EUVD-2014-9248

Malware in sbrugna...

Upgraded Q -> 2 from #221 [1699029747725]

Judge has assessed an item in Issue 221 as 2 risk. The relevant finding follows: L-02 Handling missing for case where ERC20 token has decimal 18 in CamelotRelayer & UniV3Relayer oracles Description In the constructor token decimals of an ERC20 is assumed to be = 18 which can be wrong for some...

Design/Logic Flaw

Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...

Missing deadline param in swapExactAmountOut() allowing outdated slippage and allow pending transaction to be executed unexpectedly.

Lines of code Vulnerability details Impact Loss of funds/tokens for the protocol, since block execution is delegated to the block validator without a hard deadline. Proof of Concept The function swapExactAmountOut from LiquidationRouter.sol and LiquidationPair.sol use these methods to swap tokens...

Github PNPM 代码问题漏洞

Github PNPM is fast, disk space saving package manager. A security vulnerability exists in PNPM v6.15.1 that stems from when a user executes a PNPM command in a directory that contains malicious content, which can cause an application to run in an unexpected manner...