issues
search
code-423n4
/
2023-10-brahma-findings
8
stars
7
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Compiler version used by Brahma contracts may introduce permanent bugs in the future
#434
c4-submissions
closed
10 months ago
5
Analysis
#433
c4-submissions
opened
10 months ago
4
Gas Optimizations
#432
c4-submissions
closed
10 months ago
3
Account should be able to add max time it would want its transaction to be executed.
#431
c4-submissions
closed
10 months ago
5
Analysis
#430
c4-submissions
opened
10 months ago
3
Gas Optimizations
#429
c4-submissions
closed
10 months ago
3
Analysis
#428
c4-submissions
closed
10 months ago
3
FallbackHandler remains unset in _setupConsoleAccount()
#427
c4-submissions
closed
10 months ago
5
QA Report
#426
c4-submissions
closed
10 months ago
3
Contract data cannot be migrated to the new address during contract upgrading.
#425
c4-submissions
closed
10 months ago
6
QA Report
#424
c4-submissions
opened
10 months ago
6
compromised address provider can lock wallet
#423
c4-submissions
opened
10 months ago
7
Gas Optimizations
#422
c4-submissions
closed
10 months ago
2
The `_validateExecutionRequest()` function does not include a check for expiration signatures.
#421
c4-submissions
closed
10 months ago
5
Lack of Input Validation on threshold and _owners
#420
c4-submissions
closed
10 months ago
6
Analysis
#419
c4-submissions
closed
10 months ago
3
Gas Optimizations
#418
c4-submissions
opened
10 months ago
5
QA Report
#417
c4-submissions
closed
10 months ago
3
Gas Optimizations
#416
c4-submissions
closed
10 months ago
2
registerWallet() does not validate the sender
#415
c4-submissions
closed
10 months ago
3
Analysis
#414
c4-submissions
opened
10 months ago
3
Policy attached to a wallet should apply to all subaccounts likewise.
#413
c4-submissions
closed
10 months ago
5
Executor can effectively bypass _checkSubAccountSecurityConfig by adding a new Module
#412
c4-submissions
closed
10 months ago
9
Gas Optimizations
#411
c4-submissions
closed
10 months ago
3
Sub Accounts are never pulled
#410
c4-submissions
closed
10 months ago
7
Unauthorized account can update policy of any account without a policy
#409
c4-submissions
closed
10 months ago
5
Anyone can call Register a wallet using the function RegisterWallet().
#408
c4-submissions
closed
10 months ago
3
Non Payable function receiving ETH
#407
c4-submissions
closed
10 months ago
6
Uncontrolled Registration of Wallet Addresses
#406
c4-submissions
closed
10 months ago
3
QA Report
#405
c4-submissions
closed
10 months ago
3
Gas Optimizations
#404
c4-submissions
closed
10 months ago
2
Malicious sub-account operators can perform cross-chain signature replay attack
#403
c4-submissions
closed
10 months ago
4
Inadequate Signature Verification Allows Unauthorized Transaction Execution
#402
c4-submissions
closed
10 months ago
5
Missing a check in `_checkSubAccountSecurityConfig` that no new modules have been introduced to the safe
#401
c4-submissions
closed
10 months ago
5
Cross-Chain Signature Replay Attack
#400
c4-submissions
closed
10 months ago
5
QA Report
#399
c4-submissions
closed
10 months ago
2
`ExecutorPlugin.executeTransaction()` is prone to cross-chain replay attacks.
#398
c4-submissions
closed
10 months ago
5
DoS issue presented in Brahma's latest audit still has potential control flow paths that can lead to same vulnerability
#397
c4-submissions
closed
10 months ago
5
ownerSafeCount gets updated while not deploying safe, leading to unexpected behavior
#396
c4-submissions
closed
10 months ago
6
getModulesPaginated does not return the correct data
#395
c4-submissions
closed
10 months ago
6
Design Flaw, registry addresses can not be changed
#394
c4-submissions
closed
10 months ago
7
QA Report
#393
c4-submissions
opened
10 months ago
5
ConsoleFallbackHandler.isValidSignature does not follow ERC1271 standards
#392
c4-submissions
closed
10 months ago
3
QA Report
#391
c4-submissions
closed
10 months ago
3
Analysis
#390
c4-submissions
closed
10 months ago
2
consoleAccounts and subAccounts created do not adhere to the ERC-4337 standard
#389
c4-submissions
closed
10 months ago
3
QA Report
#388
c4-submissions
closed
10 months ago
2
Authorised addresses can be set that have no AddressProviderService interface
#387
c4-submissions
closed
10 months ago
5
Analysis
#386
c4-submissions
closed
10 months ago
3
Denial of Service Vulnerability via Front-running in registerSubAccount Function
#385
c4-submissions
closed
10 months ago
4
Previous
Next