issues
search
code-423n4
/
2022-10-thegraph-findings
0
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Unpredictable Behavior for Users Due to Access Control Front Running or General Bad Timing
#165
code423n4
closed
1 year ago
2
Gas Optimizations
#164
code423n4
closed
1 year ago
0
QA Report
#163
code423n4
closed
1 year ago
1
QA Report
#162
code423n4
closed
1 year ago
0
Gas Optimizations
#161
code423n4
closed
1 year ago
0
Use safetransferFrom() instead transferFrom()
#160
code423n4
closed
1 year ago
0
QA Report
#159
code423n4
opened
1 year ago
0
Gas Optimizations
#158
code423n4
closed
1 year ago
0
GRT token sender's token balance can be locked in BridgeEscow if the cross chain transaction from L1 to L2 fails, expire (passing the retryable window) or cancelled by the receiver
#157
code423n4
closed
1 year ago
1
Token transfers do not verify that the tokens were successfully transferred
#156
code423n4
closed
1 year ago
0
Single-step process for critical ownership transfer/renounce is risky
#155
code423n4
closed
1 year ago
1
QA Report
#154
code423n4
closed
1 year ago
0
Gas Optimizations
#153
code423n4
opened
1 year ago
0
Compromised address of the Arbitrum Gateway Router on L1 can bridge the GRT token onbehalf of the victim to L2, Compromised Arbitrum Gateway Router on L2 can burn GRT token in L2 onbehalf of the victim and mint GRT token in L1
#152
code423n4
closed
1 year ago
5
User is likely to either overpay or underpay the ETH gas when transferring GRT from L1 to L2 because supplying the right gas parameter is too complicated for average user
#151
code423n4
closed
1 year ago
3
Gas Optimizations
#150
code423n4
closed
1 year ago
0
initialize function in L2GraphToken.sol, BridgeEscrow.sol, L2GraphTokenGateway.sol, L1GraphTokenGateway.sol can be invoked multiple times from the implementation contract.
#149
code423n4
opened
1 year ago
6
Compromised governance can mint any amount of Graph Token in L2, there is no upper bound limit for token minting in L2.
#148
code423n4
closed
1 year ago
3
Multichain signature reuse risk when use the signature to grant allowance permission in GraphTokenUpgradeable.sol
#147
code423n4
closed
1 year ago
1
Address.isContract(_pendingImplementation) restriction can be bypassed
#146
code423n4
closed
1 year ago
1
Gas Optimizations
#145
code423n4
closed
1 year ago
0
QA Report
#144
code423n4
opened
1 year ago
1
Gas Optimizations
#143
code423n4
opened
1 year ago
0
Ignores return value from L1GraphTokenGateway.outboundTransfer
#142
code423n4
closed
1 year ago
1
UNSAFE USAGE OF ERC20 TRANSFERFROM
#141
code423n4
closed
1 year ago
0
Ignores return value from revoke function
#140
code423n4
closed
1 year ago
1
Use `safeTransferFrom` instead of `transferFrom()`
#139
code423n4
closed
1 year ago
0
QA Report
#138
code423n4
closed
1 year ago
0
IGNORES RETURN VALUES
#137
code423n4
closed
1 year ago
0
QA Report
#136
code423n4
closed
1 year ago
0
Gas Optimizations
#135
code423n4
closed
1 year ago
0
Gas Optimizations
#134
code423n4
closed
1 year ago
0
QA Report
#133
code423n4
closed
1 year ago
2
pull model for setController
#132
code423n4
closed
1 year ago
2
separation of paused function for outboundTransfer and finalizeInboundTransfer
#131
code423n4
closed
1 year ago
2
QA Report
#130
code423n4
closed
1 year ago
1
Gas Optimizations
#129
code423n4
closed
1 year ago
0
Gas Optimizations
#128
code423n4
closed
1 year ago
0
QA Report
#127
code423n4
closed
1 year ago
0
QA Report
#126
code423n4
closed
1 year ago
0
`safeTransferFrom()` should be used rather than `transferFrom()` wherever possible
#125
code423n4
closed
1 year ago
0
The arithmetic operator can overflow
#124
code423n4
closed
1 year ago
1
Return values of `transfer()`/`transferFrom()` not checked
#123
code423n4
closed
1 year ago
0
The arithmetic operator can overflow
#122
code423n4
closed
1 year ago
1
Gas Optimizations
#121
code423n4
opened
1 year ago
0
Not compatible with some tokens like USDT, BNB, OMG, etc
#120
code423n4
closed
1 year ago
0
Contracts are vulnerable to cross-chain replay attacks
#119
code423n4
closed
1 year ago
1
QA Report
#118
code423n4
opened
1 year ago
1
Gas Optimizations
#117
code423n4
opened
1 year ago
1
Missing contract existence checks for low-level calls
#116
code423n4
closed
1 year ago
3
Previous
Next