code-423n4 2024-03-phala-network-findings issues

code-423n4 / 2024-03-phala-network-findings

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Analysis

#99 c4-bot-7 closed 3 months ago
2
Analysis

#98 c4-bot-4 closed 3 months ago
3
Analysis

#97 c4-bot-4 opened 3 months ago
3
Unchecked Resource Consumption issue in Storage of Wasm Code

#96 c4-bot-4 opened 3 months ago
8
Analysis

#95 c4-bot-4 closed 3 months ago
2
Analysis

#94 c4-bot-6 closed 3 months ago
3
Dereferencing Null Pointers without Validation in __pink_runtime_init

#93 c4-bot-5 closed 3 months ago
7
Lack of Input Validation in `ExecSideEffects::into_query_only_effects`

#92 c4-bot-1 closed 3 months ago
3
Analysis

#91 c4-bot-4 opened 3 months ago
3
Unchecked Storage Commitment

#90 c4-bot-8 closed 3 months ago
3
Potential Integer Overflow in Deposit Masking

#89 c4-bot-7 closed 3 months ago
2
Analysis

#88 c4-bot-3 opened 3 months ago
2
Analysis

#87 c4-bot-3 opened 3 months ago
2
Unhandled Err variant may cause incorrect masking, leading to runtime failures.

#86 c4-bot-3 closed 3 months ago
6
Unchecked unwrap may lead to runtime errors, data loss, and storage corruption.

#85 c4-bot-3 closed 3 months ago
5
QA Report

#84 c4-bot-9 closed 3 months ago
2
wrong mapping in 'k[k.len() - 32.. '

#83 c4-bot-2 closed 3 months ago
2
Memory Corruption Vulnerabilities in Ocall's Default Allocator

#82 c4-bot-6 closed 3 months ago
9
inconsistent State Due to Unhandled Migration Failures

#81 c4-bot-1 closed 3 months ago
7
Incorrect Key Handling in commit_transaction Leads to Data Integrity Issues

#80 c4-bot-7 closed 3 months ago
6
Analysis

#79 c4-bot-7 closed 3 months ago
2
`treasury` account in `pallet_pink.rs` can be killed

#78 c4-bot-8 closed 3 months ago
6
Improper validation of function pointers risks system compromise, enabling unauthorized actions and data access.

#77 c4-bot-2 closed 3 months ago
4
Analysis

#76 c4-bot-5 closed 3 months ago
2
Analysis

#75 c4-bot-6 closed 3 months ago
2
ECDSA verify funciton allow 0x00 signatures as a parameter, which makes it possible to construct a two zeros bypass ECDSA signature check.

#74 c4-bot-6 closed 3 months ago
5
The Storage.get method does not handle Err correctly, which may cause the node to crash.

#73 c4-bot-3 closed 3 months ago
2
The contract_tx method does not handle Err correctly, which may cause the node to crash.

#72 c4-bot-2 closed 3 months ago
2
Analysis

#71 c4-bot-10 opened 3 months ago
2
HTTP requests to localhost (or local IP of network of the worker) is allowed which might lead to damage or sensitive data leak from the worker

#70 c4-bot-5 closed 3 months ago
4
Incorrectness in the behaviour of cache `set` function when the storage quota exceeded

#69 c4-bot-4 closed 3 months ago
2
ecall::dispatch is vulnerable to panic events which can be used to cause panic to the worker

#68 c4-bot-10 closed 3 months ago
5
Lack of upper limit of timeout for batch HTTP request could be utilized to DoS the worker

#67 c4-bot-10 closed 3 months ago
3
Recursive HTTP requests is possible which can be used to DoS a particular worker

#66 c4-bot-4 closed 3 months ago
6
Two vulnerabilities (at least) in reqwest crate open the door for malicious actor to bring all the workers down

#65 c4-bot-5 closed 3 months ago
9
Analysis

#64 c4-bot-1 closed 3 months ago
2
QA Report

#63 c4-bot-5 opened 3 months ago
3
Analysis

#62 c4-bot-4 closed 3 months ago
2
Analysis

#61 c4-bot-2 closed 3 months ago
2
Users can lose funds when bridging from Pink to Standalone runtime

#60 c4-bot-6 closed 3 months ago
11
Analysis

#59 c4-bot-3 closed 3 months ago
2
Analysis

#58 c4-bot-3 closed 3 months ago
2
Any function generated by `define_mask_fn!` maybe panic

#57 c4-bot-4 closed 3 months ago
2
Attacker can take over the blockchain node server running in cloud by http_request

#56 c4-bot-3 closed 3 months ago
10
Maybe cause panic in ExternalStorage.get

#55 c4-bot-7 closed 3 months ago
9
high gas_consumed will make node panic

#54 c4-bot-4 closed 3 months ago
7
http requests can be accessed at the local address 127.0.0.1

#53 c4-bot-8 closed 3 months ago
11
Unbounded Operation in `local_cache::apply_quotas` Can Cause OOG

#52 c4-bot-5 closed 3 months ago
4
Analysis

#51 c4-bot-7 opened 3 months ago
2
Limited availability of `balance_of(...)` method

#50 c4-bot-8 opened 3 months ago
6