3 matches found
GHSA-XHQ5-45PM-2GJR OpenClaw: Nextcloud Talk room allowlist matched colliding room names instead of stable room tokens
Summary Nextcloud Talk room authorization matched on collidable room names instead of the stable room token, allowing policy confusion across similarly named rooms. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...
Hardcoded prices are subject to be abused
Lines of code Vulnerability details Impact Hardcoded prices are subject to be abused which might address the protocol being drained. Proof of Concept There are 2 possible different issues of the Lending Protocol; 1. The attack surface/risk is not originated directly through the Canto protocol but...
There is no method to unignore any ignored pair.
Lines of code Vulnerability details Impact The Witch contract uses setIgnoredPair function to prevent the liquidation of accepted pairs on the governance level. However, there is no method to remove these pairs from the ignoredPairs mapping. Proof of Concept Imagine there are vaults with UST/fyUS...