-
Notifications
You must be signed in to change notification settings - Fork 64
Issues
is:issue state:open
is:issue state:open
Issue creation is restricted in this repository
Search results
- Status: Open.#261 In 1inch/solidity-utils;
[MEDIUM] Short slices returned by BytesMemory::unwrap() leak adjacent data
cygent:mediumMedium severity security findingMedium severity security findingcygent:openSecurity finding - OpenSecurity finding - OpenStatus: Open.#259 In 1inch/solidity-utils;[HIGH] BytesMemory.unwrap misaligns the free-memory pointer, enabling overlapping allocations and tampering with previously returned bytes
cygent:highHigh severity security findingHigh severity security findingcygent:openSecurity finding - OpenSecurity finding - OpenStatus: Open.#258 In 1inch/solidity-utils;[HIGH] StringUtil::toHex(bytes) under-allocates free memory, enabling deterministic memory overlap that corrupts hex strings and downstream dynamic data
cygent:highHigh severity security findingHigh severity security findingcygent:openSecurity finding - OpenSecurity finding - OpenStatus: Open.#257 In 1inch/solidity-utils;[HIGH] Delegatecall-exposed functions use
msg.senderinstead of_msgSender(), allowing relayers to receive funds or control flows when executing signed callscygent:highHigh severity security findingHigh severity security findingcygent:openSecurity finding - OpenSecurity finding - OpenStatus: Open.#256 In 1inch/solidity-utils;[HIGH] Signer impersonation via reentrancy because
_msgSender()trusts stale stack entriescygent:highHigh severity security findingHigh severity security findingcygent:openSecurity finding - OpenSecurity finding - OpenStatus: Open.#255 In 1inch/solidity-utils;[HIGH] Reentrancy allows arbitrary contracts to impersonate the signer during meta-calls
cygent:highHigh severity security findingHigh severity security findingcygent:openSecurity finding - OpenSecurity finding - OpenStatus: Open.#254 In 1inch/solidity-utils;[HIGH] Signer context persists during bySig delegatecalls, enabling reentrant impersonation of signer-protected functions
cygent:highHigh severity security findingHigh severity security findingcygent:openSecurity finding - OpenSecurity finding - OpenStatus: Open.#253 In 1inch/solidity-utils;[HIGH] Using
msg.senderinstead of_msgSender()allows relayers to receive funds intended for the signed callercygent:highHigh severity security findingHigh severity security findingcygent:openSecurity finding - OpenSecurity finding - OpenStatus: Open.#252 In 1inch/solidity-utils;- Status: Open.#222 In 1inch/solidity-utils;
- Status: Open.#208 In 1inch/solidity-utils;