-
0xSpearmint1
medium
# A new draw cannot be finished if the lastStartDrawAuction's rngRequestId is void
## Summary
A new draw cannot be finished if the lastStartDrawAuction's rngRequestId is …
-
0xAadi
high
# Potential Fund Lock in `Requestor` Contract on `zkSync Era` Blockchain Due to the Use of `transfer()` Method to Transfer ETH
## Summary
This report is based on this request in the REA…
-
trachev
medium
# Users may be unable to withdraw from their `Requestor` contract
## Summary
When withdrawing leftover ETH from `Requestor.sol`, the contract uses Solidity’s unsafe `transfer()` to t…
-
bareli
medium
# Result of transfer / transferFrom not checked
## Summary
no check on the transfer call in withdraw function.
## Vulnerability Detail
function withdraw(address payable _to) external…
-
-
- We have a new interface for the price feed contracts
- Logic needs to be changed in this repo because of the new configuration schema
-
0xSpearmint1
high
# the `creator` role can set a malicious drawManager
## Summary
the `creator` role can set a malicious drawManager
## Vulnerability Detail
The protocol clearly states the follow…
-
0xSpearmint1
medium
# gas yield can never be claimed and all yield will be lost
## Summary
Gas yield can never be claimed and all yield will be lost
## Vulnerability Detail
The protocol has clearl…
-
0x73696d616f
medium
# `Requestor` uses `to.transfer()` to withdraw the balance of the creator, but the creator may not be able to receive it
## Summary
`address.transfer()` only forwards 2300 gas,…
-
MiloTruck
medium
# Use of `.transfer()` in `Requestor.withdraw()` will not work on zkSync
## Summary
`Requestor.withdraw()` uses `.transfer()` to transfer ETH to users, which does not work on zkSy…