11 matches found
EUVD-2025-10867
Malicious code in bioql PyPI...
EUVD-2023-33534
Malicious code in bioql PyPI...
EUVD-2022-7075
Malicious code in bioql PyPI...
Possible to block withdrawal of staked funds after recordStakingEnd or stakingError
Lines of code Vulnerability details Impact Node operators can lose their staked AVAX after stakingEnd or stakingError. Funds will be locked in the Staking contract, but impossible to withdraw. A bad actor does need to supply 1000 AVAX which he gets back and has not have real incentive to do it, b...
Contracts will not working correctly after February 2106. Vesting will be locked forever if withdrawn after February 2106.
Lines of code Vulnerability details Impact Contracts will not working correctly after February 2106. Migration takes costs and is risky. You shouldn't pass on this work to future programmers. You should fix it in the first place. In case anything went wrong during migration, a big fund loss will...
User Funds are Locked in the VotingEscrow Contract When Delegated User Withdraws
Lines of code Vulnerability details Description There exists an issue when a delegated user attempts to withdraw the locked funds after a lock duration is expired, as a result the funds for the original user who triggered the delegation is lost within the contract. Impact This is an issue because...
No withdrawal possible for ETH TOKE pool
Lines of code Vulnerability details Impact The withdraw function of the ETH Tokemak pool has an additional parameter asEth. This can be seen in the Tokemak Github repository or also when looking at the deployed code of the ETH pool. Compare that to e.g. the USDC pool, which does not have this...
One could get up to 20x more xCTDL tokens when deposit right after earn().
Lines of code Vulnerability details Impact When earn is called by authorized actors keeper or governance, 95% of the balance of CTDL token in the StakedCitadel contract will be transferred to strategy. Thus, the balance will be roughly only 5% of the totalSupply. At this juncture, if an attacker...
pendingWithdrawals just increments
Handle adelamo Vulnerability details Impact In Withdrawable.sol, every time a user wants to withdraw, the following code will get executed: function increaseWithdrawaladdress user, uint256 amount internal availableWithdrawaluser = availableWithdrawaluser.addamount; pendingWithdrawals =...
Unspecified Vulnerability in JetBrains Upsource
JetBrains Upsource is a set of code review tools from the Czech company JetBrains Jetbrains. A security vulnerability exists in JetBrains Upsource versions prior to 2020.1.1883. The vulnerability stems from the program password not being withdrawn correctly. No details of the vulnerability are...
JetBrains Upsource 安全漏洞
JetBrains Upsource is a set of code review tools from the Czech company JetBrains Jetbrains. A security vulnerability exists in JetBrains Upsource versions prior to 2020.1.1883. The vulnerability stems from the program password not being withdrawn correctly. No details of the vulnerability are...