LROO Rug Pull Detector: A Leakage-Resistant Framework Based on On-Chain and OSINT Signals

Smart contract-based ecosystems enable decentralized applications without trusted intermediaries, but their immutability and permissionless design also facilitate large-scale fraud. One of the most prevalent attacks is the rug pull, where project operators abruptly withdraw liquidity after...

Securing the Model Context Protocol: Defending LLMs against Tool Poisoning and Adversarial Attacks

The Model Context Protocol MCP enables Large Language Models to integrate external tools through structured descriptors, increasing autonomy in decision-making, task execution, and multi-agent workflows. However, this autonomy creates a largely overlooked security gap. Existing defenses focus on...

Rugsafe: a Multichain Protocol for Recovering from and Defending against Rug Pulls

Rugsafe introduces a comprehensive protocol aimed at mitigating the risks of rug pulls in the cryptocurrency ecosystem. By utilizing cryptographic security measures and economic incentives, the protocol provides a secure multichain system for recovering assets and transforming rugged tokens into...

Exposing Hidden Backdoors in NFT Smart Contracts: a Static Security Analysis of Rug Pull Patterns

The explosive growth of Non-Fungible Tokens NFTs has revolutionized digital ownership by enabling the creation, exchange, and monetization of unique assets on blockchain networks. However, this surge in popularity has also given rise to a disturbing trend: the emergence of rug pulls - fraudulent...

Beyond the Protocol: Unveiling Attack Vectors in the Model Context Protocol Ecosystem

The Model Context Protocol MCP is an emerging standard designed to enable seamless interaction between Large Language Model LLM applications and external tools or resources. Within a short period, thousands of MCP services have already been developed and deployed. However, the client-server...

Researchers Demonstrate How MCP Prompt Injection Can Be Used for Both Attack and Defense

As the field of artificial intelligence AI continues to evolve at a rapid pace, fresh research has found how techniques that render the Model Context Protocol MCP susceptible to prompt injection attacks could be used to develop security tooling or identify malicious tools, according to a new repo...

Scammers Target BASE and Ethereum with Political Meme Coins and Rug Pulls

Global Blockchain Scams Surge on BASE and Across Networks, Trugard Labs Reports...

We’re not talking about cryptocurrency as much as we used to, but there are still plenty of scammers out there

AI has since replaced "cryptocurrency" and "blockchain" as the cybersecurity buzzwords everyone wants to hear. Were not getting as many headlines about cryptocurrency miners, the security risks or promises of the blockchain, or non-fungible tokens being referenced on "Saturday Night Live." A repo...

3,500 Arrested in Global Operation HAECHI-IV Targeting Financial Criminals

A six-month-long international police operation codenamed HAECHI-IV has resulted in the arrests of nearly 3,500 individuals and seizures worth $300 million across 34 countries. The exercise, which took place from July through December 2023, took aim at various types of financial crimes such as...

Unverified Primitives

Lines of code Vulnerability details Impact Interacting with unverified or malicious Ocean primitives could result in loss of funds or incorrect computations. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates...

Scammers Exploit Crypto Hype with Fake Token Factory, Stealing Millions

By Deeba Ahmed Check Point Research Reports New Million-Dollar Rug Pull Scam with a Fake Token Factory. This is a post from HackRead.com Read the original post: Scammers Exploit Crypto Hype with Fake Token Factory, Stealing Millions...

Potential drain of EthCrowdFund contract

Lines of code Vulnerability details Impact In the emergencyExecute function in the EthCrowdFundBase contract, the external call msg.value is decided by the user input which could lead to draining of funds by compromised wallet or human error. Also there is no check if the value of amoutnEth is at...

claremontrug.com Cross Site Scripting vulnerability OBB-3524890

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Admin user has an absolute power to withdraw all contract balance, which may raise red flags for investors

Lines of code Vulnerability details Impact Having rug-pull related code is always considered as a red flag for new investors. An admin, who's a single point of failure has access to withdraw function, which allows to withdraw the whole contract balance. Even if the owner is genuine the rug pull...

setBooster() function may be used to steal unclaimed rewards in FlywheelCore contract

Lines of code Vulnerability details Lines of code Vulnerability details Impact A malicious owner can steal all unclaimed rewards and break the reward accounting mechanism Proof of Concept Even if the owner is a good guy but the fact that there exists a rug vector available may negatively impact t...

And all this assembly shall know that the OWNER SafEth not with derivatives: for the derivative is the OWNER'S, and he will rebalanceToWeights it into his EOA.

Lines of code Vulnerability details Impact The owner of SafEth can at any time steal all staked funds. Proof of Concept SafEth.addDerivative allows the owner to add any derivative contract, such as one where he can withdraw all IDerivative.deposit-ed funds. SafEth.adjustWeights allows the owner t...

SUSE CVE-2006-2703

The RedCarpet command-line client rug does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle MITM attack...

Winning NFT owner/admin can rug pull attack or DoS attack on winner by removing the winning NFT.

Lines of code Vulnerability details Impact Given the current logic, it is possible to call the redraw method even after recoverTimelock has passed. If the owner does so, the contract will select a new winner for the winning NFT. But it will be up to the owner to give as much time to the winner to...

Upgraded Q -> M from #334 [1668467418003]

Judge has assessed an item in Issue 334 as M risk. The relevant finding follows: 2. Rug vectors by the owner A malicious owner can call setLBPairImplementation, setFeeRecipient, setFlashLoanFee , setFeesParameters and forceDecay to advantage himself at expenses of the users...

Emergency functions recoverEther recoverERC20, moveWithheldETH and setWitholdRatio should not allow owner to call them

Lines of code Vulnerability details Impact True trustlessness is hard, but there's not much point in having open source smart contracts unless the goal is achieved completely. The moment a vector exists where a rug pull could occur a user should be rightly suspicious. Although TimelockController ...