Malicious code in v2-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 51e0286004b6b184a7ae2c0a7110095cd51122ae1c9ccc69db8d1bfd7380dfed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1600 Malicious code in v2-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 51e0286004b6b184a7ae2c0a7110095cd51122ae1c9ccc69db8d1bfd7380dfed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Two pairs can have same tokens

Handle sirhashalot Vulnerability details Impact The createLPoolPair function in ControllerV1.sol tries to prevent a pair from being create if it already exists. It does this with the statement requirelpoolPairstoken0token1.lpool0 == address0 || lpoolPairstoken1token0.lpool0 == address0, 'pool pai...

Hardcoded seed phrase in sherlock-v2-core repo

Handle cryptphi Vulnerability details Impact The hardcoded mnemonic can lead to account compromise. Proof of Concept There exists hardcoded credentials in line This credentials can be used to takeover the wallet address used. Tools Used Github Recommended Mitigation Steps Avoid hardcoding...