10 matches found
EUVD-2025-140263
Malicious code in miands-minst-vusd npm...
Malicious code in minds-minst-vusd (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5ec720a815a6d199b32826accfd7a1addfd7bfc140c480606584311cdcde954 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-140125
Malicious code in minds-natudfa-vusd npm...
EUVD-2025-140127
Malicious code in minds-minst-vusd npm...
MAL-2025-176136 Malicious code in minds-minst-vusd (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5ec720a815a6d199b32826accfd7a1addfd7bfc140c480606584311cdcde954 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in vusd-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d7ab0e73da32b556aaa23c99dbb37d948aad1d628eb6286ac8069e1df5bf79e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47108 Malicious code in vusd-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d7ab0e73da32b556aaa23c99dbb37d948aad1d628eb6286ac8069e1df5bf79e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Assets sent from MarginAccount to InsuranceFund will be locked forever
Lines of code Vulnerability details Impact Assets sent from MarginAccount to InsuranceFund will be locked forever Proof of Concept The insurance fund doesn't have a way to transfer non-vusd out of the contract. Assets transferred to the InsuranceFund will be locked forever. Mitigation Have a way...
Withdrawals can be spammed and other users blocked
Lines of code Vulnerability details Impact The VUSD.processWithdrawals function only performs maxWithdrawalProcesses actually maxWithdrawalProcesses + 1 iterations per call. Withdrawals can be freely spammed by a griefer calling burnamount with a zero amount. All future withdrawals are blocked...
Griefing attack at VUSD withdraw queue is possible
Lines of code Vulnerability details Impact A malicious user can make lots of withdrawal requests to fill up the queue, making VUSD withdrawals unreachable for all other users Proof of Concept There is no control of the size or number of the withdrawal requests, and VUSD will burn even 1 wei amoun...