Combating Reentrancy Bugs on Sharded Blockchains

Reentrancy is a well-known source of smart contract bugs on Ethereum, leading e.g. to double-spending vulnerabilities in DeFi applications. But less is known about this problem in other blockchains, which can have significantly different execution models. Sharded blockchains in particular general...

QEMU: e1000e: heap use-after-free in e1000e_write_packet_to_guest()

A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service...

GHSA-3HG2-R75X-G69M Vyper has incorrect re-entrancy lock when key is empty string

Impact Locks of the type @nonreentrant"" or @nonreentrant'' do not produce reentrancy checks at runtime. Vyper @nonreentrant"" unprotected @external def bar: pass @nonreentrant"lock" protected @external def foo: pass Patches Patched in 3605 Workarounds The lock name should be a non-empty string...

Vyper Security Vulnerability

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper versions 0.2.9 through 0.3.10, which stems from the fact that locks of type @nonreentrant or @nonreentrant are not reentrant-checked at runtime...

GHSA-5824-CM3X-3C38 Vyper has incorrectly allocated named re-entrancy locks

Impact In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of...

Reentrancy allows commenter to overwrite own comments

Lines of code Vulnerability details Since the Lens platform is a blockchain-based social media platform, it's important that information relevant to users be emitted so that light clients need not continually refer to the blockchain, which can be expensive. From the docs: Events are emitted at...