code-423n4 2023-07-axelar-findings issues

code-423n4 / 2023-07-axelar-findings

2 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Analysis

#506 code423n4 closed 1 year ago
3
Analysis

#505 code423n4 closed 1 year ago
1
newer tx can remain un approved due nto previous tx not passing

#504 code423n4 closed 1 year ago
3
Analysis

#503 code423n4 opened 1 year ago
1
Accepted proposal may be recreated at the same address with a malicious proposal if there's a self destruct function in the accepted proposal

#502 code423n4 closed 1 year ago
4
ProposalHash can be easily duplicated with same target, callData and nativeValue

#501 code423n4 closed 1 year ago
3
QA Report

#500 code423n4 closed 1 year ago
2
A reorg on the origin chain after a proposal has been validated will result in loss of funds for the protocol

#499 code423n4 closed 1 year ago
3
Gas Optimizations

#498 code423n4 opened 1 year ago
3
Users who call `expressReceiveTokenWithData` or `expressReceiveToken` can griefed to pay for fees

#497 code423n4 closed 1 year ago
5
QA Report

#496 code423n4 closed 1 year ago
1
Analysis

#495 code423n4 opened 1 year ago
1
Attacker can steal funcds from `InterchainProposalExecutor` contract

#494 code423n4 closed 1 year ago
3
Replay Attack Vulnerability Due to Uniqueness Invariant Violation in AxelarServiceGovernance Contract's Proposal Hash Generation

#493 code423n4 closed 1 year ago
4
Proposal cannot be executed if signers update their accounts and threshold halfway

#492 code423n4 closed 1 year ago
3
All co-signers pay during executeMultisigProposal

#491 code423n4 closed 1 year ago
2
QA Report

#490 code423n4 opened 1 year ago
1
Addresses in modifier not set correctly

#489 code423n4 closed 1 year ago
4
Gas Optimizations

#488 code423n4 opened 1 year ago
1
Gas Optimizations

#487 code423n4 opened 1 year ago
2
A Remote InterchainTokenService will not be able to call `_execute()` because incorrect validation of hashes due to wrong conversion of address to lowercase

#486 code423n4 closed 1 year ago
4
Gas Optimizations

#485 code423n4 opened 1 year ago
1
Interchain token transfer can be Dossed Due To Flow Limit

#484 code423n4 opened 1 year ago
7
QA Report

#483 code423n4 closed 1 year ago
1
Analysis

#482 code423n4 closed 1 year ago
1
IF THE TRUSTED SERVICE ADDRESS IS REMOVED IN A DIFFERENT CHAIN, ALL THE PENDING TRANSACTION WILL BE ROUTED TO THE SERVICE ADDRESS OF EVM CHAIN

#481 code423n4 closed 1 year ago
2
Malicious user can permanently break InterchainProposalExecutor#_executeProposal by returning huge amounts of data

#480 code423n4 closed 1 year ago
3
Gas Optimizations

#479 code423n4 opened 1 year ago
1
Permits may be reused after token upgrade

#478 code423n4 closed 1 year ago
4
Users do not get charged for the value their proposal will need

#477 code423n4 closed 1 year ago
5
InterchainProposalExecutor doesn't support actions with value

#476 code423n4 closed 1 year ago
2
QA Report

#475 code423n4 closed 1 year ago
1
Gas Optimizations

#474 code423n4 opened 1 year ago
4
Gas Optimizations

#473 code423n4 closed 1 year ago
1
QA Report

#472 code423n4 closed 1 year ago
1
QA Report

#471 code423n4 opened 1 year ago
2
Gas Optimizations

#470 code423n4 opened 1 year ago
1
funds can be stolen in `InterchainGovernance`, `Multisig` and `AxelarServiceGovernance` contracts

#469 code423n4 closed 1 year ago
3
The is no way for native tokens to get sent to InterchainProposalExecutor

#468 code423n4 closed 1 year ago
2
InterchainToken approval to TokenManager can be unexpectedly set to unlimited

#467 code423n4 closed 1 year ago
5
Honest users could lose funds due to the current implementation of `executeProposal()`

#466 code423n4 closed 1 year ago
4
QA Report

#465 code423n4 opened 1 year ago
3
Incomplete validation could lead to a failed low level call being overlooked

#464 code423n4 closed 1 year ago
4
Gas Optimizations

#463 code423n4 closed 1 year ago
2
MID-Risk Vulnerabilities in the Axelar Smart Contracts

#462 code423n4 closed 1 year ago
3
`onlyProxy` MODIFIER CAN BE BYPASSED BY A MALICIOUS PROXY CONTRACT AND CAN PUSH THE IMPLEMENTATION CONTRACT INTO AN UNDESIRABLE STATE

#461 code423n4 closed 1 year ago
4
bypass flow limit by transferring tokens at epoch's boarder

#460 code423n4 closed 1 year ago
6
MID-Risk Vulnerabilities in the Axelar Smart Contracts

#459 code423n4 closed 1 year ago
3
Inconsistencies between `expressReceiveTokenWithData` and `_processSendTokenWithDataPayload` can lead to gameable accounting errors for select tokens

#458 code423n4 closed 1 year ago
6
Measuring in native tokens will cause some transactions to fail unexpectedly due to gas price spikes on the destination chain

#457 code423n4 closed 1 year ago
5