22 matches found
EUVD-2013-2218
Malware in sbrugna...
EUVD-2025-22951
Malicious code in bioql PyPI...
EUVD-2025-29445
Malicious code in bioql PyPI...
CVE-2025-54427
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...
CVE-2025-54427
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...
CVE-2025-54427 Polkadot Frontier contains missing `check_inherent` for `note_min_gas_price_target` inflates gas price
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...
GO-2025-3791 Babylon vulnerable to chain half when transaction has fees different than `ubbn` in github.com/babylonlabs-io/babylon
Babylon vulnerable to chain half when transaction has fees different than ubbn in github.com/babylonlabs-io/babylon...
Denial Of Service (DoS)
github.com/babylonlabs-io/babylon is vulnerable to Denial Of Service DoS. The vulnerability is due to the acceptance of transaction fees in denominations other than the native Babylon genesis denom ubbn, which allows an attacker to halt the blockchain by submitting such transactions...
GHSA-56J4-446M-QRF6 Babylon vulnerable to chain half when transaction has fees different than `ubbn`
Summary Sending transactions with fees different than native Babylon genesis denom ubbn leads to chain halt. Impact Denial of Service - Due to panic in the x/distribution module BeginBlocker triggered by a error when sending fees from feeCollector to x/distribution module -...
Babylon vulnerable to chain half when transaction has fees different than `ubbn`
Summary Sending transactions with fees different than native Babylon genesis denom ubbn leads to chain halt. Impact Denial of Service - Due to panic in the x/distribution module BeginBlocker triggered by a error when sending fees from feeCollector to x/distribution module -...
PT-2025-29193 · Go · Github.Com/Babylonlabs-Io/Babylon +1
Summary Sending transactions with fees different than native Babylon genesis denom ubbn leads to chain halt. Impact Denial of Service - Due to panic in the x/distribution module BeginBlocker triggered by a error when sending fees from feeCollector to x/distribution module -...
Functions Not Considering ERC20 Transaction Fees
Lines of code Vulnerability details Impact Some ERC20 tokens charge a transaction fee for every transfer used to encourage staking, add to liquidity pool, pay a fee to contract owner, etc.. Sometimes this is not a problem but in the cases where the same value is passed to a state variable and to...
High Gas Costs Due to Unnecessary String Iteration in HexUtils Library's hexStringToBytes32() Function.
Lines of code Vulnerability details Impact The hexStringToBytes32 function in the HexUtils library iterates over the entire input string, even though only a portion of it is needed to compute the output, but still, this can lead to unnecessarily high gas costs, especially for large input strings...
User should be able to set the slippage amount willing to pay
Lines of code Vulnerability details Impact The impact of this finding is that users may be required to pay higher transaction fees than necessary due to the absence of an adjustable slippage feature. This could discourage users from using the SafEth contract and negatively impact its adoption...
Default accounts cannot pay transaction fees due to DefaultAccount not calling MsgValueSimulator
Lines of code Vulnerability details Impact Default accounts cannot pay the transaction fees to the bootloader. It's not clear whether the attempts to do so will silently succeed or revert because the behaviour of the CALL opcode in the zkSync Era virtual machine isn't explained in the description...
Anyone Can Collect The Transaction Fees
Lines of code Vulnerability details Impact collectTransactionFees is a function that should be only calles by the liquidity providers , but the the flow of the function no restriction , lets anyone collect the fees. Proof of Concept 1. Alice decides to collect the fees of pool A for example 2...
[M] TimeswapV2LiquidityToken.sol#collect() Incorrect implementation causing collect always fail
Lines of code Vulnerability details Impact The function collect in the provided code is supposed to transfer transaction fees from a liquidity token position to a recipient address. However, the function currently has an issue where the long0Fees, long1Fees, and shortFees variables are not...
Drainage of FeeCollector's Block Transaction Fees in cronos
Impact In Cronos nodes running versions before v0.6.5, it is possible to take transaction fees from Cosmos SDK's FeeCollector for the current block by sending a custom crafted MsgEthereumTx. User funds and balances are safe. Patches This problem has been patched in Cronos v0.6.5 on the mempool...
CVE-2020-14199
The CVE-2020-14199 issue is a BIP-143 signing mishandling in the Bitcoin protocol that can mislead users into producing two signatures during Segwit transactions. Affected products are Trezor One firmware before 1.9.1 and Trezor Model T firmware before 2.3.1; these devices have firmware updates t...
CVE-2020-14199
BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. NOTE: this affects all hardware wallets. It was fixed in 1.9.1 for the...