165 matches found
CVE-2021-46359
FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may not be committed successfully, and malicious users may use this to achieve double-spending attacks...
CVE-2021-46359
FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may not be committed successfully, and malicious users may use this to achieve double-spending attacks...
Design/Logic Flaw
FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may not be committed successfully, and malicious users may use this to achieve double-spending attacks...
CVE-2021-46359
CVE-2021-46359 affects FISCO-BCOS release-3.0.0-rc2. The issue is a denial-of-service vulnerability where some transactions may fail to commit, which could enable a double-spending scenario according to linked sources. The vulnerability is documented across multiple feeds (NVD/NVD-derived, CVE li...
CVE-2021-46359
FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may not be committed successfully, and malicious users may use this to achieve double-spending attacks...
No check that _to and from are different addresses in outboundTransfer() function
Handle jayjonah8 Vulnerability details Impact In L1LPTGateway.sol the outboundTransfer function transfers the l1Token from the msg.sender to the l1LPTEscrow contract. It also takes in the to argument which is set in the outboundCalldata variable. This function does not check if the msg.sender and...
NFTXSimpleFeeDistributor._sendForReceiver doesn't return success if receiver is not a contract
Handle hyh Vulnerability details Impact Double spending of fees being distributed will happen in favor of the first fee receivers in the feeReceivers list at the expense of the last ones. As sendForReceiver doesn't return success for completed transfer when receiver isn't a contract, the...
Approved spender can spend too many tokens
Handle cmichel Vulnerability details The approve function has not been overridden and therefore uses the internal shares, whereas transferFrom uses the rebalanced amount. Impact The approved spender may spend more tokens than desired. In fact, the approved amount that can be transferred keeps...
The State of Incident Response: Measuring Risk and Evaluating Your Preparedness
The coronavirus pandemic presented the perfect opportunity for security teams to evaluate the state of their incident-response process. In fact, it highlighted the dire need to implement a more structured, detailed and well-practiced plan to sufficiently support organizations when suffering a...
Miner fails to get block template when a cell used as a cell dep has been destroyed.
Impact The RPC getblocktemplate fails when a cell has been used as a cell dep and an input in the different transactions. Say cell C is used as a dep group in the transaction A, and is destroyed in the transaction B. The node adds transaction A first, then B into the transaction pool. They are bo...
Top five insights from the 2021 CyberEdge Cyberthreat Defense Report
For the last eight years, the Cyberthreat Defense Report has been helping enterprise security professionals gauge their internal practices and security investments against their peers across multiple countries and industries. The report is based upon data from 1,200 qualified IT security...
Closing the technical gap with resiliency pen testing
Organizations across all industries are watching and weighing the real impact and cost of security breaches as they look to budget security spending for 2021. While remote operations are becoming the norm, threat actors have no intention of slowing down their efforts. Instead, they are taking ful...
Can Edge Computing Exist Without the Edge? Part 3: The Economics of Edge Computing
Do the math. For the past decade, digital businesses have been investing in digital transformation initiatives. The promise is to increase top-line growth while maximizing customer lifetime value. As infrastructure improves, IT spending is shifting from the cloud to the edge. But while edge...
Can Edge Computing Exist Without the Edge? Part 3: The Economics of Edge Computing
Do the math. For the past decade, digital businesses have been investing in digital transformation initiatives. The promise is to increase top-line growth while maximizing customer lifetime value. As infrastructure improves, IT spending is shifting from the cloud to the edge. But while edge...
CVE-2020-8806
Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced...
CVE-2020-8806
Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced...
Design/Logic Flaw
Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced...
CVE-2020-8806
Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced...
CVE-2020-8806
Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced...
CVE-2020-8806
CVE-2020-8806 affects Electric Coin Company Zcashd (before 2.1.1-1). The root cause is improper enforcement of timestamp requirements on block headers, which could cause a valid chain to be rejected, enabling consensus failure and potential double spending. A fix is available in 2.1.1-1 (and hotf...