Lucene search
K

96 matches found

Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.4 views

PT-2025-4296 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.2.0 through 0.4.0 Description: The Vyper Compiler has a vulnerability when using the precompiles EcRecover 0x1 and Identity 0x4, where the success flag of the call is not checked. This allows an attacker to provide a specific...

7.5CVSS6.9AI score0.00643EPSS
Exploits1References11
OSV
OSV
added 2024/06/28 3:28 p.m.13 views

GO-2024-2926 Evmos is missing precompile checks in github.com/evmos/evmos

Evmos is missing precompile checks in github.com/evmos/evmos...

8.1CVSS3.9AI score0.0044EPSS
Exploits0References3
Veracode
Veracode
added 2024/06/18 8:32 a.m.17 views

Insufficient Control Flow Management

Evmos is vulnerable to Insufficient Control Flow Management. The vulnerability is due to different ante handler checks for Cosmos and Ethereum transactions, allowing a clawback account to bypass Cosmos checks by sending an Ethereum transaction targeting a precompile used to interact with a Cosmos...

8.1CVSS6.7AI score0.0044EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/06/17 2:15 p.m.23 views

CVE-2024-37158

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions. Checks...

8.1CVSS0.0044EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/17 2:3 p.m.20 views

CVE-2024-37158 Evmos is missing precompile checks

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions. Checks...

3.5CVSS6.7AI score0.0044EPSS
Exploits0References2
OSV
OSV
added 2024/06/17 2:3 p.m.25 views

CVE-2024-37158 Evmos is missing precompile checks

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions. Checks...

3.5CVSS7.6AI score0.0044EPSS
Exploits0References4
OSV
OSV
added 2024/06/06 6:21 p.m.12 views

GHSA-PXV8-QHRH-JC7V evmos allows transferring unvested tokens after delegations

Impact This advisory has been created to address the following vulnerabilities found in the Evmos codebase and affecting vesting accounts. Wrong spendable balance computation The spendable balance is not updated properly when delegating vested tokens. The following example help in describing the...

3.5CVSS5.7AI score0.0044EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.4 views

PT-2024-24929 · Evmos · Evmos

Name of the Vulnerable Software and Affected Versions: Evmos versions prior to 18.0.0 Description: The issue is related to the spendable balance not being updated properly when delegating vested tokens, allowing a clawback vesting account to anticipate the release of unvested tokens. This problem...

8.1CVSS7.2AI score0.0044EPSS
Exploits0References12
OSV
OSV
added 2024/04/10 10:4 p.m.38 views

GHSA-3FP5-2XWH-FXM6 Evmos transaction execution not accounting for all state transition after interaction with precompiles

Context - stateObject: represents the state of an account and is used to store its updates during a state transition. This is accomplished using two in memory Storage variables: originStorage and dirtyStorage - StateDB: it is the general interface to retrieve accounts and holds a map of...

9.1CVSS9.2AI score0.00943EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/04/10 10:4 p.m.48 views

Evmos transaction execution not accounting for all state transition after interaction with precompiles

Context - stateObject: represents the state of an account and is used to store its updates during a state transition. This is accomplished using two in memory Storage variables: originStorage and dirtyStorage - StateDB: it is the general interface to retrieve accounts and holds a map of...

9.1CVSS7.2AI score0.00943EPSS
Exploits0References7Affected Software9
NVD
NVD
added 2023/07/25 9:15 p.m.83 views

CVE-2023-37902

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

5.3CVSS5.3AI score0.00487EPSS
Exploits1References2
OSV
OSV
added 2023/07/25 8:5 p.m.40 views

CVE-2023-37902 Vyper's ecrecover can return undefined data if signature does not verify

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

5.3CVSS5.5AI score0.00487EPSS
Exploits1References4
OSV
OSV
added 2023/07/25 5:46 p.m.2 views

GHSA-F5X6-7QGP-JHF3 ecrecover can return undefined data if signature does not verify

Impact the ecrecover precompile does not fill the output buffer if the signature does not verify, see https://github.com/ethereum/go-ethereum/blob/b058cf454b3bdc7e770e2b3cec83a0bcb48f55ee/core/vm/contracts.goL188. however, the ecrecover builtin will still return whatever is at memory location 0...

6.9CVSS6.1AI score0.00487EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2023/07/25 5:46 p.m.32 views

ecrecover can return undefined data if signature does not verify

Impact the ecrecover precompile does not fill the output buffer if the signature does not verify, see https://github.com/ethereum/go-ethereum/blob/b058cf454b3bdc7e770e2b3cec83a0bcb48f55ee/core/vm/contracts.goL188. however, the ecrecover builtin will still return whatever is at memory location 0...

5.3CVSS5.4AI score0.00487EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/25 12:0 a.m.5 views

PT-2023-26172 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.3.10 Description: The ecrecover precompile in Vyper does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means that...

6.9CVSS5.2AI score0.00487EPSS
Exploits1References9
CVE
CVE
added 2023/03/22 8:11 p.m.69 views

CVE-2023-28431

CVE-2023-28431 describes a vulnerability in Frontier’s modexp precompile used by Substrate. The implementation treats even and odd moduli differently: odd moduli use Montgomery multiplication, while even moduli fall back to a slower plain power algorithm. This mismatch caused a gas-cost discrepan...

7.5CVSS7.3AI score0.00873EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/03/22 8:11 p.m.45 views

CVE-2023-28431 Frontier's modexp precompile is slow for even modulus

Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...

7.5CVSS7.5AI score0.00873EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/03/22 8:11 p.m.6 views

CVE-2023-28431 Frontier's modexp precompile is slow for even modulus

Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...

7.5CVSS7.3AI score0.00873EPSS
Exploits0References4
OSV
OSV
added 2023/03/22 8:11 p.m.31 views

CVE-2023-28431 Frontier's modexp precompile is slow for even modulus

Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...

7.5CVSS7.2AI score0.00873EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/03/21 10:31 p.m.31 views

Frontier's modexp precompile is slow for even modulus

Impact Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery multiplication, and even modulus uses the slow plain power algorithm. This gas cost...

7.5CVSS7.1AI score0.00873EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder