Lucene search
K

96 matches found

Snyk
Snyk
added 2025/05/14 5:35 p.m.1 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the improper handling of gas limits in precompile executions. An attacker can manipulate the state of the blockchain by causing certain functions to execute with insufficient gas, leading to incomplete...

8.3CVSS7.5AI score
Exploits0References2
Snyk
Snyk
added 2025/05/14 5:35 p.m.2 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the improper handling of gas limits in precompile executions. An attacker can manipulate the state of the blockchain by causing certain functions to execute with insufficient gas, leading to incomplete...

8.3CVSS7.5AI score
Exploits0References2
OSV
OSV
added 2025/05/14 5:35 p.m.4 views

GHSA-MJFQ-3QR2-6G84 Cosmos EVM Allows Partial Precompile State Writes

Impact Setting lower EVM call gas allows users to partially execute precompiles and error at specific points in the precompile code without reverting the partially written state. If executed on the distribution precompile when claiming funds, it could cause funds to be transferred to a user witho...

8.3CVSS7AI score
Exploits0References4
Snyk
Snyk
added 2025/05/14 5:35 p.m.2 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the improper handling of gas limits in precompile executions. An attacker can manipulate the state of the blockchain by causing certain functions to execute with insufficient gas, leading to incomplete...

8.3CVSS7.5AI score
Exploits0References2
Snyk
Snyk
added 2025/05/14 5:35 p.m.1 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the improper handling of gas limits in precompile executions. An attacker can manipulate the state of the blockchain by causing certain functions to execute with insufficient gas, leading to incomplete...

8.3CVSS7.5AI score
Exploits0References2
Snyk
Snyk
added 2025/05/14 5:35 p.m.1 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the improper handling of gas limits in precompile executions. An attacker can manipulate the state of the blockchain by causing certain functions to execute with insufficient gas, leading to incomplete...

8.3CVSS7.5AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/05/14 5:35 p.m.30 views

Cosmos EVM Allows Partial Precompile State Writes

Impact Setting lower EVM call gas allows users to partially execute precompiles and error at specific points in the precompile code without reverting the partially written state. If executed on the distribution precompile when claiming funds, it could cause funds to be transferred to a user witho...

7AI score
Exploits0References4Affected Software1
NVD
NVD
added 2025/05/07 7:16 p.m.31 views

CVE-2025-30147

Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus bug for the precompiles ALTBN128ADD 0x06,...

8.7CVSS0.00238EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/07 6:27 p.m.31 views

CVE-2025-30147 ALTBN128_ADD, ALTBN128_MUL, ALTBN128_PAIRING precompile functions do not check if points are on curve

Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus bug for the precompiles ALTBN128ADD 0x06,...

8.7CVSS0.00238EPSS
Exploits0References2
Veracode
Veracode
added 2025/01/20 3:4 a.m.13 views

Gas Manipulation Attack

vyper is vulnerable to Gas Manipulation Attack. The vulnerability is due to insufficient error handling in the Vyper Compiler, which fails to check the success flag of precompile calls EcRecover and Identity, allowing attackers to manipulate the gas, causing precompile failures without halting...

7.5CVSS6.8AI score0.00643EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2025/01/14 6:16 p.m.4 views

PYSEC-2025-33

Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover 0x1 and Identity 0x4, the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall executi...

7.5CVSS6AI score0.00643EPSS
Exploits1References3
NVD
NVD
added 2025/01/14 6:16 p.m.18 views

CVE-2025-21607

Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover 0x1 and Identity 0x4, the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall executi...

7.5CVSS0.00643EPSS
Exploits1References3
Snyk
Snyk
added 2025/01/14 5:43 p.m.1 views

Improper Check or Handling of Exceptional Conditions

Overview vyper is a Pythonic Smart Contract Language for the EVM. Affected versions of this package are vulnerable to Improper Check or Handling of Exceptional Conditions due to a failure to verify the success flag of calls to the precompiles EcRecover 0x1 and Identity 0x4. An attacker can exploi...

7.5CVSS7AI score0.00643EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/01/14 5:32 p.m.16 views

CVE-2025-21607 Success of Certain Precompile Calls not Checked in Vyper

Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover 0x1 and Identity 0x4, the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall executi...

2.3CVSS7.1AI score0.00643EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/01/14 5:32 p.m.16 views

CVE-2025-21607 Success of Certain Precompile Calls not Checked in Vyper

Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover 0x1 and Identity 0x4, the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall executi...

2.3CVSS0.00643EPSS
Exploits1References3
OSV
OSV
added 2025/01/14 5:32 p.m.11 views

CVE-2025-21607 Success of Certain Precompile Calls not Checked in Vyper

Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover 0x1 and Identity 0x4, the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall executi...

2.3CVSS6.8AI score0.00643EPSS
Exploits1References5
CVE
CVE
added 2025/01/14 5:32 p.m.81 views

CVE-2025-21607

The CVE-2025-21607 issue affects the Vyper Pythonic smart contract language compiler when using precompiles EcRecover (0x1) and Identity (0x4); the success flag of those calls isn’t checked, allowing an attacker to allocate gas to cause a precompile to fail while the rest of execution continues, ...

7.5CVSS8.2AI score0.00643EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/01/14 4:34 p.m.5 views

GHSA-VGF2-GVX8-XWC3 Vyper Does Not Check the Success of Certain Precompile Calls

Summary When the Vyper Compiler uses the precompiles EcRecover 0x1 and Identity 0x4, the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall execution continue. Then the execution result can be...

2.3CVSS6.3AI score0.00643EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2025/01/14 4:34 p.m.14 views

Vyper Does Not Check the Success of Certain Precompile Calls

Summary When the Vyper Compiler uses the precompiles EcRecover 0x1 and Identity 0x4, the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall execution continue. Then the execution result can be...

7.5CVSS6.7AI score0.00643EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.4 views

Vyper 安全漏洞

Vyper is a Pythonic smart contract language for EVM open sourced by vyperlang. A security vulnerability exists in Vyper 0.4.0 and earlier versions, which stems from the compiler failing to check the success flag of a call when using pre-compiled EcRecover and Identity, which could lead to incorre...

7.5CVSS6.4AI score0.00643EPSS
Exploits1References5
Rows per page
Query Builder