CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2024/08/21 3:21 p.m.•6 views

GO-2022-0760 Ethermint vulnerable to DoS through unintended Contract Selfdestruct in github.com/crypto-org-chain/cronos

Ethermint vulnerable to DoS through unintended Contract Selfdestruct in github.com/crypto-org-chain/cronos...

8.2CVSS6.3AI score0.00149EPSS

Exploits1References4

Code423n4•added 2023/10/26 12:0 a.m.•65 views

safeTransferFrom Does Not Check for Code at the Token Address

Lines of code Vulnerability details Impact The solady safeTransferFrom does not check for code at a token address before transferring. This can result in a deposit being made in a selfdestructed token or an embryonic token such as one that can be created from another chain's bridge without the us...

7.4AI score

Code423n4•added 2023/06/13 12:0 a.m.•10 views

Unsafe delegatecall functionality can break core protocol functionality

Lines of code Vulnerability details Impact There are multiple contracts which include delegatecall functionality, including the execute function of the LlamaAccount contract and the execute function of the LlamaExecutor contract. The issue is that there's no controls, other than the standard role...

7.4AI score

Code423n4•added 2023/06/09 12:0 a.m.•15 views

selfdestruct(self) does not clear balance

Lines of code Vulnerability details Impact Balance is stored in OVMETH contract, function opSuicide increments it, then Sucide does not change it, at the end of function it will be decremented. Which means it will not be changed. Proof of Concept // SPDX-License-Identifier: GPL-3.0 pragma solidit...

6.5AI score

Code423n4•added 2023/06/09 12:0 a.m.•14 views

VaultProxy can be selfdestructed using delegatecall

Lines of code Vulnerability details Impact Attacker can selfdestruct VaultProxy deployment. constructor //initialise the vault proxy with data function initialise bool isValidatorWithdrawalVault, uint8 poolId, uint256 id, address staderConfig external if isInitialized revert AlreadyInitialized;...

6.8AI score

Code423n4•added 2023/01/09 12:0 a.m.•7 views

SmartAccount implementation contract can be destroyed by owner

Lines of code Vulnerability details SmartAccount implementation contract can be destroyed by owner Impact Locking users' funds forever due to DoS for all deployed smart account proxies. Neither implementation upgrade will be possible nor withdrawing funds. Proof of Concept The expected behaviour ...

Code423n4•added 2023/01/07 12:0 a.m.•7 views

Upgraded Q -> M from #173 [1673098404536]

Judge has assessed an item in Issue 173 as M risk. The relevant finding follows: L-03 - Depreciating-soon selfdestruct is used to transfer funds to seller after sale ends. --- The text was updated successfully, but these errors were encountered: All reactions...

Code423n4•added 2022/12/11 12:0 a.m.•8 views

Upgraded Q -> M from #34 [1670783427149]

Judge has assessed an item in Issue 34 as M risk. The relevant finding follows: Selfdestruct is prone to being changed in a future hard fork --- The text was updated successfully, but these errors were encountered: All reactions...

Code423n4•added 2022/12/11 12:0 a.m.•6 views

Upgraded Q -> M from #268 [1670783513081]

Judge has assessed an item in Issue 268 as M risk. The relevant finding follows: Use of selfdestruct in FixedPrice.sol and OpenEdition.sol --- The text was updated successfully, but these errors were encountered: All reactions...

7AI score

Code423n4•added 2022/12/11 12:0 a.m.•8 views

Upgraded Q -> M from #81 [1670783437328]

Judge has assessed an item in Issue 81 as M risk. The relevant finding follows: After carefully reading all submissions related to the use of selfdestruct, I will change my stance on this kind of issue. Changing the severity back to Medium. --- The text was updated successfully, but these errors...

Github Security Blog•added 2022/08/18 7:4 p.m.•31 views

Ethermint vulnerable to DoS through unintended Contract Selfdestruct

Vulnerability Report Impact Smart contract applications that make use of the selfdestruct functionality and their end-users. Classification The vulnerability has been classified as high with a CVSS score of 8.2. It has the potential to create a denial-of-service to all contracts that can invoke t...

8.2CVSS5.6AI score0.00149EPSS

Exploits1References5Affected Software4

Github Security Blog•added 2022/08/11 6:8 p.m.•22 views

Cronos vulnerable to DoS through unintended Contract Selfdestruct

In Cronos nodes running versions before v0.7.0, the contract selfdestruct invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in Ethermint, all contracts that used the identical bytecode i.e shared the same CodeHash will also stop...

8.2CVSS0.7AI score0.00149EPSS

Exploits1References4Affected Software1

OSV•added 2022/08/11 6:8 p.m.•10 views

GHSA-GWJ5-WP6R-5Q9F Cronos vulnerable to DoS through unintended Contract Selfdestruct

8.2CVSS6.4AI score0.00149EPSS

Exploits1References4

NVD•added 2022/08/05 1:15 p.m.•9 views

CVE-2022-35936

8.2CVSS0.00149EPSS

Prion•added 2022/08/05 1:15 p.m.•10 views

Code injection

5CVSS5.2AI score0.00149EPSS

Exploits1References3Affected Software4

Vulnrichment•added 2022/08/05 12:55 p.m.•4 views

CVE-2022-35936 Ethermint DoS through Unintended Contract Selfdestruct

8.2CVSS8.3AI score0.00149EPSS

Cvelist•added 2022/08/05 12:55 p.m.•13 views

CVE-2022-35936 Ethermint DoS through Unintended Contract Selfdestruct

8.2CVSS8.3AI score0.00149EPSS