issues
search
code-423n4
/
2023-10-brahma-findings
8
stars
7
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
TransactionValidator does not validate gas token address and gas price parameter when validating the transaction
#484
c4-submissions
closed
9 months ago
9
the nonce value is not increasing everytime
#483
c4-submissions
closed
9 months ago
5
Analysis
#482
c4-submissions
opened
10 months ago
4
Gas Optimizations
#481
c4-submissions
closed
10 months ago
3
Analysis
#480
c4-submissions
opened
10 months ago
5
QA Report
#479
c4-submissions
closed
10 months ago
2
QA Report
#478
c4-submissions
closed
10 months ago
2
Deploying a Console to the Same Address Across Different Supported Chains Could Become Impossible
#477
c4-submissions
closed
9 months ago
9
Analysis
#476
c4-submissions
closed
10 months ago
3
QA Report
#475
c4-submissions
closed
10 months ago
2
QA Report
#474
c4-submissions
closed
10 months ago
2
The same console addresses on other chains can be captured by compromised or malicious owner
#473
c4-submissions
closed
9 months ago
5
Analysis
#472
c4-submissions
closed
10 months ago
2
Register Wallet unprotected
#471
c4-submissions
closed
10 months ago
3
Missing `payable` modifier in ExecutorPlugin.executeTransaction(): Restricts Use of Native Assets (ETH) with Transactions
#470
c4-submissions
closed
9 months ago
7
number of txs of excutors must be excutores + 1 but this loop will +1 in every cycle
#469
c4-submissions
closed
9 months ago
5
If a re-org happens users can fail to redeploy their safe on the same address because ownerSafeCount can be increased by anyone, leading to funds being stuck
#468
c4-submissions
opened
10 months ago
8
ConsoleFallbackHandler.sol#simulate transaction cannot simulate transaction properly
#467
c4-submissions
closed
10 months ago
4
QA Report
#466
c4-submissions
closed
10 months ago
2
Gas Optimizations
#465
c4-submissions
closed
10 months ago
3
No function to remove a subaccount
#464
c4-submissions
closed
9 months ago
6
Gas Optimizations
#463
c4-submissions
closed
10 months ago
1
Analysis
#462
c4-submissions
opened
10 months ago
3
Nonce is not incremented after using signature for policy validation
#461
c4-submissions
closed
9 months ago
6
Console account cannot execute a transaction on a sub account unless it registers itself as an executor
#460
c4-submissions
closed
9 months ago
5
Everyone can disable policy of any brahama console account
#459
c4-submissions
closed
9 months ago
8
The WalletRegistry.sol#registerWallet() function can be used to register wallet by anyone.
#458
c4-submissions
closed
10 months ago
3
No proper validation of Singleton
#457
c4-submissions
closed
9 months ago
5
QA Report
#456
c4-submissions
closed
10 months ago
2
Gas Optimizations
#455
c4-submissions
closed
10 months ago
1
the function _validateExecutionRequest checks the valid excutor account by the address of account given in call data instead of msg.sender which is realy easily exploitble
#454
c4-submissions
closed
9 months ago
5
ExecutorPlugin missing payable when execute the transaction
#453
c4-submissions
closed
10 months ago
5
QA Report
#452
c4-submissions
closed
10 months ago
2
Insufficient validation of contracts when setting authorised address.
#451
c4-submissions
closed
9 months ago
8
registerWallet in WalletRegistry missing access control
#450
c4-submissions
closed
10 months ago
3
Gas Optimizations
#449
c4-submissions
opened
10 months ago
4
Registered wallet and sub account cannot be removed
#448
c4-submissions
closed
9 months ago
6
QA Report
#447
c4-submissions
closed
10 months ago
2
QA Report
#446
c4-submissions
closed
10 months ago
3
SafeDeployer : calling the function `_genNonce` would overflow.
#445
c4-submissions
closed
9 months ago
7
Analysis
#444
c4-submissions
opened
10 months ago
3
A malicious actor can Block stuff the chain until the validator signature expires.
#443
c4-submissions
closed
10 months ago
3
Gas Optimizations
#442
c4-submissions
closed
10 months ago
3
SafeDeployer.sol : Missing the correct type caste for _WALLET_REGISTRY_HASH when setup the console account could lead issue in accessing the functions from `WalletRegistry`
#441
c4-submissions
closed
9 months ago
7
Analysis
#440
c4-submissions
opened
10 months ago
3
QA Report
#439
c4-submissions
opened
10 months ago
7
Enabled modules after been activated cannot subsequently be disabled
#438
c4-submissions
closed
10 months ago
4
There is no checking whether the ExecutorPlugin module has been activated or not on the sub-account, this can cause malfunctions if the user wants to execute tx via ExecutorPlugin
#437
c4-submissions
closed
9 months ago
5
There is still a risk that operators or executors can backdoor the subaccount.
#436
c4-submissions
closed
9 months ago
5
Gas Optimizations
#435
c4-submissions
opened
10 months ago
4
Next