8 matches found
Malicious code in synthetixio-deps-security-notice (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a943efd071177c98f72d2f45c2c4af1fcef99b69646dc9ad1f490db03f90a4f5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Tokens with multiple addresses can be stolen due to reliance on balanceOf()
Lines of code Vulnerability details Impact Some ERC20 tokens have multiple valid contract addresses that serve as entrypoints for manipulating the same underlying storage such as Synthetix tokens like SNX and sBTC and the TUSD stablecoin. The accrueUser function holds all rewards for all pools,...
Malicious code in synthetix-debt-pool-adapter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f8bd0d8bcdad4b7b209807726e7da8c9129f86dbbf00570988c01ed9fd436a5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6396 Malicious code in synthetix-debt-pool-adapter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f8bd0d8bcdad4b7b209807726e7da8c9129f86dbbf00570988c01ed9fd436a5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
BkdLocker#depositFees() can be front run to steal the newly added rewardToken
Lines of code Vulnerability details Every time the BkdLockerdepositFees gets called, there will be a surge of rewards per locked token for the existing stakeholders. This enables a well-known attack vector, in which the attacker will take a large portion of the shares before the surge, then claim...
Synths minted to the wrong market when initializing
Handle 0xImpostor Vulnerability details Impact Synthetix tokens are not minted to the correct market index since the creation of the synth market and the initialization are 2 separate steps. Proof of Concept 1. Create 2 synth market without initializing them 2. Call initializeMarket twice 3. Synt...
Synthetix CMS SQL Injection
Exploit Title: Synthetix CMS products.php SQL Injection Vulnerability Google Dork: "Website design & hosting by Synthetix" Date: 9/7/2012 Author: Ajax Security Team Discovered By: Crim3R Home: WwW.AjaxTm.CoM Vendor Software: http://www.synthetix.com/ Version: All Version Category:: webapps Tested...
Synthetix - SQL Injection Vulnerability
Exploit for php platform in category web applications ========================================================================== Synthetix - SQL Injection Vulnerability ========================================================================== Title: Synthetix - SQL Injection Vulnerability Author...