94 matches found
EUVD-2016-2730
Malware in sbrugna...
EUVD-2011-2761
Malware in sbrugna...
EUVD-2023-0265
Malicious code in bioql PyPI...
qemu-kvm security update
7.2.0-15.el9 - migration: abort on destination if switchover limit exceeded Elena Ufimtseva - migration: introduce strict switchover SLA Elena Ufimtseva - migration: add error to MigrationIncomingState Elena Ufimtseva - migration: Set migration status early in incoming side Fabiano Rosas -...
High risk in integrating Ocean with Curve TriCrypto pool on Arbitrum
Lines of code Vulnerability details Impact The Curve TriCrypto adapter contract enables swapping, adding liquidity, and removing liquidity for the USDT-WBTC-ETH pool on Arbitrum. However, this pool has been flagged for potential exploit risks. Curve Finance issued a warning: This pool might be at...
Multiple re-entrancy issues allowing stealing of funds and bypassing protocol mint limits
Lines of code Vulnerability details Impact Multiple re-entrancy issues exist in the codebase, that break core functionality and allow stealing of user funds. In AuctionDemo.sol contract re-entrancy in cancelBid and cancelAllBids allows stealing of user funds. There are multiple attack surfaces,...
[H-02] The Ocean contract and the onERC721Received function is vulnerable to read-only re-entrancy
Lines of code Vulnerability details Impact The contract.function called Ocean.onERC721Received is vulnerable to read-only re-entrancy. The read-only re-entrancy is possible if the contract function is called externally from another contract. What follows are the functions that are traversed throu...
[M-17] Reentrancy in the BranchBridgeAgent contract
Lines of code Vulnerability details Impact In a Re-entrancy attack, a malicious contract calls back into the calling contract before the first invocation of the function is finished. This may cause the different invocations of the function to interact in undesirable ways, especially in cases wher...
Vyper has incorrect re-entrancy lock when key is empty string
Impact Locks of the type @nonreentrant"" or @nonreentrant'' do not produce reentrancy checks at runtime. Vyper @nonreentrant"" unprotected @external def bar: pass @nonreentrant"lock" protected @external def foo: pass Patches Patched in 3605 Workarounds The lock name should be a non-empty string...
Vyper has incorrectly allocated named re-entrancy locks
Impact In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of...
Incorrect Re-Entrancy Lock Allocation
vyper is vulnerable to Incorrect Re-Entrancy Lock Allocation. The allocation of named re-entrancy locks is flawed, which makes cross-function re-entrancy possible in contracts, because each function employing a named re-entrancy lock receives a distinct lock independent of the key under a specifi...
CVE-2023-39363
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in...
Xxe
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in...
CVE-2023-39363 Vyper incorrectly allocated named re-entrancy locks
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in...
CVE-2023-39363 Vyper incorrectly allocated named re-entrancy locks
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in...
ARBTriCryptoOracle is prone to manipulation
Lines of code Vulnerability details Impact ARBTriCryptoOracle is used to determine price of LP token of tricrypto USDT, WBTC, WETH on arbitrum. This pool is susceptible to re-entrancy due to bug in vyper 0.2.15. and hence getvirtualprice can be manipulated which is used for pricing LP tokens. Pro...
_execSellNftToMarket() re-enter steal funds
Lines of code Vulnerability details Impact re-enter steal funds Proof of Concept execSellNftToMarket The number of changes in the balance to represent whether the corresponding amount has been received function execSellNftToMarket address collection, uint256 tokenId, uint256 amount, bool pushBase...
transfer() method can lead to re-entrancy attack
Lines of code Vulnerability details Impact The contract in scope has a withdraw function namely ‘uniswapV3SwapCallback’ which sends funds to the calling address. The calling address can be a malicious contract. Currently transfer sends more gas than 2300 creating a potential attack vector for...
ERC777 Re-entrancy Risk
Lines of code Vulnerability details Impact The code does not screen out for tokens that use the erc777 standard and therefore presents a re-entrancy risk via the token's callback function Proof of Concept Tools Used Manual Recommended Mitigation Steps Add in re-entrancy lock to function --- The...
Re-entrancy inside BorrowOperations if collateral is ERC777
Lines of code Vulnerability details Impact Invariant violations through re-entrancy if the collateral token is ERC777 Proof of Concept If the collateral token will be an ERC777 token, a malicious user could use the safeTransfer from L231 to re-enter the BorrowOperations contract context and call...