Malicious code in goodan-ngasa-na (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31ebfe7bbe4bc80b10be1af5c325f416efdd7043f5538c249977b217ea0970b5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in muda-poke20 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 526bc08480e645d761c1d0c9e2098019b12ece3979e89758f59f687fe5e5d545 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in warp-nodemon-spectron-rest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18d8eacb40b0ab0faff3c844170d36f1d29311934074d06fa9b96c885a13ecc8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dono-kemplang45-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfb36aa96dd3550e8242eff24648a77c65b8c9ce3ed427ede84dce15c5f38662 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in putra-martabak33-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abb517f48ac48aaa39add3850d9e38086bdabef4dad63e6e29db7a0cf9724c07 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in agus-oncom91-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 324ed81f691dd4b3df238b44186d66a155cca5ecbc961e6f0c47344c49f8f03f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in individual_koala_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60d36b62c1bc5a24e508d95fafdfd9bcf99c4676baa5bf66cd5e5460115ecfcc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-75072 Malicious code in qori-esdoger39-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9947f34f3cb54e404ec5c8d786bfc069fa7ff26429b31906d948d564e18017a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fadhil-serimuka59-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63789669a7c0f30e62160740f86b4237e26330478477d45ea9037600332860a0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-63290 Malicious code in hadianto-sego21-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 049b180f614778d3fca18f2f6619225c635aaa8d796966c0ad3130011eac997b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-65824 Malicious code in utomo-kepok81-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57147cd8359118e34a253c148787303c52faa31e68c42a96696b56932c6f858f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Upgraded Q -> 2 from #286 [1704653766013]

Judge has assessed an item in Issue 286 as 2 risk. The relevant finding follows: L-02 Quorum for existing piece cannot be changed L-03 Token inflation gives advantage to new pieces --- The text was updated successfully, but these errors were encountered: All reactions...

GHSA-PVJG-JWP3-MRJ5 chia-blockchain tokens can be inflated to an arbitrary extent

An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the...

CVE-2022-36447

An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the...

PYSEC-2022-43072

An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the...

CVE-2022-36447

An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the...

Inflate collateral token and partial bypass minting fee by directly transferring to _strategyController

Lines of code Vulnerability details Impact This bug enables partial bypass of fee while minting Collateral tokens through Collateral.deposit. Attackers can also utilize this bug to inflate prices of Collateral tokens, creating "unfair advantages" for early minters of Collateral tokens. Proof of...

Smart Contract Bug Results in $31 Million Loss

A hacker stole $31 million from the blockchain company MonoX Finance , by exploiting a bug in software the service uses to draft smart contracts. Specifically, the hack used the same token as both the tokenIn and tokenOut, which are methods for exchanging the value of one token for another. MonoX...

Insufficient check on updateVestedTokens function

Handle rfa Vulnerability details Impact This function can be used by the beneficiary to update their vested token, however the function is callable by anyone, there is no check if the msg.sender/caller is the correct beneficiary, the only check is , but this check is user controllable, therefore...