Skip to content

v1.15 - 2025-02-12

Latest
Latest
Compare
Choose a tag to compare
@abhinav-nain abhinav-nain released this 12 Feb 10:48
· 2 commits to master since this release
v1.15
33c1704
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Added

  • Decentralized Application Misconfiguration - Insecure Data Storage - Plaintext Private Key - P1
  • Decentralized Application Misconfiguration - Insecure Data Storage - Sensitive Information Exposure - Varies
  • Decentralized Application Misconfiguration - Improper Authorization - Insufficient Signature Validation - Varies
  • Decentralized Application Misconfiguration - DeFi Security - Flash Loan Attack - Varies
  • Decentralized Application Misconfiguration - DeFi Security - Pricing Oracle Manipulation - Varies
  • Decentralized Application Misconfiguration - DeFi Security - Function-Level Accounting Error - Varies
  • Decentralized Application Misconfiguration - DeFi Security - Improper Implementation of Governance - Varies
  • Decentralized Application Misconfiguration - Marketplace Security - Signer Account Takeover - P1
  • Decentralized Application Misconfiguration - Marketplace Security - Unauthorized Asset Transfer - P1
  • Decentralized Application Misconfiguration - Marketplace Security - Orderbook Manipulation - P1
  • Decentralized Application Misconfiguration - Marketplace Security - Malicious Order Offer - P2
  • Decentralized Application Misconfiguration - Marketplace Security - Price or Fee Manipulation - P2
  • Decentralized Application Misconfiguration - Marketplace Security - OFAC Bypass - P3
  • Decentralized Application Misconfiguration - Marketplace Security - Improper Validation and Checks For Deposits and Withdrawals - Varies
  • Decentralized Application Misconfiguration - Marketplace Security - Miscalculated Accounting Logic - Varies
  • Decentralized Application Misconfiguration - Marketplace Security - Denial of Service - Varies
  • Decentralized Application Misconfiguration - Protocol Security Misconfiguration - Node-level Denial of Service - P1
  • Protocol Specific Misconfiguration - Frontrunning-Enabled Attack - P2
  • Protocol Specific Misconfiguration - Sandwich-Enabled Attack - P2
  • Protocol Specific Misconfiguration - Misconfigured Staking Logic - Varies
  • Protocol Specific Misconfiguration - Improper Validation and Finalization Logic - Varies
  • Smart Contract Misconfiguration - Reentrancy Attack - P1
  • Smart Contract Misconfiguration - Smart Contract Owner Takeover - P1
  • Smart Contract Misconfiguration - Uninitialized Variables - P1
  • Smart Contract Misconfiguration - Unauthorized Transfer of Funds - P1
  • Smart Contract Misconfiguration - Integer Overflow / Underflow - P2
  • Smart Contract Misconfiguration - Unauthorized Smart Contract Approval - P2
  • Smart Contract Misconfiguration - Irreversible Function Call - P3
  • Smart Contract Misconfiguration - Function-level Denial of Service - P3
  • Smart Contract Misconfiguration - Malicious Superuser Risk - P3
  • Smart Contract Misconfiguration - Improper Fee Implementation - P3
  • Smart Contract Misconfiguration - Improper Use of Modifier - P4
  • Smart Contract Misconfiguration - Improper Decimals Implementation - P4
  • Smart Contract Misconfiguration - Inaccurate Rounding Calculation - Varies
  • Smart Contract Misconfiguration - Bypass of Function Modifiers & Checks - Varies
  • Zero Knowledge Security Misconfiguration - Missing Constraint - Varies
  • Zero Knowledge Security Misconfiguration - Mismatching Bit Lengths - Varies
  • Zero Knowledge Security Misconfiguration - Misconfigured Trusted Setup - Varies
  • Zero Knowledge Security Misconfiguration - Missing Range Check - Varies
  • Zero Knowledge Security Misconfiguration - Improper Proof Validation and Finalization Logic - P1
  • Zero Knowledge Security Misconfiguration - Deanonymization of Data - P1
  • Blockchain Infrastructure Misconfiguration - Improper Bridge Validation and Verification Logic - Varies
  • Broken Authentication and Session Management - SAML Replay - P5

Changed

FROM:

  • Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Read/Edit/Delete Sensitive Information/Iterable Object Identifiers - P1
  • Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Edit/Delete Sensitive Information/Iterable Object Identifiers - P2
  • Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Read Sensitive Information/Iterable Object Identifiers - P3
  • Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Read/Edit/Delete Sensitive Information/Complex Object Identifiers(GUID) - P4
  • Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Read/Edit/Delete Non-Sensitive Information - P5

TO:

  • Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Modify/View Sensitive Information(Iterable Object Identifiers) - P1
  • Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Modify Sensitive Information(Iterable Object Identifiers) - P2
  • Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - View Sensitive Information(Iterable Object Identifiers) - P3
  • Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Modify/View Sensitive Information(Complex Object Identifiers GUID/UUID) - P4
  • Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - View Non-Sensitive Information - P5

Other

  • CVSS Score correction for Server Security Misconfiguration - Mail Server Misconfiguration - Email Spoofing to Inbox due to Missing or Misconfigured DMARC on Email Domain - P4.
  • All JSONs, i.e., VRT and its mapping JSONs are now alphabetically sorted.
  • Internal library changes to add a new helper script that aids in sorting the JSONs.
Assets 2
Loading