issues
search
code-423n4
/
2024-03-phala-network-findings
0
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
An attacker can bloat the Pink runtime storage with zero costs
#49
c4-bot-10
opened
3 months ago
5
Analysis
#48
c4-bot-6
opened
3 months ago
2
Interger Overflow in `lib::write` leads to incorrect tracking of the total amount of data written
#47
c4-bot-10
closed
3 months ago
3
request.headers has no limit
#46
c4-bot-1
opened
3 months ago
9
There is no limit to the timeout duration of an http request
#45
c4-bot-3
closed
3 months ago
3
A cache that times out can be recovered.
#44
c4-bot-2
opened
3 months ago
14
An attacker can crash the cluster system by sending an HTTP request with a huge timeout
#43
c4-bot-8
opened
3 months ago
12
An attacker can easily crash the network with a call-bomb, as the memory cost is underestimated
#42
c4-bot-10
closed
3 months ago
6
It is impossible to transfer value to a contract via `ECallIpl::contract_call`
#41
c4-bot-5
closed
3 months ago
6
Potential Denial-of-Service (DoS)
#40
c4-bot-10
closed
3 months ago
2
XCM Arbitrary Execution
#39
c4-bot-8
closed
3 months ago
3
Coarse_grained function: Error Handling
#38
c4-bot-5
closed
3 months ago
3
Analysis
#37
c4-bot-5
opened
3 months ago
2
Unprotected communication channels between Pink Runtime and host risk data compromise.
#36
c4-bot-2
closed
3 months ago
2
Input data directly passed to functions, risking injection attacks, exploiting contract vulnerabilities.
#35
c4-bot-8
closed
3 months ago
2
QA Report
#34
c4-bot-9
opened
3 months ago
3
`MB's` value is incorrect
#33
c4-bot-5
closed
3 months ago
6
Potential misuse or improper handling of cryptographic keys, lack of proper key rotation and management mechanisms, and insecure implementation of cryptographic primitives.
#32
c4-bot-2
closed
3 months ago
2
Inconsistent error handling and lack of proper propagation hinder issue diagnosis.
#31
c4-bot-7
closed
3 months ago
3
Input data vulnerability enables unauthorized access and code injection, risking denial of service.
#30
c4-bot-7
closed
3 months ago
3
Insecure Randomness Generation In Pink Runtime
#29
c4-bot-10
closed
3 months ago
2
QA Report
#28
c4-bot-2
closed
3 months ago
4
Local cache will enter into thrasing under heavy workloads
#27
c4-bot-3
closed
3 months ago
16
Analysis
#26
c4-bot-5
opened
3 months ago
3
Unbounded Decoding In extension::get_side_effects can lead to stack overflow
#25
c4-bot-5
opened
3 months ago
5
Access Control Vulnerabilities in Pink Runtime
#24
c4-bot-8
closed
3 months ago
3
Analysis
#23
c4-bot-1
opened
3 months ago
2
Analysis
#22
c4-bot-10
opened
3 months ago
2
A malicious worker can forcibly have cache data removed
#21
c4-bot-2
closed
3 months ago
5
Lack of Access Control could lead to causing outrageous gas prices to be set
#20
c4-bot-1
closed
3 months ago
5
The randomness attached with `construct_runtime` does not fulfil the cryptographic requirements for random numbers.
#19
c4-bot-7
closed
3 months ago
6
QA Report
#18
c4-bot-7
opened
3 months ago
5
Divergent Behavior in CallInQuery & CallInCommand `untrusted_millis_since_unix_epoch()`
#17
c4-bot-4
closed
3 months ago
6
Deterministic Random Number Generation in CallInCommand is wrongly implemented
#16
c4-bot-5
closed
3 months ago
6
Inconsistency in Event Chain Head Information Retrieval
#15
c4-bot-5
closed
3 months ago
8
`mask_deposit` method may produce undesired results
#14
c4-bot-7
closed
3 months ago
2
Lack of Rate Limiting for HTTP Requests
#13
c4-bot-7
opened
3 months ago
9
Possible denial-of-service attacks due to hardcoded gas limits
#12
c4-bot-10
closed
3 months ago
3
QA Report
#11
c4-bot-4
opened
3 months ago
8
import_system_code is not transparent enough to use for substrate blockchain
#10
c4-bot-3
closed
3 months ago
2
Lack of Input Validation in ExternalDB's get Method
#9
c4-bot-4
closed
3 months ago
3
Incomplete Error Handling in pay and refund Functions
#8
c4-bot-5
closed
3 months ago
3
Unnecessary Instantiation of External Storage in code_exists Function
#7
c4-bot-10
closed
3 months ago
5
vulnerabilities RUSTSEC-2024-0003, RUSTSEC-2021-0054 and RUSTSEC-2024-0006
#6
c4-bot-1
closed
3 months ago
3
QA Report
#5
c4-bot-8
closed
3 months ago
2
Access Control
#4
c4-bot-9
closed
3 months ago
4
Gas Optimizations
#3
c4-bot-10
closed
3 months ago
2
CVE-2021-21299 - possible smuggling attack
#2
c4-bot-2
closed
3 months ago
3
Agreements & Disclosures
#1
code423n4
opened
4 months ago
0
Previous