issues
search
code-423n4
/
2023-03-zksync-findings
6
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Use safeTransfer()/ safeTransferFrom() instead of transfer()/ transferFrom()
#116
code423n4
closed
1 year ago
2
QA Report
#115
code423n4
closed
1 year ago
2
QA Report
#114
code423n4
closed
1 year ago
2
Gas Optimizations
#113
code423n4
closed
1 year ago
1
QA Report
#112
code423n4
opened
1 year ago
2
QA Report
#111
code423n4
opened
1 year ago
4
Breaking accounting on `L2EthToken`
#110
code423n4
closed
1 year ago
6
Forceful deployment can overwrite any contract
#109
code423n4
closed
1 year ago
4
The Risk of Adding an Incorrect Previous Block Hash Value in a Blockchain Network
#108
code423n4
closed
1 year ago
4
Adding Multiple Blocks with the Same Timestamp Can Create Ambiguity in the Order of Blocks in the Blockchain Network
#107
code423n4
closed
1 year ago
2
Missing verifyingContract at TYPEHASH for EIP-712
#106
code423n4
closed
1 year ago
9
_l1Receiver may lose the token amount
#105
code423n4
closed
1 year ago
2
Operator can cause funds to be stolen by manipulating gas fee refund
#104
code423n4
closed
1 year ago
6
Attacker could potentially burn the token balance of totalSupply and L2EthContract
#103
code423n4
closed
1 year ago
3
readUint16() and readUint64() fail to clean up the returned results.
#102
code423n4
closed
1 year ago
10
Dirty bytes in dictionary during publishing the compressed bytecode
#101
code423n4
closed
1 year ago
8
Sending L2 ---> L1 message without paying gas for published data due to uint256 overflow
#100
code423n4
closed
1 year ago
4
QA Report
#99
code423n4
closed
1 year ago
3
``constructedBytecodeHash()`` has the side effects of setting other flags to false, not just the ``isConstructor`` bit.
#98
code423n4
closed
1 year ago
4
setValueUnderNonce () missing increase minNonce
#97
code423n4
closed
1 year ago
5
Missing access control when publishing compressed bytecode
#96
code423n4
opened
1 year ago
6
forceDeployOnAddress() may lose value
#95
code423n4
closed
1 year ago
8
``isContractConstructing()`` might return wrong result
#94
code423n4
closed
1 year ago
4
DefaultAccount#fallback lack payable
#93
code423n4
opened
1 year ago
5
forceDeployOnAddress() may be missing markAccountCodeHashAsConstructed()
#92
code423n4
closed
1 year ago
2
QA Report
#91
code423n4
closed
1 year ago
3
Possible loss of funds when withdrawing from L2 to L1
#90
code423n4
closed
1 year ago
4
QA Report
#89
code423n4
closed
1 year ago
2
Bytecode hash of `AccountCodeStorage` is not stored in its mapping
#88
code423n4
closed
1 year ago
4
`DefaultAccount` does not accept transfers with calldata
#87
code423n4
closed
1 year ago
3
Force deployment of a contract keeps the flag of `isConstructor` to true
#86
code423n4
closed
1 year ago
4
Missing constraints on force contract deployment
#85
code423n4
closed
1 year ago
4
QA Report
#84
code423n4
closed
1 year ago
1
The `SystemContext` contract contains the test interface
#83
code423n4
closed
1 year ago
7
`L2EthToken` contract does not provide a function to transfer tokens in the contract
#82
code423n4
closed
1 year ago
4
`L2EthToken` contract withdrawal proof may be forged
#81
code423n4
closed
1 year ago
2
`L2EthToken` contract `withdraw` function may overflow
#80
code423n4
closed
1 year ago
2
Reentrancy in `validateTransaction` function
#79
code423n4
closed
1 year ago
2
Bytecode Compressor Contract Replay Attack.
#78
code423n4
closed
1 year ago
2
`getBlockHashEVM()` function vulnerability leads to DoS attack
#77
code423n4
closed
1 year ago
2
The value mapped under a nonce can be overwritten
#76
code423n4
closed
1 year ago
6
An attacker can manipulate the call stack of the transaction to impersonate another address and set a different value for the `origin` variable.
#75
code423n4
closed
1 year ago
2
L2EthToken contract integer overflow/underflow vulnerability
#74
code423n4
closed
1 year ago
2
Reentrancy Attack on mimicCall Function
#73
code423n4
closed
1 year ago
2
In the fallback function, the success value of the `transferFromTo` function is not checked, which could result in the loss of funds.
#72
code423n4
closed
1 year ago
2
Overflow/Underflow of Integers vulnerability in the `msg.value` simulation of the zkEVM.
#71
code423n4
closed
1 year ago
1
time-sensitive contracts deployed on zkSync
#70
code423n4
opened
1 year ago
7
Attacker can use L1->L2 transactions to register factory deps for free
#69
code423n4
closed
1 year ago
11
QA Report
#68
code423n4
opened
1 year ago
2
Inconsistency in calculating the gas to pay
#67
code423n4
opened
1 year ago
7
Previous
Next