issues
search
code-423n4
/
2024-06-thorchain-findings
6
stars
3
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
QA Report
#106
howlbot-integration[bot]
opened
2 months ago
5
Rebasing Tokens Cause Incorrect Balance Calculations and Unexpected Behavior in safeTransferFrom Function
#105
howlbot-integration[bot]
closed
2 months ago
16
QA Report
#103
howlbot-integration[bot]
opened
3 months ago
8
QA Report
#102
howlbot-integration[bot]
opened
3 months ago
1
QA Report
#101
howlbot-integration[bot]
opened
3 months ago
2
QA Report
#100
howlbot-integration[bot]
opened
3 months ago
1
QA Report
#99
howlbot-integration[bot]
opened
3 months ago
1
QA Report
#98
howlbot-integration[bot]
opened
3 months ago
4
QA Report
#97
howlbot-integration[bot]
closed
3 months ago
1
`_transferOutAndCallV5` transfers gas assets to a wrong address when the swap fails, resulting in the loss of user funds
#96
howlbot-integration[bot]
closed
3 months ago
2
The THORChain Router is not compatible with ERC20 tokens that modify balances outside of transfers
#95
howlbot-integration[bot]
closed
2 months ago
5
`batchTransferOutV5` fails when there are more than one native asset transfers
#94
howlbot-integration[bot]
closed
3 months ago
1
`transferOutAndCallV5` and `batchTransferOutAndCallV5` emit the `TransferOutAndCallV5` event, which is not handled in Bifrost
#93
howlbot-integration[bot]
closed
3 months ago
2
`_transferOutAndCallV5` does not revert when the swap in aggregator fails, leading to loss of recipient's funds
#92
howlbot-integration[bot]
closed
3 months ago
1
`TransferOutAndCall` event is still emitted for failed `transferOutAndCall`, which will be observed by Bifrost
#91
howlbot-integration[bot]
closed
3 months ago
1
Using `msg.value` in a loop allows the contract to be completely drained
#90
howlbot-integration[bot]
closed
3 months ago
2
Send eth to the wrong person, which leads to errors.
#89
howlbot-integration[bot]
closed
3 months ago
2
If calling `swapOutV5` would fail on target contract this could lead to loss of funds
#88
howlbot-integration[bot]
closed
3 months ago
2
Unsuccessful swap could lead to loss of ERC20 tokens
#87
howlbot-integration[bot]
closed
3 months ago
1
If swap fails a vault will lose the ETH it has sent
#86
howlbot-integration[bot]
closed
3 months ago
2
A malicious user can steal money out of the vault and other users
#85
howlbot-integration[bot]
opened
3 months ago
14
Fee on transfer tokens will make `_transferOutAndCallV5()` revert
#84
howlbot-integration[bot]
closed
3 months ago
1
Calling transferOutAndCallV5 function with fee on transfer token will fail
#83
howlbot-integration[bot]
closed
3 months ago
1
Logic error in _transferOutAndCallV5 internal function
#82
howlbot-integration[bot]
closed
3 months ago
2
User could get his funds locked using a particular type of tokens
#81
howlbot-integration[bot]
closed
3 months ago
2
`THORChain_Router::transferOut` and `THORChain_Router::_transferOutV5` emits incorrect data in `TransferOut` event breaking one of the Main Invariants of the Protocol
#80
howlbot-integration[bot]
closed
3 months ago
1
User can loss hsi funds in `_transferOutAndCallV5` function
#79
howlbot-integration[bot]
closed
3 months ago
2
Passing multiple msg.value in the _transferOutAndCallV5 function can cause batchTransferOutAndCallV5 to fail
#78
howlbot-integration[bot]
closed
3 months ago
1
`THORChain_Router::batchTransferOutAndCallV5` function uses `msg.value` in a loop which makes the function unusable for batch transfers of ETH
#77
howlbot-integration[bot]
closed
3 months ago
1
Without checking _dexAggSuccess, there is a risk of losing transferred assets to the `aggregationPayload.target`
#76
howlbot-integration[bot]
closed
3 months ago
1
If the swapOut fails, the Ether should be sent to the recipient instead of the aggregator
#75
howlbot-integration[bot]
closed
3 months ago
2
TransferOutAndCall event should not be emitted if the `ethSuccess` is false
#74
howlbot-integration[bot]
closed
3 months ago
2
If swap fails incorrect event data is emitted in `THORChain_Router::transferOutAndCall` function, leading to incorrect tracking of funds by the Bifrost and breaking Main Invariant of the protocol
#73
howlbot-integration[bot]
closed
3 months ago
1
THORChain_Router::batchTransferOutAndCallV5 reuses msg.value across a batch and will revert.
#72
howlbot-integration[bot]
closed
3 months ago
1
`batchTransferOutAndCallV5` Will Always Revert if There is More Than One `ETH` Transfer
#71
howlbot-integration[bot]
closed
3 months ago
2
Refund functionality breaks protocol logic
#70
howlbot-integration[bot]
closed
3 months ago
1
Incorrect Information Displayed by Events in THORChain_Router.sol
#69
howlbot-integration[bot]
closed
3 months ago
1
Missing Event Handling for `TransferOutAndCallV5` in `smartcontract_log_parser`
#68
howlbot-integration[bot]
closed
3 months ago
3
Wrong address will receive msg.value when call failed
#67
howlbot-integration[bot]
closed
3 months ago
2
The function `THORChain_Router::_transferOutAndCallV5` is sending the ether to the `target` instead of the `recipient`.
#66
howlbot-integration[bot]
closed
3 months ago
2
`THORChain_Router::batchTransferOutAndCallV5` can be abused and user can drain contract funds.
#65
howlbot-integration[bot]
closed
3 months ago
4
Router transferOutAndCallV5: Fee on transfer tokens lead to an error when swap and incorrect approval accounting
#64
howlbot-integration[bot]
closed
3 months ago
1
Msg-value-loop
#63
howlbot-integration[bot]
closed
3 months ago
2
Protocol could be tricked on some to-be integrated tokens
#62
howlbot-integration[bot]
closed
2 months ago
5
batchTransferOutAndCallV5 cannot work correctly with ETH transfers
#61
howlbot-integration[bot]
closed
3 months ago
1
batch transfers will fail cause msg.value is used instead of aggregationPayload.fromAmount
#60
howlbot-integration[bot]
closed
3 months ago
2
In _transferOutAndCallV5, ETH is incorrectly sent to target
#59
howlbot-integration[bot]
closed
3 months ago
2
If the fromAsset in the _transferOutAndCallV5 function is a fee-on token, the exchange may fail.
#58
howlbot-integration[bot]
closed
3 months ago
1
_transferOutAndCallV5 emits event even if aggregator fails
#57
howlbot-integration[bot]
closed
3 months ago
2
Using msg.value inside a loop breaks function functionality
#56
howlbot-integration[bot]
closed
3 months ago
2
Next