-
# Handle
WatchPug
# Vulnerability details
https://github.com/code-423n4/2021-10-ambire/blob/bc01af4df3f70d1629c4e22a72c19e6a814db70d/contracts/wallet/Zapper.sol#L137-L140
```solidity
function wra…
-
# Handle
gpersoon
# Vulnerability details
## Impact
In the function setAddrPrivilege of Identity.sol the value of privileges[addr] is compare to 0 and 1 in the following way:
"if (privileges[addr]…
-
# Handle
WatchPug
# Vulnerability details
In `QuickAccManager.sol#send()`, `nonces[address(identity)]` is being read 2 times (1st at L58, 2nd at L64), the second read is unnecessary, cache it in t…
-
# Handle
cmichel
# Vulnerability details
The `SignatureValidatorV2.recoverAddrImpl` function currently uses three `if (mode == *)` checks but the modes are all distinct enum values and therefore a…
-
# Handle
pauliax
# Vulnerability details
## Impact
WETH address is hardcoded but it may differ on other chains, e.g. Polygon, so make sure to check this before deploying and update if neccessary:
…
-
# Handle
pauliax
# Vulnerability details
## Impact
First perform the addition and only then check the length to avoid this duplicate math operation:
require(b.length >= index + 32, "BytesLib: …
-
# Handle
pauliax
# Vulnerability details
## Impact
There is a common issue that ecrecover returns empty (0x0) address when the signature is invalid. function recoverAddrImpl should check that befo…
-
# Handle
ye0lde
# Vulnerability details
## Impact
Shortening revert strings to fit in 32 bytes will decrease deploy time gas and will decrease runtime gas when the revert condition has been met. …
-
# Handle
JMukesh
# Vulnerability details
## Impact
require message give the idea what was the cause of failure , so its the best practise to add message in require()
## Proof of Concept
https://…
-
# Handle
JMukesh
# Vulnerability details
## Impact
Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ens…