issues
search
code-423n4
/
2023-01-biconomy-findings
7
stars
9
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Gas Optimizations
#448
code423n4
opened
1 year ago
2
`tokenGasPriceFactor` in `FeeRefund` struct can be malleable in calls to `execTransaction`
#447
code423n4
closed
1 year ago
3
Gas Optimizations
#446
code423n4
opened
1 year ago
2
QA Report
#445
code423n4
closed
1 year ago
1
Gas Optimizations
#444
code423n4
closed
1 year ago
1
SmartAccount implementation can be destroyed by a bad actor
#443
code423n4
closed
1 year ago
3
Gas Optimizations
#442
code423n4
closed
1 year ago
1
`transferToken` deducts a fixed gas amount
#441
code423n4
closed
1 year ago
1
Gas Optimizations
#440
code423n4
closed
1 year ago
1
QA Report
#439
code423n4
closed
1 year ago
1
QA Report
#438
code423n4
opened
1 year ago
2
QA Report
#437
code423n4
closed
1 year ago
1
Gas Optimizations
#436
code423n4
opened
1 year ago
2
Gas Optimizations
#435
code423n4
opened
1 year ago
2
Gas Optimizations
#434
code423n4
opened
1 year ago
3
Attacker can bypass signature validation and send arbitrary transactions to be executed by smart wallet.
#433
code423n4
closed
1 year ago
4
`executeBatch()` , `handleOps()`, `handleAggregatedOps`, `innerHandleOp()` are susceptible to DOS with block gas limit
#432
code423n4
closed
1 year ago
1
Gas Optimizations
#431
code423n4
closed
1 year ago
1
Gas Optimizations
#430
code423n4
closed
1 year ago
1
QA Report
#429
code423n4
closed
1 year ago
1
Hardcoding gas costs should be avoided
#428
code423n4
opened
1 year ago
8
QA Report
#427
code423n4
closed
1 year ago
1
The Smart Account can be generated in duplicate, and the attacker uses it by frontrunning the wallet generation process.
#426
code423n4
closed
1 year ago
3
Gas Optimizations
#425
code423n4
closed
1 year ago
1
Transaction replay is possible due to the use of mapping of nonces
#424
code423n4
closed
1 year ago
4
QA Report
#423
code423n4
opened
1 year ago
2
QA Report
#422
code423n4
closed
1 year ago
3
Low-level call/delegatecall can fail silently
#421
code423n4
closed
1 year ago
2
Replay attack on UserOperation if the smart account is not deployed before
#420
code423n4
closed
1 year ago
8
checkSignatures will revert for all possible contract signatures
#419
code423n4
closed
1 year ago
2
QA Report
#418
code423n4
closed
1 year ago
2
QA Report
#417
code423n4
opened
1 year ago
4
QA Report
#416
code423n4
closed
1 year ago
1
Gas Optimizations
#415
code423n4
closed
1 year ago
1
`tokenGasPriceFactor` can be changed to either maximize gas refund or minimize it
#414
code423n4
closed
1 year ago
3
Checks in `isContract()` can be bypassed using CREATE2 which can break several functionalities
#413
code423n4
closed
1 year ago
3
Owner could brick all proxies by overwriting the implementation contract and making `updateImplementation` unusable
#412
code423n4
closed
1 year ago
3
`execFromEntryPoint` will always revert.
#411
code423n4
closed
1 year ago
10
No zero address check for withdrawAddress
#410
code423n4
closed
1 year ago
1
QA Report
#409
code423n4
opened
1 year ago
2
`validatePaymasterUserOp` allows for signature malleability
#408
code423n4
closed
1 year ago
3
A malicious user can make other's smart wallet invoke any external contract by deploying the smart wallet
#407
code423n4
closed
1 year ago
3
QA Report
#406
code423n4
closed
1 year ago
1
Transfer of ownership in single step
#405
code423n4
closed
1 year ago
2
Deploy wallet for another user with fake entityPoint or handler
#404
code423n4
closed
1 year ago
3
Gas Optimizations
#403
code423n4
closed
1 year ago
1
QA Report
#402
code423n4
opened
1 year ago
2
User pays more to unstake
#401
code423n4
closed
1 year ago
1
EIP1271 Not Implemented
#400
code423n4
closed
1 year ago
5
Gas Optimizations
#399
code423n4
closed
1 year ago
1
Previous
Next