Lucene search
K

4 matches found

OSV
OSV
added 2026/05/06 7:57 p.m.6 views

GHSA-6447-269V-G68M Mezo: ERC-20 bridgeOut burn can be erased by a stale StateDB overwrite leading to full L1 bridge drain

Note: the fixed version of the validator client has been deployed for some time. Impact Potential full drain of L1 bridge without changing bridged balance on Mezo. Brief/Intro A malicious user can steal all ERC-20 tokens locked in the L1 bridge by repeatedly calling the bridgeOut precompile from ...

8.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2025/10/21 6:4 p.m.1 views

Use of a Cryptographic Primitive with a Risky Implementation

Overview Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation in the handling of precompiles in the BalanceHandler that can cause prevEventsLen to be overwritten. An attacker can compromise the integrity or confidentiality of the system ...

9.3CVSS6.7AI score
Exploits0References3
Snyk
Snyk
added 2025/05/14 5:35 p.m.2 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the improper handling of gas limits in precompile executions. An attacker can manipulate the state of the blockchain by causing certain functions to execute with insufficient gas, leading to incomplete...

8.3CVSS7.5AI score
Exploits0References2
OSV
OSV
added 2024/04/10 10:4 p.m.24 views

GHSA-3FP5-2XWH-FXM6 Evmos transaction execution not accounting for all state transition after interaction with precompiles

Context - stateObject: represents the state of an account and is used to store its updates during a state transition. This is accomplished using two in memory Storage variables: originStorage and dirtyStorage - StateDB: it is the general interface to retrieve accounts and holds a map of...

9.1CVSS9.2AI score0.00943EPSS
Exploits0References7
Rows per page
Query Builder