Smart_Contract_Researcher_POC

Smart Contract Security Research Portfolio hailthelord...

Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netsched: qfq: A double addition of a classifier was corrected in the class, where netem is a child qdisc. As described in Gerrard’s report 1, there are use cases where a netem child qdisc can make the parent qdisc’s enqueue...

Abi-smuggling-exploit

Web3 Security Research Portfolio A collection of smart contra...

Smart-LLaMA-DPO: Reinforced Large Language Model for Explainable Smart Contract Vulnerability Detection

Smart contract vulnerability detection remains a major challenge in blockchain security. Existing vulnerability detection methods face two main issues: 1 Existing datasets lack comprehensive coverage and high-quality explanations for preference learning. 2 Large language models LLMs often struggl...

SUSE CVE-2025-37914

In the Linux kernel, the following vulnerability has been resolved: netsched: ets: Fix double list add in class with netem as child qdisc As described in Gerrard's report 1, there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of ets,...

DEBIAN-CVE-2025-37913

In the Linux kernel, the following vulnerability has been resolved: netsched: qfq: Fix double list add in class with netem as child qdisc As described in Gerrard's report 1, there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of qfq,...

UBUNTU-CVE-2025-37913

In the Linux kernel, the following vulnerability has been resolved: netsched: qfq: Fix double list add in class with netem as child qdisc As described in Gerrard's report 1, there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of qfq,...

PT-2025-22176

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, related to the net sched: ets, where a netem child qdisc can cause the parent qdisc's enqueue callback to be reentrant. This can le...

GHSA-J496-CRGH-34MX ibc-go: Potential Reentrancy using Timeout Callbacks in ibc-hooks

Name: ASA-2024-007: Potential Reentrancy using Timeout Callbacks in ibc-hooks Component: ibc-go Criticality: Critical ACMv1: I:Critical; L:AlmostCertain Affected versions: v4.6.0, v5.4.0, v6.3.0, v7.4.0, v8.2.0 Affected users: Chain Builders + Maintainers Summary Through the deployment and...

ibc-go: Potential Reentrancy using Timeout Callbacks in ibc-hooks

Name: ASA-2024-007: Potential Reentrancy using Timeout Callbacks in ibc-hooks Component: ibc-go Criticality: Critical ACMv1: I:Critical; L:AlmostCertain Affected versions: v4.6.0, v5.4.0, v6.3.0, v7.4.0, v8.2.0 Affected users: Chain Builders + Maintainers Summary Through the deployment and...

CVE-2023-47033

MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction...

[M1] LastDonationBlockNumber should be updated at the beginning of the function to prevent from reentracy attack

Lines of code Vulnerability details Impact The ineffectiveness of an update against a flashloans attack. Analysis of the vulnerability You update lastDonationBlockNumber after every donation. However, you update is done at the end of the function trackServiceDonations function trackServiceDonatio...

claimOwnerIncentives x depositServiceDonationsETH x checkpoint x-entrancy Attack to get instant topups

Lines of code Vulnerability details Impact Double Topup via claimOwnerIncentives- depositServiceDonationsETH - checkpoint - claimOwnerIncentives loop Proof of Concept - Deploys Attacking Smart Contract - Executes 1st transaction via Attacking Contract to trigger depositServiceDonationsETH - Execu...

Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details getvirtualprice was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified state, and...

Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details getvirtualprice was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified state, and...

Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details getvirtualprice was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified state, and...

ERC721 and ERC1155 Reentrancy Guard is Incomplete and Wrongly Implemented

Lines of code Vulnerability details Impact Whether there is a ERC721 and ERC1155 Interaction clash or not, or if there is an inadequate transfer callback, all this would not matter as reversion would not occur due to absence of proper validation during wrap of ERC721 and ERC1155 in the Ocean.sol...

Reentrancy issue. User can easily mint more than allowed presale, bypassing merkle root limit

Lines of code Vulnerability details Impact Lack of reentrancy protection and code not follow Checks, Effects, Interactions pattern guideline. Here are the Effects stuff happen after Interactions affected by reentrancy: tokensMintedAllowlistAddress: tracking presale minted NFT per address...

NextGenMinterContract::mint can be reentered for sales option 3 to mint many NFTs in a single period and bypass viewMaxAllowance for any sales option

Lines of code Vulnerability details Impact The reentrancy vulnerability in the NextGenMinterContract::mint function allows an attacker to bypass the restriction of minting only one NFT per period. The reentrencies can be achieved from the safeMint in the function NextGenCore::mintProcessing to ca...

Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details getvirtualprice was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified state, and...