scv-scan

Warn

Audited by Socket on Mar 18, 2026

3 alerts found:

Anomalyx3
AnomalyLOW
references/unbounded-return-data.md

This fragment contains a high-severity correctness/security bug: an unbounded returndatacopy triggered by calling an attacker-controlled callback can be abused to cause out-of-gas and revert on a critical path (DoS that can lock withdrawals). It is not malware or obfuscated code, but it is dangerous in a staking/withdrawal context. Fix by bounding return-data copies in assembly or using a safe-call helper (ExcessivelySafeCall) or otherwise avoid calling untrusted contracts on fund-critical code paths.

Confidence: 90%Severity: 65%
AnomalyLOW
references/hash-collision.md

This is a genuine, high-confidence security issue: using abi.encodePacked with adjacent variable-length arguments and then hashing the result for authentication or authorization is vulnerable to boundary-shift collisions that can be exploited to forge valid hashes/signatures or bypass checks. The fragment is not malware, but the pattern should be treated as a security bug with high remediation priority. Fixes: switch to abi.encode (length-prefixing), ensure at most one dynamic argument in encodePacked, or insert fixed-length separators between dynamic values.

Confidence: 87%Severity: 68%
AnomalyLOW
references/unchecked-return-values.md

This file is an informational/security guidance file demonstrating a vulnerable Solidity anti-pattern: unchecked return values from low-level external calls followed by state changes. It is not malicious code, but it describes a vulnerability that, if present in real contracts, can lead to loss of funds or inconsistent state. Recommended action: ensure return values from .call/.send/.delegatecall are checked and handle failures (require, revert, or use pull-payments); prefer high-level interface calls where appropriate.

Confidence: 90%Severity: 60%
Audit Metadata
Analyzed At
Mar 18, 2026, 10:34 PM
Package URL
pkg:socket/skills-sh/trailofbits%2Fskills-curated%2Fscv-scan%2F@25d34d5c902060a106ab636123f0bc4f67a8fac4