A critical access control vulnerability was discovered in oasisDEX's MultiplyProxyActions contract where the recreateTrigger function performs an unsafe delegatecall assuming msg.sender is AutomationBot, allowing external attackers to execute arbitrary code in the command context and potentially access user vault funds or cause system denial of service. The researcher found the vulnerability had already been patched a month prior, highlighting the importance of verifying contract versions against live deployments.
Researchers automated Java deserialization gadget chain discovery using LLM-driven analysis combined with static call graph analysis, discovering novel chains against WildFly and other application servers. The methodology uses WALA-based call graph construction, dynamic bytecode analysis for type confusion, and Claude Code to iteratively explore and validate gadget chains through a REST API query interface.