6 matches found
Malicious code in diva-tutabi-ivbu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 320da1308006e6822ed119c6eecdc4f1b7686b3ae4d46eb547e3a4321c6b47c6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-88130 Malicious code in mahesa-getas99-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7296e7a4ecf4a410b56274eecb009e5ed565b47e3a7c9e4c5ef372aed4f9a9e6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in gita-tiwul4-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91f40376ac80451c1d84b74bc1e83862be83fa210765de8173858cbeb6adbc25 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-82262 Malicious code in wawan-dodol5-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03730976d9b1820f230ac4ac443554cbbd9796d7804d7f09e25214e20c47d377 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EVENT EMITTED WITHOUT ACTION
Lines of code Vulnerability details Impact A malicious validator can remain in the system after exceeding it's exit penalty threshold. This poses a risk to users and a possible reputation risk to the protocol. Proof of Concept In the updateTotalPenaltyAmount... function, when the validators...
Index managers can rug user funds
Lines of code Vulnerability details Impact The ORDERERROLE role has the ability to arbitrarily transfer user funds, and this role is shared between both the orderer and people who can rebalance the index. Even if the owner is benevolent the fact that there is a rug vector available may negatively...