VotingEscrow doesn't properly store history values thus balanceOfAtNFT() and totalSupplyAt() always return 0

Lines of code Vulnerability details Impact VotingEscrow of Velodrome is a port from vyper but it had a crucial bug due to the difference of how vyper and solidity deals with memory struct assignment. In short, balanceOfAtNFTuint tokenId, uint block and totalSupplyAtuint block that should've...

Kubernetes: Blind SSRF on velodrome.canary.k8s.io

A blind server-side request forgery SSRF was found at the endpoint http://velodrome.canary.k8s.io/api/snapshots via a JSON parameter. An attacker can force the host to make a request to arbitrary URLs...