27 matches found
CredShields Joins Forces with Checkmarx to Bring Smart Contract Security to Enterprise AppSec Programs
Singapore, Singapore, 19th November 2025, CyberNewsWire...
EUVD-2018-5479
Malware in sbrugna...
EUVD-2018-5427
Malware in sbrugna...
EUVD-2018-5413
Malware in sbrugna...
EUVD-2018-5480
Malware in sbrugna...
EUVD-2018-5503
Malware in sbrugna...
EUVD-2018-5137
Malware in sbrugna...
EUVD-2018-5075
Malware in sbrugna...
EUVD-2018-5620
Malware in sbrugna...
EUVD-2025-21789
Malicious code in bioql PyPI...
EUVD-2022-6503
Malicious code in bioql PyPI...
EUVD-2023-1359
Malicious code in bioql PyPI...
Exploit for CVE-2025-4126
POC-CVE-2025-4126 smart contract reentrancy attack vulnerabili...
CVE-2025-54070
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the lastIndexOfbytes,byte,uint256 function of the Bytes.sol library may access uninitialized memory when the following two conditions hold: 1 the provided buffer length...
Missing validation to ensure that the _l2CoreGovTimelock parameter is not the zero address in the initialize function
Lines of code Vulnerability details Impact The initialize function accepts a parameter l2CoreGovTimelock and does check if it's a contract address using Address.isContract. However, there's no explicit check to ensure that l2CoreGovTimelock is not the zero address...
Upgraded Q -> 2 from #7 [1677668529704]
Judge has assessed an item in Issue 7 as 2 risk. The relevant finding follows: L-01 changePayees Suggest adding to check whether newPayees are duplicated to avoid totalShares error function changePayeesaddress calldata newPayees, uint256 calldata newShares external override onlyManager ... for...
Unpacking the "0x1626ba7e" Mystery: The Risks of Unidentified Fixed Values in Smart Contracts - loss of funds
Lines of code Vulnerability details Impact The use of a fixed value in the require statement without understanding its significance creates a security vulnerability in the contract. An attacker could manipulate the returned value to bypass the require statement and execute malicious code. This ca...
Signature Replay Attack when EntryPoint contract is changed
Lines of code Vulnerability details Signature Replay Attack when EntryPoint contract is changed Impact User operations can be replayed on smart accounts once the EntryPoint is changed. This can lead to user's loosing funds or any unexpected behaviour that transaction replay attacks usually lead t...
The arithmetic operator can overflow
Lines of code Vulnerability details Impact It is possible to cause an integer overflow or underflow in the arithmetic operation. Description An overflow/underflow happens when an arithmetic operation reaches the maximum or minimum size of a type. For instance if a number is stored in the uint8...
CVE-2022-35961 ECDSA signature malleability in OpenZeppelin Contracts
OpenZeppelin Contracts is a library for secure smart contract development. The functions ECDSA.recover and ECDSA.tryRecover are vulnerable to a kind of signature malleability due to accepting EIP-2098 compact signatures in addition to the traditional 65 byte signature format. This is only an issu...