issues
search
code-423n4
/
2023-06-llama-findings
2
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Execution does not work if the action has a non-zero value
#255
code423n4
closed
1 year ago
7
`LlamaPolicyMetadata.contractURI()` can return corrupted JSON data
#254
code423n4
opened
1 year ago
7
Accidentally setting expirationPeriod to Zero will cause all actions execution to Fail.
#253
code423n4
closed
1 year ago
2
Executing a script action with non-zero value results in frozen funds
#252
code423n4
closed
1 year ago
2
Analysis
#251
code423n4
opened
1 year ago
1
Analysis
#250
code423n4
opened
1 year ago
2
Gas Optimizations
#249
code423n4
closed
1 year ago
1
QA Report
#248
code423n4
closed
1 year ago
2
It is not possible to execute actions that require ETH (or other protocol token)
#247
code423n4
opened
1 year ago
9
QA Report
#246
code423n4
closed
1 year ago
1
Using transferFrom on ERC721 tokens transfer
#245
code423n4
closed
1 year ago
2
Functions modified by `LlamaAccount.onlyLlama` can be called by contracts other than `LlamaCore`.
#244
code423n4
opened
1 year ago
10
ecrecover function is vulnerable to signature malleability
#243
code423n4
closed
1 year ago
3
Analysis
#242
code423n4
closed
1 year ago
2
Unsafe delegatecall functionality can break core protocol functionality
#241
code423n4
closed
1 year ago
4
Use ERC721.saferTransferFrom instead of ERC721.transferFrom when you send out NFT
#240
code423n4
closed
1 year ago
2
QA Report
#239
code423n4
closed
1 year ago
2
Gas Optimizations
#238
code423n4
closed
1 year ago
1
`LlamaAccount.llamaExecutor` may be changed for a malicious purpose and be return to the initial state.
#237
code423n4
closed
1 year ago
3
Arbitrary delegatecalls from LlamaAccount can be used to steal assets
#236
code423n4
closed
1 year ago
3
Violation of Checks-Effects-Interactions Pattern in _mint() and _burn() function
#235
code423n4
closed
1 year ago
3
QA Report
#234
code423n4
closed
1 year ago
1
Gas Optimizations
#233
code423n4
opened
1 year ago
2
Missing Role Validation in LlamaAbsoluteStrategyBase.sol
#232
code423n4
closed
1 year ago
3
QA Report
#231
code423n4
closed
1 year ago
3
Gas Optimizations
#230
code423n4
opened
1 year ago
2
llamaExecutor address can be set by anyone, giving further privilege to onlyLlama accessed functions(Sponsor confirmed in DM)
#229
code423n4
closed
1 year ago
12
Gas Optimizations
#228
code423n4
opened
1 year ago
2
Gas Optimizations
#227
code423n4
opened
1 year ago
2
Inconsistent Use of Error Handling in LlamaAccount Contract
#226
code423n4
closed
1 year ago
3
Gas Optimizations
#225
code423n4
opened
1 year ago
2
Analysis
#224
code423n4
opened
1 year ago
3
User with disapproval role can gas grief the action executor
#223
code423n4
opened
1 year ago
7
Analysis
#222
code423n4
opened
1 year ago
1
Incorrect Initialization Check for Minimum Approval Percentage
#221
code423n4
closed
1 year ago
3
Gas Optimizations
#220
code423n4
opened
1 year ago
2
QA Report
#219
code423n4
closed
1 year ago
1
Gas Optimizations
#218
code423n4
closed
1 year ago
3
Signature malleability in `createActionBySig` allow an attacker to replicate an attack
#217
code423n4
closed
1 year ago
1
Gas Optimizations
#216
code423n4
opened
1 year ago
2
`LlamaExecutor.execute` will fail upon non-zero `value` supplied (always return success = false when `isScript` is false ).
#215
code423n4
closed
1 year ago
5
QA Report
#214
code423n4
closed
1 year ago
1
Check for role expiration is not implemented during action creation/approval/disapproval.
#213
code423n4
closed
1 year ago
8
Gas Optimizations
#212
code423n4
closed
1 year ago
2
Analysis
#211
code423n4
opened
1 year ago
1
DoS possible with Strategies and Accounts creation in LlamaCore.sol
#210
code423n4
closed
1 year ago
2
A policyholder could prevent revoking his expired role by frontrunning.
#209
code423n4
closed
1 year ago
7
In `LlamaCore`, the approval/disapproval logic by sig wouldn't work properly when the policyholder adds two or more off-chain signatures using one nonce.
#208
code423n4
closed
1 year ago
4
The action creators can't approve their actions in the same block.
#207
code423n4
closed
1 year ago
10
The `forceApproval/forceDisapproval` role holders might be unable to approve/disapprove if they were approved/disapproved with the normal `approval/disapproval` role already.
#206
code423n4
closed
1 year ago
8
Previous
Next