code-423n4 2024-05-arbitrum-foundation-validation issues

code-423n4 / 2024-05-arbitrum-foundation-validation

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Add issue 119 to findings repo at judge's request

#392 CloudEllie opened 3 months ago
0
reference correct finding in json files

#391 aks- closed 4 months ago
0
QA validation

#390 CloudEllie closed 4 months ago
0
QA validation

#389 CloudEllie closed 4 months ago
0
gas report validation

#388 CloudEllie closed 4 months ago
0
validate HM submissions

#387 CloudEllie closed 4 months ago
0
Re-org attack in some functions

#386 c4-bot-9 opened 4 months ago
0
QA Report

#385 c4-bot-9 closed 4 months ago
0
Anyone can call admin functions in RollupAdminLogic.sol

#384 c4-bot-9 opened 4 months ago
0
EdgeChallengeManager.sol:: Unprotected Staking Operations

#383 c4-bot-6 opened 4 months ago
0
AssertionStakingPoolCreator.getPool() is vulnerable to address collission

#382 c4-bot-3 opened 4 months ago
0
Arbitrary Third-party Contract Calls

#381 c4-bot-3 opened 4 months ago
0
Non-Unique Salt Value in createPool Function

#380 c4-bot-4 opened 4 months ago
0
Excessive Privilege in Function removeDelayAfterFork()

#379 c4-bot-8 opened 4 months ago
0
DelayBuffer.sol:: Unhandled Overflow in Buffer Calculation

#378 c4-bot-8 opened 4 months ago
0
EdgeStakingPool.sol:: Token Contract Manipulation Vulnerability in the function createEdge()

#377 c4-bot-8 opened 4 months ago
0
there is an i ncorrect Handling of Validator AFK Check in _validatorIsAfk

#376 c4-bot-9 opened 4 months ago
0
QA Report

#375 c4-bot-9 opened 4 months ago
0
`firstChildBlock` value not set when first child assertion is created.

#374 c4-bot-10 opened 4 months ago
0
Dubious typecast in the following functions getTimeBounds & setValidKeyset & _setBufferConfig & submiteBatchSpendingReport & _setMaxTimeVariation & formCallDataHash & packHeader functions

#373 c4-bot-4 opened 4 months ago
0
QA Report

#372 c4-bot-1 closed 4 months ago
0
Potential Theft of Funds Due to Static Salt in Contract Creation During Reorgs

#371 c4-bot-1 opened 4 months ago
0
Theft of funds under in the Sequencer in the form of gas

#370 c4-bot-4 opened 4 months ago
0
Griefing Attack Possible Where Validator Will Lose Their Stake

#369 c4-bot-8 opened 4 months ago
0
QA Report

#368 c4-bot-6 closed 4 months ago
0
Insufficient Challenge Period Validation

#367 c4-bot-8 opened 4 months ago
0
Dubious typecast in the following functions update function and calcPendingBuffer function

#366 c4-bot-6 opened 4 months ago
0
Insufficient Validation of `stakeAmounts` Non-Zero Values

#365 c4-bot-8 opened 4 months ago
0
RollupAdminLogic : lack of access control for some of the critical functionality

#364 c4-bot-7 opened 4 months ago
0
QA Report

#363 c4-bot-3 opened 4 months ago
0
Incorrect equality in the functions called getKeysetCreationBlock and packHeader function

#362 c4-bot-3 opened 4 months ago
0
Withdrawals can be delayed in some conditions

#361 c4-bot-3 opened 4 months ago
0
RollupAdminLogic : anyone can call the `pause()` and `resume()`

#360 c4-bot-7 opened 4 months ago
0
Lack of Event Emission for Critical State Changes

#359 c4-bot-9 opened 4 months ago
0
Adversary can submit two different complimentary wrong assertions, preventing an honest assertion from getting confirmed.

#358 c4-bot-9 opened 4 months ago
19
RollupAdminLogic : incorrect `minimumAssertionPeriod` when the contract is created.

#357 c4-bot-4 opened 4 months ago
0
Using block.number as a time reference may be subjected to change if Ethereum upgrades

#356 c4-bot-4 opened 4 months ago
0
Insufficient Access Control , Potential Unauthorized Access

#355 c4-bot-4 opened 4 months ago
0
A pool collision attack can be used to steal funds meant for assertions

#354 c4-bot-3 opened 4 months ago
0
Protocol hardcodes block minting time even if contracts are to deploy on other chains

#353 c4-bot-1 opened 4 months ago
0
The timer cache in `EdgeChallengeManagerLib` at a time would become unsettable

#352 c4-bot-1 opened 4 months ago
0
Protocol's deployment of new contracts is unsafe

#351 c4-bot-6 opened 4 months ago
0
`RollupUserLogic#newStakeOnNewAssertion()` does not function as expected

#350 c4-bot-5 opened 4 months ago
0
RollupAdminLogic does not have any access control

#349 c4-bot-10 opened 4 months ago
0
Lack of Reentrancy Guard, Funds Drain

#348 c4-bot-1 opened 4 months ago
0
If both validator's and challenger's assertion is not honest, the wrong assertion can be confirmed with a winner getting back the bond

#347 c4-bot-6 opened 4 months ago
2
AssertionStakingPool : createAssertion - user unable to withdraw their funds due to incorrect withdrawal address while creating the assertion.

#346 c4-bot-6 opened 4 months ago
0
The requiredStake on stakeOnNewAssertion is directed by the previous assertion and not a base value

#345 c4-bot-2 opened 4 months ago
0
QA Report

#344 c4-bot-10 closed 4 months ago
0
`removeWhitelistAfterFork` and `removeWhitelistAfterValidatorAfk` can be called when contract is paused, disabling whitelist mechanism

#343 c4-bot-9 opened 4 months ago
0