code-423n4 2023-08-arbitrum-findings issues

code-423n4 / 2023-08-arbitrum-findings

3 stars 3 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

`block.number` DOES NOT PROVIDE A FAIR EVALUATION OF TIME MEASUREMENTS WITHIN FUNCTIONS

#278 code423n4 closed 1 year ago
3
Claim reward can be inaccessible if msg.sender is a smart contract with no fallback/receive function

#277 code423n4 closed 1 year ago
3
Analysis

#276 code423n4 opened 1 year ago
1
Gas Optimizations

#275 code423n4 opened 1 year ago
1
Analysis

#274 code423n4 opened 1 year ago
1
Gas Optimizations

#273 code423n4 opened 1 year ago
1
GovernanceChainSCMgmtActivationAction : `TIMELOCK_CANCELLER_ROLE` is not set to the `newEmergencySecurityCouncil`

#272 code423n4 closed 1 year ago
2
QA Report

#271 code423n4 closed 1 year ago
2
Analysis

#270 code423n4 closed 1 year ago
1
Analysis

#269 code423n4 closed 1 year ago
2
QA Report

#268 code423n4 opened 1 year ago
1
QA Report

#267 code423n4 closed 1 year ago
3
Gas Optimizations

#266 code423n4 opened 1 year ago
1
QA Report

#265 code423n4 closed 1 year ago
1
QA Report

#264 code423n4 opened 1 year ago
9
`SecurityCouncilManager`'s `intialize()` function contains a gas bomb

#263 code423n4 opened 1 year ago
7
Governance could accidentally DOS member elections by setting `_votingPeriod` less than `fullWeightDuration`

#262 code423n4 opened 1 year ago
7
isContract() is not a reliable way to check whether the address is a contract or not

#261 code423n4 closed 1 year ago
5
QA Report

#260 code423n4 closed 1 year ago
2
Gas Optimizations

#259 code423n4 closed 1 year ago
1
`setFullWeightDuration()` can be called while a member election is ongoing

#258 code423n4 closed 1 year ago
4
Gas Optimizations

#257 code423n4 closed 1 year ago
2
`getPastCirculatingSupply()` returns the ARB token supply instead of circulating votes supply

#256 code423n4 closed 1 year ago
4
Absence of zero address checks for roles passed to the initialize function.

#255 code423n4 closed 1 year ago
3
`electionToTimestamp()` might return incorrect timestamps depending on the day of the first election

#254 code423n4 closed 1 year ago
2
Missing `__Governor_init()` call in `SecurityCouncilMemberRemovalGovernor`'s `initialize()` function

#253 code423n4 closed 1 year ago
5
Signatures can be replayed in `castVoteWithReasonAndParamsBySig()` to use up more votes than a user intended

#252 code423n4 opened 1 year ago
5
QA Report

#251 code423n4 closed 1 year ago
2
SecurityCouncilMemberSyncAction : `perform` function can be continually DOSed which will prevent the valid update the members of the gnosis safe

#250 code423n4 closed 1 year ago
3
Timelock canceller role is removed from council and transferred to upgrade executor

#249 code423n4 closed 1 year ago
5
Gas Optimizations

#248 code423n4 opened 1 year ago
4
Missing validation for the _l1TimelockMinDelay parameter in the constructor to ensure it's within a reasonable or expected range.

#247 code423n4 closed 1 year ago
3
Missing validation to ensure that the _l2CoreGovTimelock parameter is not the zero address in the initialize function

#246 code423n4 closed 1 year ago
3
If the length of owners in the safe array is too large, may experience out of gas revert

#245 code423n4 closed 1 year ago
3
Anyone can change the members of Security Council

#244 code423n4 closed 1 year ago
5
Missing input validation on the lengths of _firstCohort and _secondCohort to ensure they conform to the documentation's specification

#243 code423n4 closed 1 year ago
4
newEmergencySecurityCouncil in GovernanceChainSCMgmtActivationAction.sol is not given the TIMELOCK_CANCELLER_ROLE

#242 code423n4 closed 1 year ago
2
Decline in voting weight over time can be circumvented by splitting votes over multiple accounts and voting with the correct amount of votes

#241 code423n4 opened 1 year ago
13
replaceMember and rotateMember redundancy

#240 code423n4 closed 1 year ago
3
Gas Optimizations

#239 code423n4 opened 1 year ago
1
Gas Optimizations

#238 code423n4 opened 1 year ago
1
L1SCMgmtActivationAction does not check executor role of new and prev emergency security council

#237 code423n4 closed 1 year ago
2
QA Report

#236 code423n4 opened 1 year ago
2
QA Report

#235 code423n4 closed 1 year ago
2
`SecurityCouncilManager` : `removeMember` does not make sure that the member is removed sucessfully.

#234 code423n4 closed 1 year ago
3
`selectTopNominees` FUNCTION DOES NOT CONSTRUCT THE `topNomineesPacked` ARRAY CORRECTLY WHEN THERE ARE NOMINEES WITH SAME WEIGHTS

#233 code423n4 closed 1 year ago
3
`includeNominee` FUNCTION SHOULD CHECK THE `COMPLIANT NOMINEE` LIST AND NOT THE `NOMINEE` LIST WHEN PROPOSING A NEW NOMINEE TO FULFILL THE TARGET COUNT

#232 code423n4 closed 1 year ago
6
Nominee vetting period can change for existing not yet executed proposals

#231 code423n4 closed 1 year ago
7
Any of the role setter , nominee Vetter should not be a council (cohort) member.

#230 code423n4 closed 1 year ago
5
`currentCohort` FUNCTION SHOULD REVERT WHEN `electionCount == 0` RATHER THAN RETURNING `Cohort.FIRST`

#229 code423n4 closed 1 year ago
3