Lucene search
K

369 matches found

NVD
NVD
added 2024/08/29 5:15 p.m.14 views

CVE-2024-45056

zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...

5.9CVSS0.00403EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/29 4:55 p.m.16 views

CVE-2024-45056 `fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc

zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...

5.9CVSS5.8AI score0.00403EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/29 4:55 p.m.53 views

CVE-2024-45056 `fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc

zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...

5.9CVSS0.00403EPSS
Exploits0References2
CVE
CVE
added 2024/08/29 4:55 p.m.52 views

CVE-2024-45056

The CVE-2024-45056 entry describes a misoptimization in zksolc (Matter Labs’ Solidity compiler for ZKsync) where LLVM optimization folds (xor (shl 1, x), -1) into (rotl ~1, x). Here ~1 is generated as unsigned 64-bit (2^64-1) and is zero-extended to 256 bits on EraVM, when it should have been sig...

5.9CVSS5.8AI score0.00403EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/08/29 4:55 p.m.28 views

CVE-2024-45056 `fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc

zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...

5.9CVSS6.8AI score0.00403EPSS
Exploits0References4
Kitploit
Kitploit
added 2024/05/27 12:30 p.m.82 views

SherlockChain - A Streamlined AI Analysis Framework For Solidity, Vyper And Plutus Contracts

SherlockChain is a powerful smart contract analysis framework that combines the capabilities of the renowned Slither tool with advanced AI-powered features. Developed by a team of security experts and AI researchers, SherlockChain offers unparalleled insights and vulnerability detection for...

7.5AI score
Exploits0References100
NVD
NVD
added 2024/05/14 3:39 p.m.20 views

CVE-2024-34704

era-compiler-solidity is the ZKsync compiler for Solidity. The problem occurred during instruction selection in the DAGCombine phase while visiting the XOR operation. The issue arises when attempting to fold the expression !x cc y into x !cc y. To perform this transformation, the second operand o...

5.9CVSS5.5AI score0.00466EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/13 7:13 p.m.15 views

CVE-2024-34704 era-compiler-solidity contains a `xor(zext(cmp), -1)` misoptimization

era-compiler-solidity is the ZKsync compiler for Solidity. The problem occurred during instruction selection in the DAGCombine phase while visiting the XOR operation. The issue arises when attempting to fold the expression !x cc y into x !cc y. To perform this transformation, the second operand o...

5.9CVSS6.6AI score0.00466EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/13 7:13 p.m.27 views

CVE-2024-34704 era-compiler-solidity contains a `xor(zext(cmp), -1)` misoptimization

era-compiler-solidity is the ZKsync compiler for Solidity. The problem occurred during instruction selection in the DAGCombine phase while visiting the XOR operation. The issue arises when attempting to fold the expression !x cc y into x !cc y. To perform this transformation, the second operand o...

5.9CVSS5.8AI score0.00466EPSS
Exploits0References1
CVE
CVE
added 2024/05/13 7:13 p.m.49 views

CVE-2024-34704

Summary: CVE-2024-34704 affects era-compiler-solidity (ZKsync Solidity compiler). On instruction selection in the DAGCombine phase, folding the expression !(x cc y) into (x cc y) incorrectly assumed the second XOR operand representing the true value was -1, whereas the true value is 1. This misop...

5.9CVSS6.5AI score0.00466EPSS
Exploits0References1
OSV
OSV
added 2024/05/13 7:13 p.m.5 views

CVE-2024-34704 era-compiler-solidity contains a `xor(zext(cmp), -1)` misoptimization

era-compiler-solidity is the ZKsync compiler for Solidity. The problem occurred during instruction selection in the DAGCombine phase while visiting the XOR operation. The issue arises when attempting to fold the expression !x cc y into x !cc y. To perform this transformation, the second operand o...

5.9CVSS6.8AI score0.00466EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/13 12:0 a.m.5 views

PT-2024-26119 · Unknown · Era-Compiler-Solidity

Name of the Vulnerable Software and Affected Versions: era-compiler-solidity versions prior to 1.4.1 Description: The issue occurs during the DAGCombine phase while visiting the XOR operation, specifically when attempting to fold the expression !x cc y into x !cc y. This transformation should be...

5.9CVSS7.2AI score0.00466EPSS
Exploits0References2
Code423n4
Code423n4
added 2024/01/27 12:0 a.m.30 views

Loss of precission when calculating the accumulated CANTO per share

Lines of code Vulnerability details Impact When calculating the amount of CANTO per share in updatemarket, dividing by 1e18 in cantoReward and multiplying by the same value in accCantoPerShare rounds down the final value, making the amount of rewards users will receive be less than expected. Proo...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2024/01/08 12:0 a.m.20 views

use of 0.8.20

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. This is because solidity 0.8.20 introduces the PUSH0 0x5f opcode which is only supported on the ETH mainnet and not on any other chains. That's why other chains can't find the PUSH0 0x5f opcode and thro...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/12/19 12:0 a.m.28 views

Unsafe use of approve() with IERC20

Lines of code 321, 215, 184, 450, 761, 217, 157, 234, 339, 386https://github.com/Tapioca-DAO/t...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/12/08 12:0 a.m.9 views

_determineTransferAmount does't support low decimal tokens.

Lines of code Vulnerability details Impact determineTransferAmount does't support low decimal tokens. Transfer amount will be force set to incorrect amount. Proof of Concept In process of erc20Wrap,in order to support different decimal tokens, the contract use determineTransferAmount to get...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/12/08 12:0 a.m.9 views

Unrestricted Unwrap Fee Changes: Instability, Market Disruption, and Loss of Trust

Lines of code Vulnerability details Impact The current changeUnwrapFee function in the Ocean smart contract allows the owner to change the unwrap fee divisor with no restrictions, leading to several negative impacts: 1. Unstable Unwrap Fees: Frequent changes in the divisor can cause instability a...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/11/24 4:54 p.m.19 views

Ethereum ABI decoder DoS when parsing ZST

With this notification I would like to inform about a DoS vector in the Ethereum ABI decoder. We have not yet found a way to exploit this with high impact, still the bug could potentially lead to a DoS in server systems. Feel free to ask about an extension of the embargo period. Trail of Bits is...

7AI score
Exploits0References2Affected Software1
OSV
OSV
added 2023/11/24 4:54 p.m.17 views

GHSA-RQR8-PXH7-CQ3G Ethereum ABI decoder DoS when parsing ZST

With this notification I would like to inform about a DoS vector in the Ethereum ABI decoder. We have not yet found a way to exploit this with high impact, still the bug could potentially lead to a DoS in server systems. Feel free to ask about an extension of the embargo period. Trail of Bits is...

4.3CVSS7AI score
Exploits0References2
Code423n4
Code423n4
added 2023/11/17 12:0 a.m.10 views

There is potential underflow and overflow issues in arithmetic operations in the _getRewardsSinceLastClaim function

Lines of code Vulnerability details Impact There are potential underflow and overflow issues in arithmetic operations. Not being able to verify that subtracting lastClaimedValue from shareDataid.shareHolderRewardsPerTokenScaled would result in a negative value. This could lead to affecting the...

7.3AI score
Exploits0
Rows per page
Query Builder