issues
search
code-423n4
/
2024-05-arbitrum-foundation-findings
1
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Assertions can take longer than ~14 days to confirm
#73
howlbot-integration[bot]
opened
3 weeks ago
8
QA Report
#72
howlbot-integration[bot]
opened
3 weeks ago
1
Add missing json files
#70
aks-
closed
1 month ago
0
QA Report
#69
howlbot-integration[bot]
closed
1 month ago
2
QA Report
#68
howlbot-integration[bot]
opened
1 month ago
7
QA Report
#67
howlbot-integration[bot]
opened
1 month ago
2
QA Report
#66
howlbot-integration[bot]
opened
1 month ago
4
QA Report
#65
howlbot-integration[bot]
opened
1 month ago
2
QA Report
#64
howlbot-integration[bot]
opened
1 month ago
2
QA Report
#63
howlbot-integration[bot]
opened
1 month ago
5
QA Report
#62
howlbot-integration[bot]
opened
1 month ago
1
QA Report
#61
howlbot-integration[bot]
opened
1 month ago
2
QA Report
#60
howlbot-integration[bot]
opened
1 month ago
1
QA Report
#59
howlbot-integration[bot]
opened
1 month ago
6
QA Report
#58
howlbot-integration[bot]
closed
1 month ago
2
QA Report
#57
howlbot-integration[bot]
closed
1 month ago
1
Buffer Depletion Vulnerability in DelayBuffer Library
#56
howlbot-integration[bot]
closed
1 month ago
3
Inconsistent sequencer unexpected delay in DelayBuffer may harm users calling forceInclusion()
#55
howlbot-integration[bot]
opened
1 month ago
52
`SequencerInbox::_setBufferConfig()` changes the parameters if not all delayed messages were read, leading to different past buffer delay
#54
howlbot-integration[bot]
closed
1 month ago
3
BOLDUpgradeAction::cleanupOldRollup will revert whenever there is more than a single staker to refund
#53
howlbot-integration[bot]
closed
1 month ago
1
Stakers can create edges with non unique Edge ID's.
#52
howlbot-integration[bot]
closed
1 month ago
3
Preventing future upgrade by increasing the number of stakers unlimitedly
#51
howlbot-integration[bot]
closed
3 weeks ago
3
Wining a challenge by engineering time
#50
howlbot-integration[bot]
closed
1 month ago
4
Upgrades to EdgeChallengeManager changing staking requirement can cause `funds loss`
#49
howlbot-integration[bot]
closed
1 month ago
4
Upgrades to EdgeChallengeManager using setChallengeManager can allow to confirm bad assertion
#48
howlbot-integration[bot]
closed
1 month ago
4
Malicious user can create a challenge to lock staker fund during upgrade.
#47
howlbot-integration[bot]
opened
1 month ago
10
Users can create assertion with stale `baseStake` amount
#46
howlbot-integration[bot]
closed
1 month ago
3
confirmation timelock grace period is bypassed when the contract is paused and then unpaused
#45
howlbot-integration[bot]
opened
1 month ago
2
Lack of input validation in edge pool allows malicious user to create a clearly invalid insertion to make staker lose fund.
#44
howlbot-integration[bot]
closed
1 month ago
1
the blobGas is been refunded twice in `addSequencerL2BatchFromBlobs` functions
#43
howlbot-integration[bot]
closed
1 month ago
4
Some Stakers Will Be Missed Out During cleanupOldRollup() call
#42
howlbot-integration[bot]
opened
1 month ago
7
Old rollup whose count > 50 may lose their stake when upgrading to new rollup
#41
howlbot-integration[bot]
opened
1 month ago
4
adversary can win the dispute game in the re-org event
#40
howlbot-integration[bot]
closed
1 month ago
19
Logical flaw in `_setBufferConfig` function that can lead to unexpected behavior and potentially incorrect state updates.
#39
howlbot-integration[bot]
closed
1 month ago
3
A malicious validator can avoid loss his money doing bad assertions
#38
howlbot-integration[bot]
closed
1 month ago
6
The adversary validators steal the staked funds in `RollupUserLogic.sol`
#37
howlbot-integration[bot]
closed
1 month ago
6
`newStakeOnNewAssertion(...)` will revert due wrong logic implementation in `RollupUserLogic` contract
#36
howlbot-integration[bot]
opened
1 month ago
4
Remaining stakers not Refunded
#35
howlbot-integration[bot]
opened
1 month ago
4
`cleanupOldRollup()` reverts due to premature out of bounds
#34
howlbot-integration[bot]
closed
4 weeks ago
6
Upgrades to EdgeChallengeManager could `DoS the assertion chain` temporarily until admin unstuck it by forcing assertion
#33
howlbot-integration[bot]
closed
1 month ago
2
The staker that lost the challenge dispute game can still withdraw his stake
#32
howlbot-integration[bot]
closed
1 month ago
1
confirmAssertin() can be DOSed.
#31
howlbot-integration[bot]
closed
1 month ago
3
`sequencerBatchAcc` has an incorrect value in `RollupCore`
#30
howlbot-integration[bot]
closed
1 month ago
2
If an edge or assertion gets slashed, some depositors to the stakingPool will be cheated.
#29
howlbot-integration[bot]
closed
1 month ago
2
An invalid assertion can get confirmed, even when there are honest participants
#28
howlbot-integration[bot]
closed
1 month ago
2
Adversary can update his timerCache with his rival's(i.e. honest party's) timer, and maliciously win assertions
#27
howlbot-integration[bot]
closed
1 month ago
1
L2 sequencer can exploit L3 chains using force inclusion delays
#26
howlbot-integration[bot]
opened
1 month ago
4
Creating invalid assertion using honest parties' staked funds
#25
howlbot-integration[bot]
closed
1 month ago
1
Stakers may not be refunded during rollup upgrade
#24
howlbot-integration[bot]
opened
1 month ago
4
Two correct assertion chains could possibly happen which breaks a core invariant in BoLD
#23
howlbot-integration[bot]
closed
1 month ago
6
Next