4 matches found
Attacker can create additional canonical token bridge
Lines of code Vulnerability details Impact Deployers of custom TokenManagers can subvert the limitation imposed in the documentation that allows only one Canonical Bridges for each existing ERC20 token: “deployers can deploy a Canonical Bridge for any token they want, this can be done only once p...
ERC20 token bridge does not support token with different decimals
Lines of code Vulnerability details ERC20 token bridge does not support token with different decimals Summary ERC20 token bridge does not support token with different decimals Vulnerability Detail In the current implementation: User can perform ERC20 cross-chain transfer via token bridge. Let us...
@abacus-network/helloworld (>=0.2.1-alpha <=0.2.1-beta2), @alt-research/orbit-sdk-avail (>=0.9.1 <=0.9.11) +108 more potentially affected by CVE-2022-35961 via @openzeppelin/contracts-upgradeable (>=4.2.0 <=4.7.0)
@openzeppelin/contracts-upgradeable NPM version =4.2.0, =0.2.1-alpha, =0.9.1, =0.19.0-beta.0, =0.1.0-alpha, =0.24.2, =1.0.0, =0.6.0, =1.1.4-migration-beta.0, =1.0.0-beta.0, =1.0.0-upstream-0.19.0, =1.4.0, =1.5.0-beta.0 and more Source cves: CVE-2022-35961 Source advisory: OSV:GHSA-4H98-2769-GH6H...
@0xwen/core (>=0.0.1 <=0.0.3), @0xwen/core-v5 (>=0.0.1 <=0.0.3) +128 more potentially affected by CVE-2021-46320 +1 more via @openzeppelin/contracts-upgradeable (>=3.4.0 <=4.3.3)
@openzeppelin/contracts-upgradeable NPM version =3.4.0, =0.0.1, =0.0.1, =0.0.2, =0.0.1, =2.0.0, =3.0.0-alpha0, =2.0.0, =3.0.1-alpha, =1.0.0, =1.0.0-beta.0, =1.0.0, =1.0.4 and more Source cves: CVE-2021-46320, CVE-2022-39384 Source advisory: OSV:GHSA-9C22-PWXW-P6HX...