code-423n4 2023-09-maia-findings issues

code-423n4 / 2023-09-maia-findings

25 stars 17 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

add new desc

#907 jokrsec closed 3 months ago
0
Upgraded Q -> 2 from #854 [1697894788598]

#905 c4-judge closed 1 year ago
1
Upgraded Q -> 2 from #764 [1697894627614]

#904 c4-judge closed 1 year ago
3
Upgraded Q -> 2 from #671 [1697894627037]

#903 c4-judge closed 1 year ago
3
Upgraded Q -> 2 from #671 [1697894602524]

#902 c4-judge closed 1 year ago
1
Upgraded Q -> 2 from #458 [1697894539121]

#901 c4-judge closed 1 year ago
4
Upgraded Q -> 3 from #102 [1697893134448]

#900 c4-judge closed 1 year ago
2
Upgraded Q -> 2 from #320 [1697891982779]

#899 c4-judge closed 1 year ago
3
Funds stuck in router if no additional payload send during callOutAndBridge

#898 c4-submissions opened 1 year ago
6
[M-17] Reentrancy in the BranchBridgeAgent contract

#897 c4-submissions closed 1 year ago
5
USDT tokens should approve to zero first otherwise it may cause other tokens to get stuck in the case of aprooveMultipleTokens

#896 c4-submissions closed 1 year ago
5
Analysis

#895 c4-submissions opened 1 year ago
3
ChainLink should be used as an Oracle for messaging instead of Google Cloud

#894 c4-submissions closed 1 year ago
4
Gas Optimizations

#893 c4-submissions closed 1 year ago
3
Gas Optimizations

#892 c4-submissions closed 1 year ago
3
add sendBack function to origin when lzReceiveNonBlocking is not executed

#891 c4-submissions closed 1 year ago
3
DoS in System Component lead to System Failure

#890 c4-submissions closed 1 year ago
3
`VirtualAccount.sol` CONTRACT DOES NOT CORRECTLY IMPLEMENT THE `eip1155` STANDARD WHILE INHERITING THE `ERC1155Receiver`

#889 c4-submissions closed 1 year ago
3
Virtual account lacks access control

#888 c4-submissions closed 1 year ago
6
Airdropped Gas will remain in the Agent in case of failure

#887 c4-submissions closed 1 year ago
6
QA Report

#886 c4-submissions opened 1 year ago
2
All tokens can be stolen from `VirtualAccount` due to missing access modifier

#885 c4-submissions opened 1 year ago
10
Gas Optimizations

#884 c4-submissions opened 1 year ago
2
LayerZero endpoint can get blocked by a malicious user (or even a honest one)

#883 c4-submissions closed 1 year ago
9
Incorrect functionID will not trigger fallback

#882 c4-submissions closed 1 year ago
5
The governance will fail to add an ecosystem token if someone creates a hToken that uses that ecosystem token

#881 c4-submissions opened 1 year ago
17
Incorrect srcAddress check renders all layerzero messages unusable

#880 c4-submissions closed 1 year ago
4
[M-16] Reentrancy in the BaseBranchRouter contract

#879 c4-submissions closed 1 year ago
5
Gas Optimizations

#878 c4-submissions opened 1 year ago
5
if the Virtual Account's owner is a Contract Account (multisig wallet), attackers can gain control of the Virtual Accounts by gaining control of the same owner's address in a different chain

#877 c4-submissions opened 1 year ago
20
Gas Optimizations

#876 c4-submissions opened 1 year ago
3
Lack of force resume support for LZ which is crucially important to have

#875 c4-submissions closed 1 year ago
15
A Malicious user can create a `rootBridgeAgent` with a malicious endpoint and execute calls directly with the `rootBridgeAgent`.

#874 c4-submissions closed 1 year ago
4
_bridgeOut in BranchPort.sol calculates the _amount and _deposit incorrectly

#873 c4-submissions opened 1 year ago
4
Smart Contract calling callOutSignedAndBridge via BranchBridgeAgent can cause loss of fund

#872 c4-submissions closed 1 year ago
12
[M-15] Reentrancy in the BranchPort contract

#871 c4-submissions closed 1 year ago
5
Analysis

#870 c4-submissions opened 1 year ago
3
A malicious user can spam ghost deposits to DoS the LayerZeroEndpoint messaging layer

#869 c4-submissions closed 1 year ago
4
QA Report

#868 c4-submissions opened 1 year ago
2
Gas that was sent by LayerZero can get stuck in the contract in some cases

#867 c4-submissions closed 1 year ago
5
QA Report

#866 c4-submissions opened 1 year ago
2
Anyone can create multiple RootBridgeAgent

#865 c4-submissions closed 1 year ago
4
Analysis

#864 c4-submissions opened 1 year ago
4
Analysis

#863 c4-submissions opened 1 year ago
3
`BranchBridgeAgent.retrieveDeposit` doesn't check if the deposit is in FAILED state

#862 c4-submissions closed 1 year ago
3
Gas Optimizations

#861 c4-submissions opened 1 year ago
2
Many issues around `addGlobalToken` due to lack of input validation when linking a global token to local token

#860 c4-submissions closed 1 year ago
10
Gas Optimizations

#859 c4-submissions opened 1 year ago
2
users may not be able to call retryDeposit(...) for failed deposits

#858 c4-submissions opened 1 year ago
17
QA Report

#857 c4-submissions opened 1 year ago
3