issues
search
code-423n4
/
2023-10-brahma-findings
8
stars
7
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
TransactionValidator does not validate gas token address and gas price parameter when validating the transaction
#484
c4-submissions
closed
1 year ago
9
the nonce value is not increasing everytime
#483
c4-submissions
closed
1 year ago
5
Analysis
#482
c4-submissions
opened
1 year ago
4
Gas Optimizations
#481
c4-submissions
closed
1 year ago
3
Analysis
#480
c4-submissions
opened
1 year ago
5
QA Report
#479
c4-submissions
closed
1 year ago
2
QA Report
#478
c4-submissions
closed
1 year ago
2
Deploying a Console to the Same Address Across Different Supported Chains Could Become Impossible
#477
c4-submissions
closed
1 year ago
9
Analysis
#476
c4-submissions
closed
1 year ago
3
QA Report
#475
c4-submissions
closed
1 year ago
2
QA Report
#474
c4-submissions
closed
1 year ago
2
The same console addresses on other chains can be captured by compromised or malicious owner
#473
c4-submissions
closed
1 year ago
5
Analysis
#472
c4-submissions
closed
1 year ago
2
Register Wallet unprotected
#471
c4-submissions
closed
1 year ago
3
Missing `payable` modifier in ExecutorPlugin.executeTransaction(): Restricts Use of Native Assets (ETH) with Transactions
#470
c4-submissions
closed
1 year ago
7
number of txs of excutors must be excutores + 1 but this loop will +1 in every cycle
#469
c4-submissions
closed
1 year ago
5
If a re-org happens users can fail to redeploy their safe on the same address because ownerSafeCount can be increased by anyone, leading to funds being stuck
#468
c4-submissions
opened
1 year ago
8
ConsoleFallbackHandler.sol#simulate transaction cannot simulate transaction properly
#467
c4-submissions
closed
1 year ago
4
QA Report
#466
c4-submissions
closed
1 year ago
2
Gas Optimizations
#465
c4-submissions
closed
1 year ago
3
No function to remove a subaccount
#464
c4-submissions
closed
1 year ago
6
Gas Optimizations
#463
c4-submissions
closed
1 year ago
1
Analysis
#462
c4-submissions
opened
1 year ago
3
Nonce is not incremented after using signature for policy validation
#461
c4-submissions
closed
1 year ago
6
Console account cannot execute a transaction on a sub account unless it registers itself as an executor
#460
c4-submissions
closed
1 year ago
5
Everyone can disable policy of any brahama console account
#459
c4-submissions
closed
1 year ago
8
The WalletRegistry.sol#registerWallet() function can be used to register wallet by anyone.
#458
c4-submissions
closed
1 year ago
3
No proper validation of Singleton
#457
c4-submissions
closed
1 year ago
5
QA Report
#456
c4-submissions
closed
1 year ago
2
Gas Optimizations
#455
c4-submissions
closed
1 year ago
1
the function _validateExecutionRequest checks the valid excutor account by the address of account given in call data instead of msg.sender which is realy easily exploitble
#454
c4-submissions
closed
1 year ago
5
ExecutorPlugin missing payable when execute the transaction
#453
c4-submissions
closed
1 year ago
5
QA Report
#452
c4-submissions
closed
1 year ago
2
Insufficient validation of contracts when setting authorised address.
#451
c4-submissions
closed
1 year ago
8
registerWallet in WalletRegistry missing access control
#450
c4-submissions
closed
1 year ago
3
Gas Optimizations
#449
c4-submissions
opened
1 year ago
4
Registered wallet and sub account cannot be removed
#448
c4-submissions
closed
1 year ago
6
QA Report
#447
c4-submissions
closed
1 year ago
2
QA Report
#446
c4-submissions
closed
1 year ago
3
SafeDeployer : calling the function `_genNonce` would overflow.
#445
c4-submissions
closed
1 year ago
7
Analysis
#444
c4-submissions
opened
1 year ago
3
A malicious actor can Block stuff the chain until the validator signature expires.
#443
c4-submissions
closed
1 year ago
3
Gas Optimizations
#442
c4-submissions
closed
1 year ago
3
SafeDeployer.sol : Missing the correct type caste for _WALLET_REGISTRY_HASH when setup the console account could lead issue in accessing the functions from `WalletRegistry`
#441
c4-submissions
closed
1 year ago
7
Analysis
#440
c4-submissions
opened
1 year ago
3
QA Report
#439
c4-submissions
opened
1 year ago
7
Enabled modules after been activated cannot subsequently be disabled
#438
c4-submissions
closed
1 year ago
4
There is no checking whether the ExecutorPlugin module has been activated or not on the sub-account, this can cause malfunctions if the user wants to execute tx via ExecutorPlugin
#437
c4-submissions
closed
1 year ago
5
There is still a risk that operators or executors can backdoor the subaccount.
#436
c4-submissions
closed
1 year ago
5
Gas Optimizations
#435
c4-submissions
opened
1 year ago
4
Next