code-423n4 2024-01-decent-findings issues

code-423n4 / 2024-01-decent-findings

3 stars 3 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Lack of ACL in receiveFromBridge function

#750 c4-bot-10 closed 8 months ago
4
Lack of access control on UTB::receiveFromBridge() makes it possible to bypass fees

#749 c4-bot-10 closed 8 months ago
3
Absence of Blacklist Checks for ERC-20 Token Transactions

#748 c4-bot-8 closed 8 months ago
3
Gas Optimizations

#747 c4-bot-1 closed 8 months ago
2
Unrestricted access to `sgReceive()` allows arbitrary messages to be injected

#746 c4-bot-5 closed 8 months ago
3
ecrecover used but there is no 0(invalid ) check for response of erecover nor expiration of the signed data

#745 c4-bot-5 closed 8 months ago
3
Gas Optimizations

#744 c4-bot-8 closed 8 months ago
3
QA Report

#743 c4-bot-9 closed 8 months ago
3
DecentBridgeExecutor.sol#_executeWeth() - A malicious target inside ` UTBExecutor ` can send 1 wei of WETH to the DecentBridgeExecutor to force a revert

#742 c4-bot-7 closed 8 months ago
4
Missing Access Control on setRouter function in DcntETH.sol

#741 c4-bot-7 closed 8 months ago
3
Anyone can set the Router address in DcntEth

#740 c4-bot-8 closed 8 months ago
4
Gas Optimizations

#739 c4-bot-8 opened 8 months ago
4
Exposure to Market Volatility and MEV Risks Due to Absence of User-Defined Deadlines in swapExactOut() Transactions

#738 c4-bot-6 closed 8 months ago
3
Gas Optimizations

#737 c4-bot-8 closed 8 months ago
3
Re-entrancy in execute function of UTBExecutor contract

#736 c4-bot-1 closed 8 months ago
3
cross reply is possible because there is no chain id in signed data

#735 c4-bot-7 closed 8 months ago
3
Native tokens of different chains are not the same in terms of value

#734 c4-bot-7 closed 8 months ago
5
Incorrect sharedDecimals value can prevent bridging between EVM and Non-EVM chains

#733 c4-bot-10 closed 8 months ago
3
Analysis

#732 c4-bot-6 opened 8 months ago
2
Lack of access control in DcntEth.sol:setRouter() makes possible for indefinite mint and burn

#731 c4-bot-9 closed 8 months ago
3
User can take out all the tokens from Uniswapper.sol at any time

#730 c4-bot-3 closed 8 months ago
4
QA Report

#729 c4-bot-3 closed 8 months ago
4
An attacker can block message channels between two chains due to missing check of minimum gas passed in `bridgeAndExecute()` resulting in DoS

#728 c4-bot-3 closed 8 months ago
4
Signature can be re-used to pay less fees if fees are changed

#727 c4-bot-3 closed 8 months ago
3
Excess Eth on the swapExactIn(...) function is not refunded.

#726 c4-bot-1 closed 8 months ago
5
Missing Token transfer from Executor to Stargate Bridge Adaptor

#725 c4-bot-3 closed 8 months ago
6
Missing access control on critical router function means anyone can set the router to an arbitrary address

#724 c4-bot-8 closed 8 months ago
3
` UniSwapper :: swapExactIn ``` function can be called by anyone and cause a DOS attack

#723 c4-bot-9 closed 8 months ago
5
Gas Optimizations

#722 c4-bot-2 closed 8 months ago
3
Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.

#721 c4-bot-8 opened 8 months ago
6
Address to refund the tokens being bridged is incorrectly assigned and will cause users to lose their funds in case the bridge execution fails in the destination chain.

#720 c4-bot-9 closed 8 months ago
3
Incorrect Refund Amount Calculation in `swapNoPath` Function

#719 c4-bot-9 closed 8 months ago
6
Analysis

#718 c4-bot-2 closed 8 months ago
2
QA Report

#717 c4-bot-3 closed 8 months ago
4
QA Report

#716 c4-bot-2 closed 8 months ago
4
hardcoding the gas refundee of the lz calls will cause the users to lost the excess gas that should've been refunded to them

#715 c4-bot-2 closed 8 months ago
6
hardcoded slippage can freeze users funds during market turblances.

#714 c4-bot-2 closed 8 months ago
3
Signatures can be replayed in fee collection, users can use old signatures to pay for less fees in case fees are increased

#713 c4-bot-3 closed 8 months ago
3
QA Report

#712 c4-bot-3 opened 8 months ago
5
Attacker could steal every ERC20 token from the UTBExecutor contract

#711 c4-bot-6 closed 8 months ago
5
Missing deadline parameter to prevent swaps from being maliciously executed

#710 c4-bot-5 closed 8 months ago
3
Address size assumption in payload decoding can lead to issues in cross-chain compatibility

#709 c4-bot-5 closed 8 months ago
9
Solidity v0.8.20 is unsupported by Avalanche

#708 c4-bot-10 closed 8 months ago
3
UTBExecutor and Uniswapper allow contracts to accumulate allowance of all the unspent tokens

#707 c4-bot-6 closed 8 months ago
3
```UniSwapper :: `swapExactOut` can be called by anyone and contracts can loss funds

#706 c4-bot-6 closed 8 months ago
4
Outstanding WETH approvals in `DecentBridgeExecutor`

#705 c4-bot-10 closed 8 months ago
3
Insufficient access control in `setRouter()` allows uncontrolled minting of `DcntEth`

#704 c4-bot-10 closed 8 months ago
3
Router could be drained due to re-entrancy

#703 c4-bot-5 closed 8 months ago
4
Malicious user can take out all the funds from UniSwapper.sol if present

#702 c4-bot-10 closed 8 months ago
3
Failed calls made via `bridgeWithPayload()` may transfer funds to address not under user control

#701 c4-bot-5 closed 8 months ago
3