code-423n4 2023-03-zksync-findings issues

code-423n4 / 2023-03-zksync-findings

5 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

No check for checking the "to" address to not be zero address in _execute() function of DefaultAccount.sol

#216 code423n4 closed 1 year ago
2
Here are some potential security vulnerabilities that I have identified in this particular contract (BytecodeCompressor.sol)

#215 code423n4 closed 1 year ago
2
Wrong Implementation of EIP-712

#214 code423n4 closed 1 year ago
8
My Findings

#213 code423n4 closed 1 year ago
1
`L2EthToken.sol` `balance[address(this)]` COULD UNDERFLOW

#212 code423n4 closed 1 year ago
4
QA Report

#211 code423n4 closed 1 year ago
3
Underflow if enough amount is sent to the contract

#210 code423n4 closed 1 year ago
4
Unchecked return values in setValueForNextCall

#209 code423n4 closed 1 year ago
5
The "totalRequiredBalance()" function in the TransactionHelper.sol library can compute address(uint160(_transaction.paymaster) as zero address even when _transaction.paymaster is non-zero

#208 code423n4 closed 1 year ago
2
L1 transaction gas cost may be changed in the future

#207 code423n4 closed 1 year ago
6
Loss of funds when msg.value > 2**128

#206 code423n4 closed 1 year ago
2
Unchecked return value of call will allow to send messages marked as sent but will fail due to not enough gas

#205 code423n4 closed 1 year ago
7
Incorrect calculation of gasToPay due to dividing before multiplying, rounding error.

#204 code423n4 closed 1 year ago
7
Unsafe safeTransfer function

#203 code423n4 closed 1 year ago
5
QA Report

#202 code423n4 closed 1 year ago
3
Unchecked msg.value will lead to losing funs inside the contract

#201 code423n4 closed 1 year ago
5
QA Report

#200 code423n4 closed 1 year ago
2
QA Report

#199 code423n4 closed 1 year ago
2
QA Report

#198 code423n4 opened 1 year ago
7
Anyone can steal funds in the Contract Deployer

#197 code423n4 closed 1 year ago
4
function _nonSystemDeployOnAddress() should try another nonces when getNewAddressCreate() result is in kernel space otherwise some logics would be broken

#196 code423n4 closed 1 year ago
5
QA Report

#195 code423n4 closed 1 year ago
2
QA Report

#194 code423n4 opened 1 year ago
4
QA Report

#193 code423n4 closed 1 year ago
1
Function getImmutable() should revert for non-existing immutable for an address instead of returning 0

#192 code423n4 opened 1 year ago
9
When using `BytecodeCompressor.publishCompressedBytecode()` to publish compressed bytecode. The L2->L1 log records the wrong sender.

#191 code423n4 closed 1 year ago
6
EVM Elliptic Curve Recovery Discrepancy

#190 code423n4 closed 1 year ago
6
Gas Optimizations

#189 code423n4 closed 1 year ago
1
Malicious or hacked admin can steal all ETH

#188 code423n4 closed 1 year ago
6
function extendedAccountVersion() return wrong supported version for kernel space addresses which has no deployed code

#187 code423n4 opened 1 year ago
5
Unsafe cast

#186 code423n4 closed 1 year ago
5
executeTransactionFromOutside incorrectly validates the passed _transaction

#185 code423n4 closed 1 year ago
4
Function forceDeployOnAddress() shouldn't allow deploying contract to EOA addresses

#184 code423n4 opened 1 year ago
3
QA Report

#183 code423n4 closed 1 year ago
3
Contracts are susceptible for Head Overflow Bug in Calldata

#182 code423n4 closed 1 year ago
4
Gas Optimizations

#181 code423n4 closed 1 year ago
1
function forceDeployOnAddress() should reset address's immutables when it's upgrading its contract

#180 code423n4 opened 1 year ago
6
QA Report

#179 code423n4 closed 1 year ago
3
funds may be lost when calling forceDeployOnAddress() with callConstructor as false

#178 code423n4 opened 1 year ago
3
QA Report

#177 code423n4 opened 1 year ago
3
Gas check inaccuracy

#176 code423n4 closed 1 year ago
6
QA Report

#175 code423n4 closed 1 year ago
3
Function forceDeployOnAddress() will break the upgraded contract by resetting AccountInfo values to default

#174 code423n4 opened 1 year ago
5
No revert when value > MAX_MSG_VALUE

#173 code423n4 closed 1 year ago
4
QA Report

#172 code423n4 closed 1 year ago
2
[Medium - 2] A force deployed contract may be stuck in the constructor forever

#171 code423n4 closed 1 year ago
4
[Medium - 1] Ecrecover precompile doesn't behave the same as the one from Ethereum

#170 code423n4 closed 1 year ago
11
QA Report

#169 code423n4 closed 1 year ago
2
QA Report

#168 code423n4 closed 1 year ago
3
deploying contracts with forceDeployOnAddress will break contracts when callConstructor is false

#167 code423n4 opened 1 year ago
7