issues
search
code-423n4
/
2024-01-decent-findings
3
stars
3
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Lack of ACL in receiveFromBridge function
#750
c4-bot-10
closed
8 months ago
4
Lack of access control on UTB::receiveFromBridge() makes it possible to bypass fees
#749
c4-bot-10
closed
8 months ago
3
Absence of Blacklist Checks for ERC-20 Token Transactions
#748
c4-bot-8
closed
8 months ago
3
Gas Optimizations
#747
c4-bot-1
closed
8 months ago
2
Unrestricted access to `sgReceive()` allows arbitrary messages to be injected
#746
c4-bot-5
closed
8 months ago
3
ecrecover used but there is no 0(invalid ) check for response of erecover nor expiration of the signed data
#745
c4-bot-5
closed
8 months ago
3
Gas Optimizations
#744
c4-bot-8
closed
8 months ago
3
QA Report
#743
c4-bot-9
closed
8 months ago
3
DecentBridgeExecutor.sol#_executeWeth() - A malicious target inside ` UTBExecutor ` can send 1 wei of WETH to the DecentBridgeExecutor to force a revert
#742
c4-bot-7
closed
8 months ago
4
Missing Access Control on setRouter function in DcntETH.sol
#741
c4-bot-7
closed
8 months ago
3
Anyone can set the Router address in DcntEth
#740
c4-bot-8
closed
8 months ago
4
Gas Optimizations
#739
c4-bot-8
opened
8 months ago
4
Exposure to Market Volatility and MEV Risks Due to Absence of User-Defined Deadlines in swapExactOut() Transactions
#738
c4-bot-6
closed
8 months ago
3
Gas Optimizations
#737
c4-bot-8
closed
8 months ago
3
Re-entrancy in execute function of UTBExecutor contract
#736
c4-bot-1
closed
8 months ago
3
cross reply is possible because there is no chain id in signed data
#735
c4-bot-7
closed
8 months ago
3
Native tokens of different chains are not the same in terms of value
#734
c4-bot-7
closed
8 months ago
5
Incorrect sharedDecimals value can prevent bridging between EVM and Non-EVM chains
#733
c4-bot-10
closed
8 months ago
3
Analysis
#732
c4-bot-6
opened
8 months ago
2
Lack of access control in DcntEth.sol:setRouter() makes possible for indefinite mint and burn
#731
c4-bot-9
closed
8 months ago
3
User can take out all the tokens from Uniswapper.sol at any time
#730
c4-bot-3
closed
8 months ago
4
QA Report
#729
c4-bot-3
closed
8 months ago
4
An attacker can block message channels between two chains due to missing check of minimum gas passed in `bridgeAndExecute()` resulting in DoS
#728
c4-bot-3
closed
8 months ago
4
Signature can be re-used to pay less fees if fees are changed
#727
c4-bot-3
closed
8 months ago
3
Excess Eth on the swapExactIn(...) function is not refunded.
#726
c4-bot-1
closed
8 months ago
5
Missing Token transfer from Executor to Stargate Bridge Adaptor
#725
c4-bot-3
closed
8 months ago
6
Missing access control on critical router function means anyone can set the router to an arbitrary address
#724
c4-bot-8
closed
8 months ago
3
` UniSwapper :: swapExactIn ``` function can be called by anyone and cause a DOS attack
#723
c4-bot-9
closed
8 months ago
5
Gas Optimizations
#722
c4-bot-2
closed
8 months ago
3
Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.
#721
c4-bot-8
opened
8 months ago
6
Address to refund the tokens being bridged is incorrectly assigned and will cause users to lose their funds in case the bridge execution fails in the destination chain.
#720
c4-bot-9
closed
8 months ago
3
Incorrect Refund Amount Calculation in `swapNoPath` Function
#719
c4-bot-9
closed
8 months ago
6
Analysis
#718
c4-bot-2
closed
8 months ago
2
QA Report
#717
c4-bot-3
closed
8 months ago
4
QA Report
#716
c4-bot-2
closed
8 months ago
4
hardcoding the gas refundee of the lz calls will cause the users to lost the excess gas that should've been refunded to them
#715
c4-bot-2
closed
8 months ago
6
hardcoded slippage can freeze users funds during market turblances.
#714
c4-bot-2
closed
8 months ago
3
Signatures can be replayed in fee collection, users can use old signatures to pay for less fees in case fees are increased
#713
c4-bot-3
closed
8 months ago
3
QA Report
#712
c4-bot-3
opened
8 months ago
5
Attacker could steal every ERC20 token from the UTBExecutor contract
#711
c4-bot-6
closed
8 months ago
5
Missing deadline parameter to prevent swaps from being maliciously executed
#710
c4-bot-5
closed
8 months ago
3
Address size assumption in payload decoding can lead to issues in cross-chain compatibility
#709
c4-bot-5
closed
8 months ago
9
Solidity v0.8.20 is unsupported by Avalanche
#708
c4-bot-10
closed
8 months ago
3
UTBExecutor and Uniswapper allow contracts to accumulate allowance of all the unspent tokens
#707
c4-bot-6
closed
8 months ago
3
```UniSwapper :: `swapExactOut` can be called by anyone and contracts can loss funds
#706
c4-bot-6
closed
8 months ago
4
Outstanding WETH approvals in `DecentBridgeExecutor`
#705
c4-bot-10
closed
8 months ago
3
Insufficient access control in `setRouter()` allows uncontrolled minting of `DcntEth`
#704
c4-bot-10
closed
8 months ago
3
Router could be drained due to re-entrancy
#703
c4-bot-5
closed
8 months ago
4
Malicious user can take out all the funds from UniSwapper.sol if present
#702
c4-bot-10
closed
8 months ago
3
Failed calls made via `bridgeWithPayload()` may transfer funds to address not under user control
#701
c4-bot-5
closed
8 months ago
3
Next