code-423n4 2023-05-base-findings issues

code-423n4 / 2023-05-base-findings

1 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> 2 from #16 [1686928129422]

#137 c4-judge closed 1 year ago
3
Upgraded Q -> 2 from #66 [1686923855595]

#136 c4-judge closed 1 year ago
3
Upgraded Q -> 2 from #112 [1686922871117]

#135 c4-judge closed 1 year ago
3
QA Report

#134 code423n4 closed 1 year ago
1
QA Report

#133 code423n4 opened 1 year ago
1
Technically the seven days period is not guaranteed and it's possible for the challenger to delete a withdrawal even if it hasn't been challenged during the seven days

#132 code423n4 closed 1 year ago
9
tx.origin may be removed in future and its usage for contract check is not recommended

#131 code423n4 closed 1 year ago
8
QA Report

#130 code423n4 closed 1 year ago
1
QA Report

#129 code423n4 opened 1 year ago
3
The owner is a single point of failure and a centralization risk

#128 code423n4 closed 1 year ago
3
QA Report

#127 code423n4 opened 1 year ago
1
Legacy version check should be removed to avoid double relaying message in CrossDomainMessager.sol

#126 code423n4 closed 1 year ago
11
QA Report

#125 code423n4 opened 1 year ago
1
Permissionlessly block user's withdrawal with precise amount of gas to make sure SafeCall.hasMinGas(_minGasLimit, RELAY_RESERVED_GAS + RELAY_GAS_CHECK_BUFFER) return false

#124 code423n4 opened 1 year ago
26
depositERC20To() and withdrawTo() is missing onlyEOA() modifier - Leading to loss of user funds

#123 code423n4 closed 1 year ago
10
QA Report

#122 code423n4 closed 1 year ago
2
QA Report

#121 code423n4 opened 1 year ago
3
Underpaying Optimism l2gas(_minGasLimit) may lead to loss of funds

#120 code423n4 closed 1 year ago
16
Permissionless block user's withdrawal by taking advantage of the reentrancy protection in CrossDomainMessager.sol

#119 code423n4 opened 1 year ago
18
Lack of expiration time for cross-chain message passing

#118 code423n4 closed 1 year ago
13
ERC20 token bridge does not support token with different decimals

#117 code423n4 closed 1 year ago
7
Lack of reentrancy protection in L1ERC721Bridge.sol

#116 code423n4 closed 1 year ago
7
selfdestruct(self) does not clear balance

#115 code423n4 closed 1 year ago
6
Attacker can steal CrossDomainMessenger and OptimismPortal token balances or tokens of anyone give approval for those contracts

#114 code423n4 closed 1 year ago
17
QA Report

#113 code423n4 opened 1 year ago
1
QA Report

#112 code423n4 closed 1 year ago
2
Gas Optimizations

#111 code423n4 closed 1 year ago
2
Loss of airdropped Token or NFT in NFT Bridge

#110 code423n4 closed 1 year ago
9
The owner is a single point of failure and a centralization risk.

#109 code423n4 closed 1 year ago
3
Gas Optimizations

#108 code423n4 closed 1 year ago
1
LES (Light Ethereum Subprotocol) doesn't forward the transaction to the sequencer

#107 code423n4 closed 1 year ago
7
Error in the implementation of the `exit1()` functions Logic.

#106 code423n4 opened 1 year ago
13
Challenger can change the output root or delete output root arbitrarily to authorize invalid withdrawal or block withdrawal infinitely

#105 code423n4 closed 1 year ago
7
Possible inflation of ETH after EIP-4758

#104 code423n4 opened 1 year ago
9
QA Report

#103 code423n4 opened 1 year ago
1
QA Report

#102 code423n4 opened 1 year ago
1
Recipient address is not appropriately validated or sanitized in the BaseFeeVault contract (loss of funds)

#101 code423n4 closed 1 year ago
2
Cross contract reentrancy attack through changing the xDomainMsgSender

#100 code423n4 closed 1 year ago
1
QA Report

#99 code423n4 closed 1 year ago
1
QA Report

#98 code423n4 opened 1 year ago
2
QA Report

#97 code423n4 opened 1 year ago
2
CrossDomainCheck `RELAY_GAS_CHECK_BUFFER` should be increased to more than 7100 gas

#96 code423n4 opened 1 year ago
11
Incorrect Gap math for `ERC721Bridge`

#95 code423n4 opened 1 year ago
12
QA Report

#94 code423n4 opened 1 year ago
1
Centralization risk for trusted owners

#93 code423n4 closed 1 year ago
6
Unauthorized Access and Control in Proxy Contract

#92 code423n4 closed 1 year ago
6
Gas Optimizations

#91 code423n4 closed 1 year ago
1
QA Report

#90 code423n4 opened 1 year ago
1
Incorrect Handling of Return Value in onlyWhenNotPaused Modifier

#89 code423n4 closed 1 year ago
10
Gas Optimizations

#88 code423n4 closed 1 year ago
1