Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ethereum vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-32058
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen ...
Vyperlang Vyper
9.1
CVSSv3
CVE-2023-31146
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs...
Vyperlang Vyper
5.9
CVSSv3
CVE-2023-31290
Trust Wallet Core prior to 3.1.1, as used in the Trust Wallet browser extension prior to 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023. This occurs because the mt19937 Mersenne Twister takes a single 32-bit...
Trustwallet Trust Wallet Browser Extension
Trustwallet Trust Wallet Core
7.5
CVSSv3
CVE-2023-30629
Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 up to and including 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong ...
Vyperlang Vyper
5.7
CVSSv3
CVE-2023-30543
@web3-react is a framework for building Ethereum Apps . In affected versions the `chainId` may be outdated if the user changes chains as part of the connection flow. This means that the value of `chainId` returned by `useWeb3React()` may be incorrect. In an application, this mean...
Uniswap Web3-react Walletconnect 8.0.30
Uniswap Web3-react Walletconnect 8.0.31
Uniswap Web3-react Walletconnect 8.0.32
Uniswap Web3-react Walletconnect 8.0.33
Uniswap Web3-react Walletconnect 8.0.34
Uniswap Web3-react Walletconnect 8.0.35
Uniswap Web3-react Walletconnect 8.0.36
Uniswap Web3-react Walletconnect 8.0.27
Uniswap Web3-react Walletconnect 8.0.28
Uniswap Web3-react Walletconnect 8.0.29
Uniswap Web3-react Walletconnect 8.0.0
Uniswap Web3-react Walletconnect 8.0.1
Uniswap Web3-react Walletconnect 8.0.2
Uniswap Web3-react Walletconnect 8.0.3
Uniswap Web3-react Walletconnect 8.0.4
Uniswap Web3-react Walletconnect 8.0.5
Uniswap Web3-react Walletconnect 8.0.6
Uniswap Web3-react Walletconnect 8.0.7
Uniswap Web3-react Walletconnect 8.0.8
Uniswap Web3-react Walletconnect 8.0.9
Uniswap Web3-react Walletconnect 8.0.10
Uniswap Web3-react Walletconnect 8.0.11
7.5
CVSSv3
CVE-2023-28431
Frontier is an Ethereum compatibility layer for Substrate. Frontier's `modexp` precompile uses `num-bigint` crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses...
Parity Frontier
5.3
CVSSv3
CVE-2022-47547
GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not be pruned from the network) even though it continuously misbehaves by never forwarding topic messages.
Protocol Gossipsub 1.1
7.5
CVSSv3
CVE-2022-39354
SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the `is_static` parameter to determine if the call is executed in a static context (via `STATICCALL`), and thus decide if stateful operations should be done. Pri...
Evm Project Evm
1 Github repository
5.3
CVSSv3
CVE-2022-39242
Frontier is an Ethereum compatibility layer for Substrate. Prior to commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adve...
Parity Frontier
9.1
CVSSv3
CVE-2022-36025
Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and before 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including DELEGATECALL...
Linuxfoundation Besu 22.4.0
Linuxfoundation Besu
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
command injection
CVE-2021-47511
CVE-2024-26238
CVE-2024-4858
CVE-2024-21305
XXE
CVE-2021-47555
CVE-2021-47526
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »