code-423n4 2022-10-thegraph-findings issues

code-423n4 / 2022-10-thegraph-findings

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

QA Report

#315 code423n4 closed 1 year ago
1
Missing 0 check can lead to unexpected behaviors

#314 code423n4 closed 1 year ago
0
QA Report

#313 code423n4 opened 1 year ago
1
User can send an excess of ETH to L1GraphTokenGateway

#312 code423n4 closed 1 year ago
2
Gas Optimizations

#311 code423n4 closed 1 year ago
0
QA Report

#310 code423n4 closed 1 year ago
1
Gas Optimizations

#309 code423n4 closed 1 year ago
0
# ERC20 transfer / transferFrom with not checked return value

#308 code423n4 closed 1 year ago
1
No check transferFrom() return value

#307 code423n4 closed 1 year ago
0
# Upgradeable contract is missing a __gap[50] storage variable to allow for new storage variables in later versions

#306 code423n4 closed 1 year ago
4
QA Report

#305 code423n4 closed 1 year ago
1
Gas Optimizations

#304 code423n4 closed 1 year ago
0
Gas Optimizations

#303 code423n4 opened 1 year ago
0
QA Report

#302 code423n4 closed 1 year ago
1
Missing gap variable for upgradeable base contract

#301 code423n4 closed 1 year ago
2
Governor can rug pull the escrow

#300 code423n4 opened 1 year ago
5
GRT is inflated by escrowing L1 tokens instead of burning them

#299 code423n4 closed 1 year ago
3
Lack of gap variable in GraphTokenUpgradeable

#298 code423n4 closed 1 year ago
4
Transferfrom must return a bool

#297 code423n4 closed 1 year ago
1
Gas Optimizations

#296 code423n4 closed 1 year ago
0
QA Report

#295 code423n4 closed 1 year ago
0
If L1GraphTokenGateway's outboundTransfer is called by a contract, the entire msg.value is blackholed, whether the ticket got redeemed or not.

#294 code423n4 opened 1 year ago
5
GraphToken permit() function is vulnerable to approval double spending :

#293 code423n4 opened 1 year ago
3
QA Report

#292 code423n4 opened 1 year ago
0
calculateL2TokenAddress() may return old L2GraphToken address from cache leading to critical damage to user funds

#291 code423n4 closed 1 year ago
3
Gas Optimizations

#290 code423n4 opened 1 year ago
0
After proposed 0.8.0 upgrade kicks in, L2 finalizeInboundTransfer might not work.

#289 code423n4 opened 1 year ago
4
Gas Optimizations

#288 code423n4 opened 1 year ago
0
Gas Optimizations

#287 code423n4 closed 1 year ago
0
Gas Optimizations

#286 code423n4 closed 1 year ago
0
Missing two step update mechanism for GraphProxy's ProxyAdmin may leave upgradeable contracts non-upgradeable

#285 code423n4 closed 1 year ago
2
Lack of a contract existence check may lead to undefined behavior

#284 code423n4 closed 1 year ago
2
QA Report

#283 code423n4 closed 1 year ago
0
QA Report

#282 code423n4 opened 1 year ago
0
QA Report

#281 code423n4 opened 1 year ago
1
QA Report

#280 code423n4 closed 1 year ago
1
Using ifAdminOrPendingImpl modifier to forcefully interact with implementation contracts via _fallback() call.

#279 code423n4 closed 1 year ago
3
Gas Optimizations

#278 code423n4 opened 1 year ago
0
Signature can be reused across forks due to lack of chainid validation

#277 code423n4 closed 1 year ago
3
QA Report

#276 code423n4 opened 1 year ago
2
Using ifAdmin modifier to forcefully interact with implementation contracts via _fallback() call.

#275 code423n4 closed 1 year ago
1
Gas Optimizations

#274 code423n4 opened 1 year ago
0
QA Report

#273 code423n4 opened 1 year ago
1
Gas Optimizations

#272 code423n4 closed 1 year ago
0
Gas Optimizations

#271 code423n4 opened 1 year ago
0
Lack of 2-step process for changing the admin can cause loss of administrative power

#270 code423n4 closed 1 year ago
1
Gas Optimizations

#269 code423n4 opened 1 year ago
1
QA Report

#268 code423n4 closed 1 year ago
0
Gas Optimizations

#267 code423n4 closed 1 year ago
0
Remove burn capabilities from `L2GraphToken`

#266 code423n4 closed 1 year ago
3