explainx.ainewsletter3.4k
tag

vulnerability

14 indexed skills · max 10 per page

skills (14)

cairo-vulnerability-scanner

trailofbits/skills · AI/ML

0

Scans Cairo/StarkNet smart contracts for 6 critical vulnerabilities including felt252 arithmetic overflow, L1-L2 messaging issues, and signature replay attacks. \n \n Detects 6 vulnerability patterns: unchecked arithmetic, storage collision, missing access control, improper felt252 boundaries, unvalidated contract addresses, and missing caller validation \n Analyzes L1 handler functions for unvalidated from_address parameters and L1-L2 bridge implementations for cross-layer messaging vulnerabili

ton-vulnerability-scanner

trailofbits/skills · Productivity

0

Scans TON smart contracts for 3 critical vulnerabilities: integer-as-boolean misuse, fake Jetton contracts, and unsafe gas forwarding. \n \n Detects FunC contracts via file extensions ( .fc , .func ) and TON project structure (Blueprint, toncli configs) \n Identifies three vulnerability patterns: missing sender validation in Jetton handlers, incorrect boolean logic using positive integers instead of -1/0, and forward TON amounts without gas checks \n Provides detailed findings with vulnerable co

cosmos-vulnerability-scanner

trailofbits/skills · Productivity

0

Scans Cosmos SDK blockchains and CosmWasm contracts for 9 consensus-critical vulnerabilities. \n \n Detects non-determinism, incorrect signers, ABCI panics, rounding errors, missing validations, and reentrancy patterns that cause chain halts or fund loss \n Supports Go (Cosmos SDK modules) and Rust (CosmWasm contracts) with automatic platform detection via file extensions and import markers \n Provides detailed findings with vulnerable code snippets, attack scenarios, and step-by-step remediatio

solana-vulnerability-scanner

trailofbits/skills · Productivity

0

Scans Solana programs for 6 critical vulnerabilities including arbitrary CPI, improper PDA validation, and missing security checks. \n \n Detects 6 vulnerability patterns: arbitrary CPI, improper PDA validation, missing ownership checks, missing signer checks, sysvar spoofing, and improper instruction introspection \n Supports both native Solana and Anchor framework programs with automatic platform detection \n Provides detailed findings with vulnerable code snippets, attack scenarios, and speci

prevpage 2 / 2next