This makes it possible to create a valid offer to buy any custom asset at higher price than existing sell...