issues
search
code-423n4
/
2023-01-biconomy-findings
10
stars
10
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
QA Report
#398
code423n4
closed
1 year ago
1
amount has to be bigger than 0
#397
code423n4
closed
1 year ago
2
Cannot use dApp with value when calling `executeBatch`
#396
code423n4
closed
1 year ago
6
Wrongly added modifier to `execute` and `executeBatch`
#395
code423n4
closed
1 year ago
3
Wrong verification of isContract
#394
code423n4
closed
1 year ago
4
Gas Optimizations
#393
code423n4
closed
1 year ago
1
Reverting all the UserOperation in the mempool by front-running the bundler and not refunding the gas
#392
code423n4
closed
1 year ago
6
`refundReceiver` will receive less tokens than desired
#391
code423n4
closed
1 year ago
1
methods used by EntryPoint has `onlyOwner` modifier
#390
code423n4
opened
1 year ago
4
SmartAccount execute() and executeBatch() have the wrong modifier
#389
code423n4
closed
1 year ago
3
Gas Optimizations
#388
code423n4
closed
1 year ago
1
QA Report
#387
code423n4
closed
1 year ago
1
`validateUserOp` in `SmartAccount` and `BaseSmartAccount` doesn't follow EIP-4337
#386
code423n4
closed
1 year ago
5
QA Report
#385
code423n4
closed
1 year ago
1
Gas Optimizations
#384
code423n4
closed
1 year ago
1
Gas Optimizations
#383
code423n4
closed
1 year ago
1
EIP-1271 contract signing lets anyone execute any tx from the wallet
#382
code423n4
closed
1 year ago
3
Ether can be stuck in the implementation contract
#381
code423n4
closed
1 year ago
3
QA Report
#380
code423n4
opened
1 year ago
2
Critical, privileged addresses should require two step authentification
#379
code423n4
closed
1 year ago
3
Gas Optimizations
#378
code423n4
opened
1 year ago
2
Invoking execute and executeBatch of SmartAccount from EntryPoint will always revert
#377
code423n4
closed
1 year ago
3
`SmartAccount.transfer()` is open to gas griefing attacks
#376
code423n4
closed
1 year ago
3
Draining some funds from the Smart Contract Wallet is possible when transferring out native ether
#375
code423n4
closed
1 year ago
2
The requirement of address of paymaster to not be a smart contract address in VerifyingSingletonPaymaster.depositFor() can be bypassed
#374
code423n4
closed
1 year ago
4
Security risks exposed by `delegatecall` in `SmartAccount.execTransaction()` should be mitigated
#373
code423n4
closed
1 year ago
3
`SmartAccount` implements non-upgradeable dependencies
#372
code423n4
closed
1 year ago
3
Meeting the requirement for an individual nonce for signatures
#371
code423n4
closed
1 year ago
3
Funciton following Outdated EIP specification should be updated
#370
code423n4
closed
1 year ago
4
`userOperation` with `initCode` can be frontran
#369
code423n4
closed
1 year ago
4
Single step ownership change poses high risks
#368
code423n4
closed
1 year ago
2
An attacker can execute any transaction by passed own contract signature validator
#367
code423n4
closed
1 year ago
4
Gas Optimizations
#366
code423n4
opened
1 year ago
2
QA Report
#365
code423n4
opened
1 year ago
2
deployCounterFactualWallet frontrunning/pre-deployment risks
#364
code423n4
closed
1 year ago
4
Gas Optimizations
#363
code423n4
closed
1 year ago
1
QA Report
#362
code423n4
opened
1 year ago
2
Gas Optimizations
#361
code423n4
opened
1 year ago
2
User can bypass the sponsored tx policy and can possibly drain paymaster's deposit with transaction withold attack
#360
code423n4
opened
1 year ago
7
Paymaster balance not properly updated
#359
code423n4
closed
1 year ago
1
Bypass Authentication
#358
code423n4
closed
1 year ago
3
Attacker can selfdestruct the code/logic of SmartAccount's implementation contract, leading to permanent loss of funds, of the owner of SmartAccount
#357
code423n4
closed
1 year ago
3
QA Report
#356
code423n4
closed
1 year ago
1
No checks on the size & gas consumption of ops in handleOps()
#355
code423n4
closed
1 year ago
3
Gas Optimizations
#354
code423n4
closed
1 year ago
1
QA Report
#353
code423n4
opened
1 year ago
4
Protocol has upgradeable contracts that cannot be upgraded
#352
code423n4
closed
1 year ago
5
EIP-1967 has been wrongly implemented.
#351
code423n4
closed
1 year ago
1
EntryPoint address in SmartAccount.sol cannot execute certain functions because of the onlyOwner modifier
#350
code423n4
closed
1 year ago
3
QA Report
#349
code423n4
closed
1 year ago
1
Previous
Next