code-423n4 2024-05-arbitrum-foundation-findings issues

code-423n4 / 2024-05-arbitrum-foundation-findings

1 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Assertions can take longer than ~14 days to confirm

#73 howlbot-integration[bot] opened 3 weeks ago
8
QA Report

#72 howlbot-integration[bot] opened 3 weeks ago
1
Add missing json files

#70 aks- closed 1 month ago
0
QA Report

#69 howlbot-integration[bot] closed 1 month ago
2
QA Report

#68 howlbot-integration[bot] opened 1 month ago
7
QA Report

#67 howlbot-integration[bot] opened 1 month ago
2
QA Report

#66 howlbot-integration[bot] opened 1 month ago
4
QA Report

#65 howlbot-integration[bot] opened 1 month ago
2
QA Report

#64 howlbot-integration[bot] opened 1 month ago
2
QA Report

#63 howlbot-integration[bot] opened 1 month ago
5
QA Report

#62 howlbot-integration[bot] opened 1 month ago
1
QA Report

#61 howlbot-integration[bot] opened 1 month ago
2
QA Report

#60 howlbot-integration[bot] opened 1 month ago
1
QA Report

#59 howlbot-integration[bot] opened 1 month ago
6
QA Report

#58 howlbot-integration[bot] closed 1 month ago
2
QA Report

#57 howlbot-integration[bot] closed 1 month ago
1
Buffer Depletion Vulnerability in DelayBuffer Library

#56 howlbot-integration[bot] closed 1 month ago
3
Inconsistent sequencer unexpected delay in DelayBuffer may harm users calling forceInclusion()

#55 howlbot-integration[bot] opened 1 month ago
52
`SequencerInbox::_setBufferConfig()` changes the parameters if not all delayed messages were read, leading to different past buffer delay

#54 howlbot-integration[bot] closed 1 month ago
3
BOLDUpgradeAction::cleanupOldRollup will revert whenever there is more than a single staker to refund

#53 howlbot-integration[bot] closed 1 month ago
1
Stakers can create edges with non unique Edge ID's.

#52 howlbot-integration[bot] closed 1 month ago
3
Preventing future upgrade by increasing the number of stakers unlimitedly

#51 howlbot-integration[bot] closed 3 weeks ago
3
Wining a challenge by engineering time

#50 howlbot-integration[bot] closed 1 month ago
4
Upgrades to EdgeChallengeManager changing staking requirement can cause `funds loss`

#49 howlbot-integration[bot] closed 1 month ago
4
Upgrades to EdgeChallengeManager using setChallengeManager can allow to confirm bad assertion

#48 howlbot-integration[bot] closed 1 month ago
4
Malicious user can create a challenge to lock staker fund during upgrade.

#47 howlbot-integration[bot] opened 1 month ago
10
Users can create assertion with stale `baseStake` amount

#46 howlbot-integration[bot] closed 1 month ago
3
confirmation timelock grace period is bypassed when the contract is paused and then unpaused

#45 howlbot-integration[bot] opened 1 month ago
2
Lack of input validation in edge pool allows malicious user to create a clearly invalid insertion to make staker lose fund.

#44 howlbot-integration[bot] closed 1 month ago
1
the blobGas is been refunded twice in `addSequencerL2BatchFromBlobs` functions

#43 howlbot-integration[bot] closed 1 month ago
4
Some Stakers Will Be Missed Out During cleanupOldRollup() call

#42 howlbot-integration[bot] opened 1 month ago
7
Old rollup whose count > 50 may lose their stake when upgrading to new rollup

#41 howlbot-integration[bot] opened 1 month ago
4
adversary can win the dispute game in the re-org event

#40 howlbot-integration[bot] closed 1 month ago
19
Logical flaw in `_setBufferConfig` function that can lead to unexpected behavior and potentially incorrect state updates.

#39 howlbot-integration[bot] closed 1 month ago
3
A malicious validator can avoid loss his money doing bad assertions

#38 howlbot-integration[bot] closed 1 month ago
6
The adversary validators steal the staked funds in `RollupUserLogic.sol`

#37 howlbot-integration[bot] closed 1 month ago
6
`newStakeOnNewAssertion(...)` will revert due wrong logic implementation in `RollupUserLogic` contract

#36 howlbot-integration[bot] opened 1 month ago
4
Remaining stakers not Refunded

#35 howlbot-integration[bot] opened 1 month ago
4
`cleanupOldRollup()` reverts due to premature out of bounds

#34 howlbot-integration[bot] closed 4 weeks ago
6
Upgrades to EdgeChallengeManager could `DoS the assertion chain` temporarily until admin unstuck it by forcing assertion

#33 howlbot-integration[bot] closed 1 month ago
2
The staker that lost the challenge dispute game can still withdraw his stake

#32 howlbot-integration[bot] closed 1 month ago
1
confirmAssertin() can be DOSed.

#31 howlbot-integration[bot] closed 1 month ago
3
`sequencerBatchAcc` has an incorrect value in `RollupCore`

#30 howlbot-integration[bot] closed 1 month ago
2
If an edge or assertion gets slashed, some depositors to the stakingPool will be cheated.

#29 howlbot-integration[bot] closed 1 month ago
2
An invalid assertion can get confirmed, even when there are honest participants

#28 howlbot-integration[bot] closed 1 month ago
2
Adversary can update his timerCache with his rival's(i.e. honest party's) timer, and maliciously win assertions

#27 howlbot-integration[bot] closed 1 month ago
1
L2 sequencer can exploit L3 chains using force inclusion delays

#26 howlbot-integration[bot] opened 1 month ago
4
Creating invalid assertion using honest parties' staked funds

#25 howlbot-integration[bot] closed 1 month ago
1
Stakers may not be refunded during rollup upgrade

#24 howlbot-integration[bot] opened 1 month ago
4
Two correct assertion chains could possibly happen which breaks a core invariant in BoLD

#23 howlbot-integration[bot] closed 1 month ago
6