issues
search
code-423n4
/
2023-10-brahma-findings
8
stars
7
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Gas Optimizations
#384
c4-submissions
closed
10 months ago
3
A safe that been created using version 1.40=< will not be compatible with Brahma
#383
c4-submissions
opened
11 months ago
9
Gas Optimizations
#382
c4-submissions
closed
10 months ago
2
Gas Optimizations
#381
c4-submissions
closed
10 months ago
3
Analysis
#380
c4-submissions
opened
11 months ago
3
Operators cannot be removed by the Console Account if Needed
#379
c4-submissions
closed
10 months ago
5
_data.length is not being checked against _signature.length in 'isValidSignature', which can lead to unexpected behavior
#378
c4-submissions
closed
10 months ago
14
Nonce update
#377
c4-submissions
closed
10 months ago
6
Gas Optimizations
#376
c4-submissions
closed
10 months ago
6
Gas Optimizations
#375
c4-submissions
opened
11 months ago
3
QA Report
#374
c4-submissions
closed
11 months ago
1
`ExecutorPlugin` is not enabled as module, when `subaccounts` are created.
#373
c4-submissions
closed
10 months ago
5
check that the default `consoleFallbackHandler` and `SafeModerator` have not been changed after executing every transaction by the executors and the operator will always revert and freeze all the functionality of the sub account if the owners of console account have changed this addresses
#372
c4-submissions
closed
11 months ago
4
Analysis
#371
c4-submissions
closed
10 months ago
2
Gas Optimizations
#370
c4-submissions
closed
10 months ago
2
Analysis
#369
c4-submissions
opened
11 months ago
3
Resetting a sub-account's guard manually from the Main Console can potentially lead to a permanent denial of service (DoS) for that sub-account.
#368
c4-submissions
closed
10 months ago
5
calling EnumerableSet Function can lead to Out-of-Gas error
#367
c4-submissions
closed
10 months ago
5
Gas Optimizations
#366
c4-submissions
opened
11 months ago
3
Analysis
#365
c4-submissions
opened
11 months ago
3
Malicious Module can change the policy commit of a Gnosis Safe console Account
#364
c4-submissions
closed
10 months ago
5
Eth can get stuck in ConsoleFallbackHandler.sol
#363
c4-submissions
closed
10 months ago
5
QA Report
#362
c4-submissions
closed
10 months ago
3
QA Report
#361
c4-submissions
closed
10 months ago
2
QA Report
#360
c4-submissions
closed
10 months ago
2
Gas Optimizations
#359
c4-submissions
closed
10 months ago
3
disallowing the executor to sign the transaction with the expiryEpoch will may allow or prevent the transaction to be executed in a wrong time for the executor, who is the responsible for performing the strategies, and will hamper the automation process
#358
c4-submissions
closed
10 months ago
5
Protocol's invariants can be broken
#357
c4-submissions
closed
10 months ago
5
Wallet should be registered
#356
c4-submissions
closed
11 months ago
3
Gas Optimizations
#355
c4-submissions
closed
10 months ago
3
QA Report
#354
c4-submissions
closed
10 months ago
2
attacker can perform malicious transactions in the safe because reentrancy is not implemented in the execTransaction() and checkAfterExecution() function
#353
c4-submissions
closed
10 months ago
9
manipulate the contract's state
#352
c4-submissions
closed
10 months ago
6
Protocol doesn't follow the EIP-1271 Standard properly.
#351
c4-submissions
closed
11 months ago
3
Analysis
#350
c4-submissions
opened
11 months ago
3
QA Report
#349
c4-submissions
closed
10 months ago
2
`checkAfterExecution()` function has a design flaw
#348
c4-submissions
closed
10 months ago
5
the operators of the sub account can execute any transaction(not restricted by policy ) to a 3rd party without going through the policy validation process by the trustedValidator
#347
c4-submissions
closed
10 months ago
7
Any address (including an EUA) can be registered as a wallet and register Sub Accounts which may result in unwanted behavior and a security breach.
#346
c4-submissions
closed
11 months ago
3
QA Report
#345
c4-submissions
closed
10 months ago
2
Analysis
#344
c4-submissions
opened
11 months ago
5
Analysis
#343
c4-submissions
closed
10 months ago
2
`ConsoleFallbackHandler.simulate()` function calls the delegatecall, may cause DoS
#342
c4-submissions
closed
11 months ago
4
Gas Optimizations
#341
c4-submissions
closed
10 months ago
2
QA Report
#340
c4-submissions
closed
10 months ago
2
Malicious actor can deploy backdoored `SubAccount`s imitating real `SubAccount`s
#339
c4-submissions
closed
10 months ago
6
Backdoored module can execute any transactions without consensus and take over `Console` or `SubAccount`
#338
c4-submissions
closed
10 months ago
7
`Console` - `Safe` can be permanently bricked if a broken guard were set
#337
c4-submissions
closed
10 months ago
6
Any arbitrary module of `SubAccount` can break 3 of the main invariants
#336
c4-submissions
closed
10 months ago
7
Signed data may be usable cross-chain
#335
c4-submissions
closed
11 months ago
4
Previous
Next