Lucene search
K

8 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/15 6:4 a.m.3 views

Malicious code in synthetixio-deps-security-notice (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a943efd071177c98f72d2f45c2c4af1fcef99b69646dc9ad1f490db03f90a4f5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Code423n4
Code423n4
added 2023/07/05 12:0 a.m.4 views

Tokens with multiple addresses can be stolen due to reliance on balanceOf()

Lines of code Vulnerability details Impact Some ERC20 tokens have multiple valid contract addresses that serve as entrypoints for manipulating the same underlying storage such as Synthetix tokens like SNX and sBTC and the TUSD stablecoin. The accrueUser function holds all rewards for all pools,...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:12 p.m.3 views

Malicious code in synthetix-debt-pool-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f8bd0d8bcdad4b7b209807726e7da8c9129f86dbbf00570988c01ed9fd436a5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:12 p.m.5 views

MAL-2022-6396 Malicious code in synthetix-debt-pool-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f8bd0d8bcdad4b7b209807726e7da8c9129f86dbbf00570988c01ed9fd436a5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Code423n4
Code423n4
added 2022/06/03 12:0 a.m.7 views

BkdLocker#depositFees() can be front run to steal the newly added rewardToken

Lines of code Vulnerability details Every time the BkdLockerdepositFees gets called, there will be a surge of rewards per locked token for the existing stakeholders. This enables a well-known attack vector, in which the attacker will take a large portion of the shares before the surge, then claim...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/08/08 12:0 a.m.13 views

Synths minted to the wrong market when initializing

Handle 0xImpostor Vulnerability details Impact Synthetix tokens are not minted to the correct market index since the creation of the synth market and the initialization are 2 separate steps. Proof of Concept 1. Create 2 synth market without initializing them 2. Call initializeMarket twice 3. Synt...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2012/09/08 12:0 a.m.27 views

Synthetix CMS SQL Injection

Exploit Title: Synthetix CMS products.php SQL Injection Vulnerability Google Dork: "Website design & hosting by Synthetix" Date: 9/7/2012 Author: Ajax Security Team Discovered By: Crim3R Home: WwW.AjaxTm.CoM Vendor Software: http://www.synthetix.com/ Version: All Version Category:: webapps Tested...

0.2AI score
Exploits0
0day.today
0day.today
added 2012/05/26 12:0 a.m.24 views

Synthetix - SQL Injection Vulnerability

Exploit for php platform in category web applications ========================================================================== Synthetix - SQL Injection Vulnerability ========================================================================== Title: Synthetix - SQL Injection Vulnerability Author...

7.1AI score
Exploits0
Rows per page
Query Builder