Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ethereum vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2017-14451
An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attack...
Ethereum Ethereum -
1 Github repository
9.8
CVSSv3
CVE-2024-24563
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an `int` as an index for an array. The typecheck...
Vyperlang Vyper
9.8
CVSSv3
CVE-2024-24561
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and previous versions, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() function uses a n...
Vyperlang Vyper
9.8
CVSSv3
CVE-2024-22419
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the `build_IR` for `concat` doesn't pro...
Vyperlang Vyper
9.8
CVSSv3
CVE-2022-24845
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of `<iface>.returns_int128()` is not validated to fall within the bounds of `int128`. This issue can result in a misinterpretation of the integer value and lead to...
Vyperlang Vyper
9.8
CVSSv3
CVE-2022-24788
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper before 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp bytes length, potentially ...
Vyperlang Vyper
9.8
CVSSv3
CVE-2021-41153
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `< 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destin...
Evm Project Evm
9.8
CVSSv3
CVE-2020-17752
Integer overflow vulnerability in payable function of a smart contract implementation for an Ethereum token, as demonstrated by the smart contract implemented at address 0xB49E984A83d7A638E7F2889fc8328952BA951AbE, an implementation for MillionCoin (MON).
Mon Project Mon -
9.8
CVSSv3
CVE-2018-15890
An issue exists in EthereumJ 1.8.2. There is Unsafe Deserialization in ois.readObject in mine/Ethash.java and decoder.readObject in crypto/ECKey.java. When a node syncs and mines a new block, arbitrary OS commands can be run on the server.
Ethereum Ethereumj 1.8.2
9.8
CVSSv3
CVE-2018-17111
The onlyOwner modifier of a smart contract implementation for Coinlancer (CL), an Ethereum ERC20 token, has a potential access control vulnerability. All contract users can access functions that use this onlyOwner modifier, because the comparison between msg.sender and owner is i...
Coinlancer Coinlancer -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »