code-423n4 2024-03-zksync-findings issues

code-423n4 / 2024-03-zksync-findings

2 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> 2 from #60 [1714762986225]

#136 c4-judge closed 7 months ago
2
Upgraded Q -> 2 from #122 [1714762888728]

#135 c4-judge closed 7 months ago
2
QA Report

#133 c4-bot-1 closed 7 months ago
2
QA Report

#132 c4-bot-1 closed 7 months ago
2
QA Report

#131 c4-bot-2 closed 7 months ago
2
QA Report

#130 c4-bot-9 closed 7 months ago
2
Gas Optimizations

#129 c4-bot-2 opened 8 months ago
3
Deviational use of `useNearCallPanic` while querying `mintEther()` in `ZKSYNC_NEAR_CALL_executeL1Tx()` could cost users all their gas for the execution

#128 c4-bot-2 closed 7 months ago
4
Centralization risks around `Governance.sol`

#127 c4-bot-9 closed 7 months ago
7
Gas Optimizations

#126 c4-bot-10 closed 7 months ago
5
Gas Optimizations

#125 c4-bot-3 closed 7 months ago
5
Gas Optimizations

#124 c4-bot-4 closed 7 months ago
3
Gas Optimizations

#123 c4-bot-8 closed 7 months ago
3
QA Report

#122 c4-bot-8 opened 8 months ago
7
QA Report

#121 c4-bot-4 closed 7 months ago
2
`L2StandardERC20.sol` has a flaw in token's reinitialization logic cause after a while the governor would not be able to update the token's metadata

#120 c4-bot-7 closed 7 months ago
4
Gas Optimizations

#119 c4-bot-2 closed 7 months ago
3
Large transfers may not work with some ERC20 tokens

#118 c4-bot-6 closed 7 months ago
4
No way to retrieve ETH from the contract:

#117 c4-bot-6 closed 7 months ago
5
Gas Optimizations

#116 c4-bot-1 closed 7 months ago
3
Gas Optimizations

#115 c4-bot-7 closed 7 months ago
7
QA Report

#114 c4-bot-5 closed 7 months ago
2
Gas Optimizations

#113 c4-bot-5 closed 7 months ago
5
Unprovable batches will be generated upon doing a system upgrade via shadow proposals

#112 c4-bot-3 closed 7 months ago
6
Gas Optimizations

#111 c4-bot-9 closed 7 months ago
3
`SystemContext::getCurrentPubdataSpent()` incorrectly calculates gas fees due to assumption of the gas per pubdata being the same as the amount of pubdata already published

#110 c4-bot-3 closed 7 months ago
5
QA Report

#109 c4-bot-7 opened 8 months ago
3
Gas Optimizations

#108 c4-bot-5 opened 8 months ago
3
`GenesisUpgrade::upgrade` function can be called by anyone any no. of times, also through proxy due to no access control and can change important values in storage `protocolVersion` and `verifier`.

#107 c4-bot-10 closed 7 months ago
6
Gas Optimizations

#106 c4-bot-10 opened 8 months ago
4
QA Report

#105 c4-bot-10 closed 7 months ago
1
Permanent freezing of an hyperchain if it is ever freezed by the `StateTransitionManager`

#104 c4-bot-5 closed 8 months ago
7
Incorrect Check for Intrinsic Costs in L1 to L2 Transaction Validation

#103 c4-bot-3 closed 7 months ago
4
QA Report

#102 c4-bot-3 closed 7 months ago
2
Attacker can run malicious code on contract through bad tokens on bridging

#101 c4-bot-2 closed 7 months ago
4
Insufficient Minimum Delay Enforcement in `updateDelay` Function

#100 c4-bot-1 closed 7 months ago
4
Add storage gasp to avoid overwriting storage slots

#99 c4-bot-9 closed 7 months ago
4
Permanent loss of the L1 -> L2 refund gas when creating a new chain

#98 c4-bot-9 closed 7 months ago
4
Freezed Chain will never be unfreeze since `StateTransitionManager::unfreezeChain` is calling `freezeDiamond` instead of `unfreezeDiamond`.

#97 c4-bot-5 opened 8 months ago
9
Irreversible Chain Freeze due to Identical Freeze/Unfreeze

#96 c4-bot-1 closed 8 months ago
3
Gas Optimizations

#95 c4-bot-6 closed 7 months ago
3
Gas refund to paymaster may silently fail

#94 c4-bot-3 closed 7 months ago
4
No ability to unfreeze the chain

#93 c4-bot-1 closed 8 months ago
3
Users are charged too much as the memory overhead gas

#92 c4-bot-3 closed 7 months ago
5
QA Report

#91 c4-bot-4 closed 7 months ago
5
QA Report

#90 c4-bot-5 opened 8 months ago
5
StateTransitionManager Won't Be Able to Unfreeze a Chain After Freezing It

#89 c4-bot-7 closed 8 months ago
4
A malicious operator could set the timestamp to a wrong value and directly have an impact on users

#88 c4-bot-1 closed 7 months ago
9
QA Report

#87 c4-bot-8 closed 7 months ago
2
Analysis

#86 c4-bot-3 closed 8 months ago
1