EUVD-2020-23930

Malware in sbrugna...

EUVD-2022-6227

Malicious code in bioql PyPI...

CVE-2020-36402

Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLib2Interface::querySolver. NOTE: c39a5e2b7a3fabbf687f53a2823fc087be6c1a7e is cited in the OSV "fixed" field but does not have a code change...

Compiler version used by Brahma contracts may introduce permanent bugs in the future

Lines of code Vulnerability details Impact Lack of upgradeability of protocol to adapt with new pragma version may introduce a risk of being targeted by malicious actors if the pragma version 0.8.19 introduce bugs in the future. Here's the list of previous solidity compiler bugs for your referenc...

Deployment issues with chains not compatible with Shanghai hardfork

Lines of code Vulnerability details Impact Besides issues with deployment &maintenance contracts; A Big Issues is quoted below from an audit finding... "This could also become a problem if different versions of Solidity are used to compile contracts for different chains. The differences in byteco...

Unsafe cast

Lines of code Vulnerability details Impact In AccountCodeStorage.sol we have function getCodeHash and getCodeSize Due to an insecure cast, it is possible to get an integer overflow. Solidity version 0.8.0 provide SafeMath, but casting operations are not safe and can overflow. Proof of Concept As...

Upgraded Q -> M from #307 [1669043813221]

Judge has assessed an item in Issue 307 as M risk. The relevant finding follows: L-1. Wrong comparison sign Description The function swapAVAXForExactTokens will revert when msg.value amountsIn0 because amountsIn0 - msg.value will always cause underflow. Solidity version ^0.8.0 is used, so it will...

Possible Integer OverFlow and UnderFlow on Multiple lines of AlgebraPool.sol

Lines of code Vulnerability details There are multiple possibilities for Integer OverFlow and UnderFlow when accounting is performed on AlgebraPool Contract. The above Permalinks will highlight the raw add and sub-operations without Safe Math. Also, the contract uses a solidity version only below...

Logic error in inversely traversed loops could lead to DoS

Lines of code Vulnerability details Impact Potential DoS in loops being inversely traversed Proof of Concept Let's take the example of VE3DLocker.totalSupply. The VE3DLocker.totalSupply function has been modified to save gas with an inversely traversed for-loop: File: VE3DLocker.sol 386: //traver...

Consider using a solidity version >= 0.8.0

Handle tensors Vulnerability details Impact Many spots in the contracts are subject to overflows/underflows. In some instances this is the desired behavior, but this is rarely the case. Consider upgrading certain contracts to 0.8.0 and above to protect against this when it is not desired. An...

Unchecked transfers found in 3 contracts

Handle maplesyrup Vulnerability details Impact This is a high priority vulnerability because it definitely affects the way that funds are transferred and sent between the contracts. You want to make sure that you check the boolean value from these transfer functions in order to make sure that the...