EUVD-2025-12168

Malicious code in bioql PyPI...

Unlimited length of LineOfCredit.ids: storage collisions

Lines of code Vulnerability details Impact There are no restrictions for ids length So malicious borrower may create many credits and replace storage slot data at some position Proof of Concept 1. LineOfCredit.ids saves array size in slot Oracle data feed is insufficiently validated in Oracle.sol...

QA Report

Prevent possible future storage collisions The target action contracts of MIMOProxy.sol use storage slot 0 for immutable addresses, which doesn't currently pose an issue; however, if in future additional contracts are added which allow this slot in storage to be modified then it could open the...