search

code-423n4 / 2024-05-arbitrum-foundation-findings

3 stars 2 forks source link

QA Report #14

Open c4-bot-8 opened 4 months ago

c4-bot-8 commented 4 months ago

See the markdown file with the details of this report here.

gzeoneth commented 4 months ago

For L-01: The tree does not allow for empty leaves to be added, see: https://github.com/code-423n4/2024-05-arbitrum-foundation/blob/6f861c85b281a29f04daacfe17a2099d7dad5f8f/src/challengeV2/libraries/MerkleTreeLib.sol#L241 and https://github.com/code-423n4/2024-05-arbitrum-foundation/blob/6f861c85b281a29f04daacfe17a2099d7dad5f8f/src/challengeV2/libraries/MerkleTreeLib.sol#L159C9-L160C1

But I think it can be QA as it might be nice to add more comments about this. Since it is technically possible to build a tree with empty leaves outside of this contract and unknowingly use the methods in this lib to verify proofs etc.

gzeoneth commented 4 months ago

For L-02: Invalid. Expected behavior. Time delta is expected to apply to the last assertion in the series of overflow assertions because that is what determine the inbox position of the next assertion afterward.

c4-judge commented 3 months ago

Picodes marked the issue as grade-b