EUVD-2022-3638

Malicious code in bioql PyPI...

CVE-2022-29219

Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Because the developers represent uint64 values as native javascript...

Arithmetic overflows in cosmwasm-std

Some mathematical operations in cosmwasm-std use wrapping math instead of panicking on overflow for very big numbers. This can lead to wrong calculations in contracts that use these operations. Affected functions: - Uint256,512::pow / Int256,512::pow - Int256,512::neg Affected if overflow-checks ...

_secondaryReserveRatio is likely to be overflowed due to an unsafe downcast

Lines of code Vulnerability details msg.value SCALE 1e18 / initialTokenSupply initialTokenPrice is likely to be more than maxuint32, and therefore secondaryReserveRatio can be overflowed due to the unsafe downcast to uint32. For example, for: initialTokenSupply = 1e20. initialTokenPrice = 1e14. T...

Denial Of Service (DoS)

@chainsafe/lodestar is vulnerable to denial of service. The vulnerability exists because the library uses the uint64 values as native javascript numbers, allowing an attacker to crash the application by providing large uint64 values greater than 2^53 through the maliciously-crafted AttesterSlashi...

AttesterSlashing number overflow

Impact Possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Since we represent uint64 values as native javascript numbers, there is an issue when those variables with large greater than 2^53 uint64 values are included on chain. In those...

GHSA-CVJ7-5F3C-9VG9 AttesterSlashing number overflow

Impact Possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Since we represent uint64 values as native javascript numbers, there is an issue when those variables with large greater than 2^53 uint64 values are included on chain. In those...

Code injection

Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Because the developers represent uint64 values as native javascript...

CVE-2022-29219 Integer Overflow in Lodestar

Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Because the developers represent uint64 values as native javascript...

Unsafe Cast

Handle mics Vulnerability details use openzeppilin's safeCast in: ControllerV1.sol, L190: unsafe cast from uint256 to uint64 of the variable blockTime ControllerV1.sol, L192: unsafe cast from uint256 to uint64 of the variable blockTime --- The text was updated successfully, but these errors were...

Unsafe uint64 casting may overflow

Handle sirhashalot Vulnerability details Impact The calculateRewardAmount function casts epoch timestamps from uint256 to uint64 and these may overflow. The epochStartTimestamp value is a function of the user-supplied epochId value, which could be extremely large up to 2255 – 1. While Solidity...

go -- archive/zip: overflow in preallocation check can cause OOM panic

The Go project reports: An oversight in the previous fix still allows for an OOM panic when the indicated directory size in the archive header is so large that subtracting it from the archive size overflows a uint64, effectively bypassing the check that the number of files in the archive is...