CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow

A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public an...

Swap Input Validation

Lines of code Vulnerability details Input Validation: - The swap function assumes that fpos and spos are valid positions within the heap. - Ensure that you are providing valid positions, and consider adding checks to verify that fpos and spos are within the bounds of your heap. requirefpos size &...

MaxHeapify: find children with large value and swap

Lines of code Vulnerability details Input Validation: - The maxHeapify function assumes that pos is a valid position within the heap. - Similar to the swap function, you should consider adding a check to verify that pos is within the bounds of your heap. requirepos size, "Invalid position...

Upgraded Q -> 2 from #293 [1676241639792]

Judge has assessed an item in Issue 293 as 2 risk. The relevant finding follows: 01 USER CAN POSSIBLY TRANSFER NO token0 OR token1 TO TimeswapV2Option CONTRACT IF CORRESPONDING token0 OR token1 IS A REBASING TOKEN When calling the following TimeswapV2Option.mint function, msg.sender uses the...

Unchecked that the to address is nto the address of the tokens

Lines of code Vulnerability details Impact In the swap function, it is unchecked that the to address is not the address of the tokens. This will not lead to a loss of funds because the flashloan will actually revert, but sanity checks like this one should be made following for instance uniswap...

ADDING UNBALANCED/MORE LIQUIDITY IS POSSIBLE TO MAKE INNOCENT USERS LOSS MONEY, AND BOTS CAN EARN FROM THE POOL

Lines of code Vulnerability details ADDING UNBALANCED/MORE LIQUIDITY IS POSSIBLE TO MAKE INNOCENT USERS LOSS MONEY, AND BOTS CAN EARN FROM THE POOL Impact In the linked file LendgineRouter.sol,the deposit function enable users to add liquidity at any proportion of token0 and token1. However, ther...

Reentrancy attack to swap()

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. A malicious contract can initiate a reentrancy attack to the swap function: it can swap token0 for token1, receiving token0 but without effectively providing the due token1 amount used to mint instead...

LBPair swap() can be front-runned, a malicious attacker can call swap with higher gas than a user, getting the user swap amount transferred to the attacker address

Lines of code Vulnerability details Impact In the LBPair.sol contract, when a user calls swap after transferring tokens to the Pair, a malicious attacker can front-run that tx then call swap on the same pair with the parameter to changed to an malicious address of his choice, paying a higher gass...

Swap at the lower cushion is impossible due to non approved withdrawal. Wrong implementation can cause free swaps.

Lines of code Vulnerability details Impact Currently it is not clear how the swap user is approved for withdrawing from treasury. Depending on implementation, user could swap without spending any tokens, due to approval mechanism in the TRSRY module. Description In the swap function it should be...

Potential lock of rewards in the custody contracts

Lines of code Vulnerability details Impact The swaptostabledenom function in the custody contracts swaps all other native tokens into a specific one. The function creates swap messages for all the other native tokens and adds them as sub-messages, and handles the reply only when the last...

HybridPool._updateReserves Wrong implementation

Handle WatchPug Vulnerability details HybridPool.updateReserves is supposed to update the reserves to the latest bento share amounts. Instead, it uses underlying token amounts. In the getReserves function, reserves are treated as bento share amounts and get converted to underlying token amounts...