15 matches found
EUVD-2025-145814
Malicious code in candy-yul npm...
MAL-2025-170998 Malicious code in candy-yul (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65c2ed33ebdeac7cb539317af14bb3bcc327b1ae3d45cd5d445f8e8b126063e2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2024-35250
Malicious code in bioql PyPI...
Malicious code in @zalastax/nolb-_yul (npm)
The package @zalastax/nolb-yul was found to contain malicious code...
MAL-2025-10608 Malicious code in @zalastax/nolb-_yul (npm)
The package @zalastax/nolb-yul was found to contain malicious code...
CVE-2024-35229
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern fa,b; checkifaexecutedlast in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a...
CVE-2024-35229
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern fa,b; checkifaexecutedlast in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a...
CVE-2024-35229 ZKsync Era evaluation order of Yul function arguments
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern fa,b; checkifaexecutedlast in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a...
CVE-2024-35229
CVE-2024-35229 concerns ZKSync Era (Matter Labs) prior to v1.3.10. A bug in the evaluation order of Yul function arguments is triggered by the pattern f(a(),b()); check_if_a_executed_last(), exposing a vulnerability in how arguments are evaluated. The issue has been fixed in v1.3.10. Affected dep...
CVE-2024-35229 ZKsync Era evaluation order of Yul function arguments
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern fa,b; checkifaexecutedlast in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a...
CVE-2024-35229 ZKsync Era evaluation order of Yul function arguments
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern fa,b; checkifaexecutedlast in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a...
PT-2024-26393 · Unknown · Zksync Era
Name of the Vulnerable Software and Affected Versions: ZKsync Era versions prior to 1.3.10 Description: ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. A bug in the evaluation order of Yul function arguments is exposed by a specific pattern fa,b; check if a...
ZKsync Era 安全漏洞
ZKsync Era is an open source compiler from Matter Labs. A security vulnerability exists in ZKsync Era versions prior to 1.3.10, which stems from checkifaexeculatedlast exposing a bug in the order in which Yul function arguments are evaluated...
A Storage Write Removal Bug in contracts
Lines of code Vulnerability details Summary In fallbackLSP17Extendable, Calling functions that conditionally terminate the external EVM call using the assembly statements return... may result in incorrect removals of prior storage writes. Impact In LSP17Extendable.sol, fallbackLSP17Extendable is...
Yul 'staticcall' return value not checked
Lines of code Vulnerability details Impact Unexpected behavior if call fail. --- The text was updated successfully, but these errors were encountered: All reactions...