uniswap-v4

Uses eval() — can execute arbitrary code

CHANGELOG.md · prose · downgraded · eval(

<script> tag in markdown — potential code injection

CHANGELOG.md · prose · downgraded · <script>

Pipe-to-shell pattern (curl | sh) — supply chain attack vector

scripts/bootstrap.sh · prose · downgraded · curl -L https://foundry.paradigm.xyz | bash

Pipe to bash — executes piped content as shell commands

scripts/bootstrap.sh · prose · downgraded · | bash

Pipe to python — executes piped content as Python code

scripts/swap.sh · prose · downgraded · | python3

Possible hardcoded credential

tests/fork/swap.test.ts · prose · downgraded · Token = "0x0000000000000000000000000000000000000001

Recursive delete from root or home — destructive command

tests/smoke.sh · prose · downgraded · rm -rf /

Uses exec() — may execute shell commands

CHANGELOG.md · prose · downgraded · exec(

HTTP request to bare IP address — common in malicious payloads

references/v4-architecture.md · prose · downgraded · http://127.0.0.1

subprocess execution — runs system commands from Python

scripts/v4_read.py · prose · downgraded · subprocess.run(

References child_process — can spawn system processes

tests/unit/no-secret-leak.test.ts · prose · downgraded · child_process

Popular HTTP library — network access

scripts/approve.sh · prose · downgraded · Got

Python os.environ.get — reads environment variable

scripts/v4_read.py · prose · downgraded · os.environ.get(