PT-2023-24237

Name of the Vulnerable Software and Affected Versions Crypto wallets implementing GG18 or GG20 TSS protocol affected versions not specified Description Crypto wallets using the GG18 or GG20 Threshold Signature Scheme TSS protocols are susceptible to an issue where an attacker can extract a full...

CVE-2023-26557

io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...

CVE-2023-26556

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...

Observable Discrepancy

io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...

Observable Discrepancy

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...

CVE-2023-26556

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...

PT-2023-20726 · Unknown · Thorchain/Tss +2

Name of the Vulnerable Software and Affected Versions: io.finnet tss-lib versions prior to 2.0.0 bnb-chain/tss-lib versions prior to 2.0.0 thorchain/tss versions prior to 2.0.0 Description: The issue is related to a timing side-channel attack that can leak the lambda value of a private key. This...

PT-2023-20725 · Unknown · Thorchain/Tss +3

Name of the Vulnerable Software and Affected Versions: io.finnet tss-lib versions prior to 2.0.0 bnb-chain/tss-lib versions prior to 2.0.0 thorchain/tss versions prior to 2.0.0 Description: The issue is related to a timing side-channel attack that can leak a secret key. This occurs because the...

Does the cosmos-sdk listen to only 1 gravity.sol contract address?

Handle tensors Vulnerability details Recently Thorchain which uses cosmos, was hacked because the Thorchain environment listened to emitted events from routers other than the intended one. This allowed a hacker to create a malicious router. Within the ethmainloop of the orchestrator, is the...

Defi protocol THORChain loses $8 million in “seemingly whitehat” attack

By Deeba Ahmed THORChain said that "the hacker deliberately limited their impact, seemingly a whitehat." This is a post from HackRead.com Read the original post: Defi protocol THORChain loses $8 million in "seemingly whitehat" attack...