Lucene search
K

8 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-0276

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00692EPSS
Exploits0References5
OSV
OSV
added 2023/12/13 8:15 p.m.4 views

PYSEC-2023-307

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used math.ceiltype.sizeinbytes / 32. T...

7.5CVSS7.1AI score0.00692EPSS
Exploits0References3
Code423n4
Code423n4
added 2023/01/30 12:0 a.m.14 views

Config update happening in memory instead of at storage slot

Lines of code Vulnerability details Impact While adding configs in addConfig function, configs is updated in memory as shown at . It should accept configs parameter to a function as storage. Proof of Concept function addConfiguint256 memory configs, uint256 configsLen, DripsReceiver memory receiv...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/08/27 12:0 a.m.14 views

Multiple storage slot collisions between versions - due to different order in declaration

Lines of code Vulnerability details Impact If we list the sequence of how variables receive slots, we will see the failure to follow "append-only" principle. Many variable added "in-between" V2 version can read/write wrong slots. Proof of Concept Here is the table/list of variable, built taking...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/08/06 12:0 a.m.19 views

No storage gap for Upgradable contract might lead to storage slot collision

Lines of code Vulnerability details Impact For Upgradable contracts, there must be storage gap to “allow developers to freely add new state variables in the future without compromising the storage compatibility with existing deployments” quote OpenZeppelin. Otherwise it may be very difficult to...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/08/06 12:0 a.m.6 views

minGasReserve of MIMOProxy can be overwritten

Lines of code Vulnerability details Impact While there is a check that owner is not changed in a delegatecall, such a check is missing for minGasReserve, which means that the variable can be changed either maliciously or accidentally because of a storage slot collision. The consequences of this a...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/08/03 12:0 a.m.13 views

No storage gap for Upgradable contract might lead to storage slot collision

Lines of code Vulnerability details Impact For upgradeable contracts, there must be storage gap to “allow developers to freely add new state variables in the future without compromising the storage compatibility with existing deployments” quote OpenZeppelin. Otherwise it may be very difficult to...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/05/08 12:0 a.m.8 views

Missing a storage slot

Lines of code Vulnerability details Impact By using a pre-increment in our instantiations, we are potentially missing out on using the first 0th slot. Tools Used Manual Inspection Recommended Mitigation Steps Use post-incement --- The text was updated successfully, but these errors were...

6.9AI score
Exploits0
Rows per page
Query Builder