Lucene search
K

17 matches found

The Hacker News
The Hacker News
added 2025/12/04 11:58 a.m.12 views

ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories

Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other. Here's a quick rundown of the latest cyber stories that show how fast the game keeps changing...

7.3AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in cascade-yearn-mhs812-project (npm)

The package cascade-yearn-mhs812-project was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.1 views

Malicious code in abide-yearn-lze294-project (npm)

The package abide-yearn-lze294-project was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in yearn-illume-hpg276-project (npm)

The package yearn-illume-hpg276-project was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-16598 Malicious code in cascade-yearn-mhs812-project (npm)

The package cascade-yearn-mhs812-project was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-13949 Malicious code in abide-yearn-lze294-project (npm)

The package abide-yearn-lze294-project was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-40409 Malicious code in yearn-illume-hpg276-project (npm)

The package yearn-illume-hpg276-project was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-8809 Malicious code in @malware-test-nests-metre-acold-yearn/test-mlw3-nests-metre-acold-yearn (npm)

The package @malware-test-nests-metre-acold-yearn/test-mlw3-nests-metre-acold-yearn was found to contain malicious code...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/09 5:3 a.m.5 views

Malicious code in solhint-plugin-yearn (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/12/09 5:3 a.m.6 views

MAL-2024-11462 Malicious code in solhint-plugin-yearn (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/08/04 12:0 a.m.11 views

Yearn Stragety tolerant 0 loss, which is too strict and can block withdraw

Lines of code Vulnerability details Impact Yearn Stragety tolerant 0 loss, which is too strict Proof of Concept When withdraw from Yearn Stragety result = vault.withdrawtoWithdraw, addressthis, 0; @param maxLoss The maximum acceptable loss to sustain on withdrawal. Defaults to 0.01%. If a loss is...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/07/14 12:0 a.m.17 views

Mismatch in withdraw() between Yearn and other protocols can prevent Users from redeeming zcTokens and permanently lock funds

Lines of code Vulnerability details Impact As defined in the docs for Euler, ERC4626, Compound and Aave, when withdrawing and depositing funds the amount specified corresponds excactly to how many of the underlying assets are deposited or withdrawn. However, as specified by Yearn, the yearn...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/18 12:0 a.m.10 views

Yearn Curve vault can be removed without withdrawing all deposited tokens. Causing these token to be locked forever unless an owner is added this vault back.

Lines of code Vulnerability details Impact Yearn Curve vault can be removed without withdrawing all deposited tokens. Causing these token to be locked forever unless an owner is added this vault back. Proof of Concept function removeVaultaddress vault external onlyOwner requirevaultsvault !=...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/15 12:0 a.m.12 views

YearnTokenAdapter's wrap can become stuck as it uses one step approval for an arbitrary underlying

Lines of code Vulnerability details Some tokens do not allow for approval of positive amount when allowance is positive already to handle approval race condition, most known example is USDT. This can cause the function to stuck whenever a combination of such a token and leftover approval be met...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/15 12:0 a.m.12 views

Yearn token <> shares conversion decimal issue

Handle cmichel Vulnerability details The yearn strategy YearnYield converts shares to tokens by doing pricePerFullShare shares / 1e18: function getTokensForSharesuint256 shares, address asset public view override returns uint256 amount if shares == 0 return 0; // @audit should divided by...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/06/23 12:0 a.m.8 views

safeApprove() for Yearn Vault may revert preventing deposits causing DoS

Handle 0xRajeev Vulnerability details Impact The depositInVault function for Yearn yield source uses ERC20 safeApprove from OpenZeppelin's SafeERC20 library to give maximum allowance to the Yearn Vault address if the current allowance is less than contract’s token balance. However, the safeApprov...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/06/23 12:0 a.m.11 views

Yearn vault withdrawals in redeems will always fail leading to lock/loss of user deposits

Handle 0xRajeev Vulnerability details Impact The withdrawFromVault calculates the token balance of contract before withdrawal and saves it in previousBalance. It then withdraws from the Yearn vault and calculates the token balance after withdrawal to save it in currentBalance. So currentBalance...

7AI score
Exploits0
Rows per page
Query Builder