Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ethereum vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-14086
An issue exists in a smart contract implementation for SingaporeCoinOrigin (SCO), an Ethereum token. The contract has an integer overflow. If the owner sets the value of sellPrice to a large number in setPrices() then the "amount * sellPrice" will cause an integer overf...
Mytoken Project Mytoken -
9.8
CVSSv3
CVE-2018-14088
An issue exists in a smart contract implementation for STeX White List (STE(WL)), an Ethereum token. The contract has an integer overflow. If the owner sets the value of amount to a large number then the "amount * 1000000000000000" will cause an integer overflow in with...
Stex White List Project Stex White List -
9.8
CVSSv3
CVE-2018-14084
An issue exists in a smart contract implementation for MKCB, an Ethereum token. If the owner sets the value of sellPrice to a large number in setPrices() then the "amount * sellPrice" will cause an integer overflow in sell().
Myadvancedtoken Project Myadvancedtoken -
9.8
CVSSv3
CVE-2018-14087
An issue exists in a smart contract implementation for EUC (EUC), an Ethereum token. The contract has an integer overflow. If the owner sets the value of buyPrice to a large number in setPrices() then the "msg.value * buyPrice" will cause an integer overflow in the fall...
Encryptedtoken Project Encryptedtoken -
9.8
CVSSv3
CVE-2018-14063
The increaseApproval function of a smart contract implementation for Tracto (TRCT), an Ethereum ERC20 token, has an integer overflow.
Tracto Tracto -
9.1
CVSSv3
CVE-2023-31146
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs...
Vyperlang Vyper
9.1
CVSSv3
CVE-2022-36025
Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and before 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including DELEGATECALL...
Linuxfoundation Besu 22.4.0
Linuxfoundation Besu
9.1
CVSSv3
CVE-2021-42764
The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to cause a denial of service (delayed consensus decisions), and also increase the profits of individual validators, via short-range reorganizations of the underlying consensus chain.
Proof-of-stake Ethereum Project Proof-of-stake Ethereum
9.1
CVSSv3
CVE-2021-42766
The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to cause a denial of service (long-range consensus chain reorganizations), even when this adversary has little stake and cannot influence network message propagation. This can cause a prot...
Proof-of-stake Ethereum Project Proof-of-stake Ethereum
8.8
CVSSv3
CVE-2018-18920
Py-EVM v0.2.0-alpha.33 allows malicious users to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is r...
Ethereum Py-evm 0.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »