code-423n4 2024-03-zksync-findings issues

code-423n4 / 2024-03-zksync-findings

2 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

QA Report

#85 c4-bot-6 closed 7 months ago
3
Frontrunning of legacy funds transfer may cause permanent DOS of Transfer of Legacy Funds to SharedBridge

#84 c4-bot-9 closed 7 months ago
4
Gas Optimizations

#83 c4-bot-9 opened 8 months ago
3
QA Report

#82 c4-bot-6 closed 7 months ago
1
Gas Optimizations

#81 c4-bot-10 closed 7 months ago
1
QA Report

#80 c4-bot-7 closed 7 months ago
1
Inconsistent behavior in forking

#79 c4-bot-8 closed 7 months ago
6
paymaster will refund spentOnPubdata to user

#78 c4-bot-7 opened 8 months ago
6
L2SharedBridge l1LegacyBridge is not set

#77 c4-bot-4 opened 8 months ago
6
StateTransitionManager.unfreezeChain() can't execute

#76 c4-bot-5 closed 8 months ago
4
The enforcement of the maximum amount of L2 gas that should be spent on a transaction is flawed as it allows the gas spent to be more than the `Operator's trust limit`

#75 c4-bot-5 closed 7 months ago
4
Gas Optimizations

#74 c4-bot-7 opened 8 months ago
3
QA Report

#73 c4-bot-3 opened 8 months ago
1
Governance Deadlock Risk from Compromised Actors has not been fully fixed

#72 c4-bot-5 closed 7 months ago
4
Users are overcharged due to how gas to pay is calculated when publishing data and clearing the state

#71 c4-bot-5 closed 7 months ago
4
incorrect Handling of Non-Standard ERC20 Token Transfers

#70 c4-bot-5 closed 7 months ago
4
QA Report

#69 c4-bot-9 closed 7 months ago
2
Gas Optimizations

#68 c4-bot-9 opened 8 months ago
3
QA Report

#67 c4-bot-8 closed 7 months ago
2
QA Report

#66 c4-bot-10 closed 7 months ago
3
QA Report

#65 c4-bot-5 opened 8 months ago
1
Gas Optimizations

#64 c4-bot-4 closed 7 months ago
3
If an L1 Receiver gets or is blacklisted by an L1 Token, funds will be permanently locked in L1SharedBridge

#63 c4-bot-8 closed 7 months ago
5
Gas Optimizations

#62 c4-bot-6 closed 7 months ago
3
Function `l2TransactionBaseCost` in `Mailbox.sol` Lacks Range Checks for Parameters and Validation in Process Logic, Leading to Unreasonable Cost Calculation Results

#61 c4-bot-7 closed 7 months ago
4
QA Report

#60 c4-bot-3 opened 8 months ago
4
Incorrect unsafePackPrecompileParams in P256Verify.yul might result in invalid return value

#59 c4-bot-5 closed 7 months ago
6
Gas Optimizations

#58 c4-bot-8 opened 8 months ago
3
Insufficient randomness in create2 computation would allow prediction of l2 token addresses and potential DOS attacks.

#57 c4-bot-4 closed 8 months ago
1
Error in `stateTransistionManager.unfreezeChain` would cause unfreezing of frozen Chains by Owner to always fail.

#56 c4-bot-5 closed 8 months ago
4
Gas Optimizations

#55 c4-bot-9 opened 8 months ago
4
Gas Optimizations

#54 c4-bot-6 closed 7 months ago
6
State transition manager is unable to force upgrade a deployed ST, which invalidates the designed safeguard for 'urgent high risk situation'

#53 c4-bot-5 opened 8 months ago
5
Key Admin facet functions are invalidated, due to vulnerable access-control implementations

#52 c4-bot-7 closed 7 months ago
7
L1SharedBridge's restriction on Weth deposit can be bypassed

#51 c4-bot-9 closed 7 months ago
4
L2SharedBridge.finalizeDeposit will not work for legacy bridge

#50 c4-bot-2 closed 8 months ago
6
StateTransitionManager doesn't have ability to set some settings for chain

#49 c4-bot-6 closed 8 months ago
2
StateTransitionManager.unfreezeChain calls wrong function

#48 c4-bot-4 closed 8 months ago
4
Users might be charged unfair amount of baseToken for L2Gas due to vulnerable baseToken price conversion implementation

#47 c4-bot-3 closed 7 months ago
4
It's possible to replay some upgrade transactions

#46 c4-bot-7 closed 7 months ago
4
User will pay more gas than defined in Ethereum Yellow Paper

#45 c4-bot-6 closed 7 months ago
4
`getCanonicalL1TxHash()` may return the same hash for different transactions

#44 c4-bot-5 closed 7 months ago
7
`TransactionHelper.sol` violates EIP-712

#43 c4-bot-3 closed 7 months ago
4
Gas Optimizations

#42 c4-bot-5 opened 8 months ago
3
QA Report

#41 c4-bot-2 closed 7 months ago
2
It's not possible to upgrade chainId

#40 c4-bot-1 closed 7 months ago
5
Incorrect `_setVerifierParams()` implementation

#39 c4-bot-1 closed 7 months ago
4
Incorrect calculation of `keccakGasCost`

#38 c4-bot-3 closed 7 months ago
5
`depositAmount` is not properly updated in `L1ERC20Bridge.deposit()`

#37 c4-bot-10 closed 7 months ago
4
An attacker could potentially claim another person's refund or apply for an excessive refund through the `claimFailedDepositLegacyErc20Bridge`.

#36 c4-bot-4 closed 7 months ago
4

Previous Next