issues
search
code-423n4
/
2024-06-thorchain-validation
1
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
validate 230
#257
CloudEllie
opened
4 months ago
0
Validate issue 201 at judge's request
#256
CloudEllie
opened
4 months ago
0
Move 201 to findings repo
#255
liveactionllama
closed
4 months ago
0
Add QA validation
#254
CloudEllie
closed
4 months ago
0
Add validator HM csv
#253
CloudEllie
closed
4 months ago
0
Failure to Revert on Critical Failures in THORChain_Router Contract
#252
c4-bot-10
closed
4 months ago
0
Unauthorized transfer of assets via insufficient validation in `transferOutAndCallV5` allows an attacker to deplete router balances
#251
c4-bot-2
closed
4 months ago
0
QA Report
#250
c4-bot-8
closed
4 months ago
0
Centralization Risk Leading to Permanent Loss of Funds Due to Unvalidated transferAllowance Calls by Malicious Vault Admins
#249
c4-bot-8
closed
4 months ago
0
The code assumes the genesis state is properly formatted. An attacker could provide malformed genesis state data, potentially leading to crashes or unexpected behavior.
#248
c4-bot-9
closed
4 months ago
0
eth cannot be transferred across vaults or routers with `transferAllowance` function
#247
c4-bot-9
closed
4 months ago
0
Some of token's underlying assets for corresponding vault can fail to be transferred when such token is a rebasing token or token with airdrops, such as AMPL
#246
c4-bot-3
closed
4 months ago
0
Incorrect access control on `THORChain_Router::transferOutAndCall` and doesn't work as intended and described in the Readme
#245
c4-bot-2
closed
4 months ago
0
Missing Event Emission in `transferAllowance` Function When Using External Router
#244
c4-bot-10
closed
4 months ago
0
Incorrect Allowance Handling on ERC20 Transfers
#243
c4-bot-8
closed
4 months ago
0
Zero value transfers are not ignored in log-parser.go when they should be ignored since Zero value transfers and approvals should revert according to the README
#242
c4-bot-4
closed
4 months ago
0
Incorrect Event Emission due to Ether Transfer Failure in THORChain Router Contract
#241
c4-bot-4
closed
4 months ago
0
Privileged Operation Vulnerability in privilegedOperation
#240
c4-bot-6
closed
4 months ago
0
`batchTransferOutAndCallV5` will be unusable due to msg.value in a loop type situation.
#239
c4-bot-6
closed
4 months ago
0
Hardcoding the expiration date in _routerDeposit( ) to type(uint).max can lead to halting fund transfer to the new router
#238
c4-bot-5
closed
4 months ago
0
Malicious user can flood the monitoring queue
#237
c4-bot-5
closed
4 months ago
0
`_transferOutAndCallV5()` is incompatible with fee on transfer tokens
#236
c4-bot-9
closed
4 months ago
0
When dealing with native coin, the `TransferOut*` events are still triggered on error
#235
c4-bot-9
closed
4 months ago
0
Native token is sent to the wrong address in `_transferOutAndCallV5()` leading to the theft of these assets
#234
c4-bot-8
closed
4 months ago
0
QA Report
#233
c4-bot-10
opened
4 months ago
0
QA Report
#232
c4-bot-7
closed
4 months ago
0
QA Report
#231
c4-bot-5
opened
4 months ago
0
QA Report
#230
c4-bot-5
opened
4 months ago
0
THORChain_Router:transferOutV5( ) Does not validate ETH amount given which will lead to protocol insolvancy
#229
c4-bot-5
closed
4 months ago
0
`batchTransferOutAndCallV5` function is broken, it will not work in some cases and in some cases it will emit wrong event values.
#228
c4-bot-7
closed
4 months ago
0
ETH is sent to the wrong address
#227
c4-bot-7
closed
4 months ago
0
Assets can be stolen after a swap attempt in `_transferOutAndCallV5()`
#226
c4-bot-7
closed
4 months ago
0
Inappropriate Use of `strings.EqualFold` for Hash Comparison
#225
c4-bot-5
closed
4 months ago
0
Events arent being logged and parsed properly according to the docs.
#224
c4-bot-8
closed
4 months ago
0
`_vaultAllowances` could be tricked.
#223
c4-bot-9
closed
4 months ago
0
Lack of input validation in THORChain_Router:depositWithExpiry() can lead to DoS
#222
c4-bot-6
closed
4 months ago
0
Missing onlyVault Check in transferAllowance Function
#221
c4-bot-7
closed
4 months ago
0
Front-Running Vulnerability in EvilERC20Token Contract
#220
c4-bot-5
closed
4 months ago
0
QA Report
#219
c4-bot-2
opened
4 months ago
0
The new `_transferOutAndCallV5()` function is not compatible with fee-on-transfer and rebase tokens
#218
c4-bot-8
closed
4 months ago
0
wrong accountations due to lack of proper updates to the `_vaultAllowance` mapping
#217
c4-bot-8
closed
4 months ago
0
Unreliable ETH Transfer Mechanism in `returnVaultAssets` Function Due to `.send` Usage
#216
c4-bot-9
closed
4 months ago
0
`batchTransferOutAndCallV5` might revert if there are more than 2 calls, which transfer ETH
#215
c4-bot-6
closed
4 months ago
0
`_transferOutAndCallV5` function is incompatible for the Fee-on-Transfer tokens
#214
c4-bot-10
closed
4 months ago
0
QA Report
#213
c4-bot-5
closed
4 months ago
0
Usage of transfer() for ETH Transfer
#212
c4-bot-3
closed
4 months ago
0
Use `call` instead of `transfer` or `send`
#211
c4-bot-3
closed
4 months ago
0
Network Delays Can Cause Transactions to Revert in depositWithExpiry Function Due to Close Expiration Time
#210
c4-bot-3
closed
4 months ago
0
Short User-Defined Expiry Settings in depositWithExpiry Function Can Lead to Reverts Due to lack of Minimum Default Expiry
#209
c4-bot-3
closed
4 months ago
3
If `msg.sender` is a contract or multisig, the `safeAmount` may result into loss of the funds.
#208
c4-bot-5
closed
4 months ago
0
Next