issues
search
sherlock-audit
/
2023-01-optimism-judging
24
stars
10
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
shw - Incorrect code comments in the `StandardBridge.sol` contract
#264
github-actions[bot]
opened
1 year ago
0
csanuragjain - Incorrect owner check
#263
github-actions[bot]
opened
1 year ago
4
ak1 - Different solidity versions observed in smart contract
#262
github-actions[bot]
closed
1 year ago
1
shw - HTTP services without configured timeouts are vulnerable to Slowloris attacks
#261
github-actions[bot]
closed
1 year ago
1
csanuragjain - Steal funds using Portal
#260
github-actions[bot]
closed
1 year ago
1
shw - Rollup nodes fail to update the sequencer address from the L1 system config event
#259
github-actions[bot]
closed
1 year ago
1
ak1 - slight discrepancy found in using the data range used for `_minGasLimit`
#258
github-actions[bot]
closed
1 year ago
0
peanuts - Initializer can be frontrunned
#257
github-actions[bot]
closed
1 year ago
0
shw - Rollup nodes fail to detect incorrect account storage proofs
#256
github-actions[bot]
closed
1 year ago
1
HE1M - Incompatible decimals between local and remote token
#255
github-actions[bot]
closed
1 year ago
0
peanuts - Missing address(0) checks in critical functions
#254
github-actions[bot]
closed
1 year ago
0
peanuts - Use safetransferfrom instead of transferfrom for ERC721 transfers
#253
github-actions[bot]
closed
1 year ago
0
cergyk - High disparity between prevBaseFee and block.basefee makes block stuffing possible
#252
github-actions[bot]
closed
1 year ago
0
ck - `DepositFeed` is not inherited in the `OptimismPortal` contract
#251
github-actions[bot]
closed
1 year ago
0
ak1 - validate the `outputRoot` consistently
#250
github-actions[bot]
closed
1 year ago
1
xiaoming90 - `SystemDictator` can be front-runned
#249
github-actions[bot]
closed
1 year ago
1
unforgiven - [Low] Withdraw flow in the specs isn't what implemented in OptimisimPortal contract
#248
github-actions[bot]
closed
1 year ago
0
xiaoming90 - Legacy Message Can Be Replayed After Migration Leading To Double-Spend Bug
#247
github-actions[bot]
closed
1 year ago
0
xiaoming90 - Malicious Withdrawals Might Be Migrated
#246
github-actions[bot]
closed
1 year ago
5
ladboy233 - Adversary can force the caller to pay large gas fee when bridging ETH and ERC20 and ERC721 from L2 to L1 by emitting large unused event data.
#245
github-actions[bot]
closed
1 year ago
1
ck - Re-proving a withdrawal would fail if `_l2OutputIndex` grows beyond `2^128 - 1`
#244
github-actions[bot]
closed
1 year ago
1
SaharDevep - OP contest report
#243
github-actions[bot]
closed
1 year ago
1
cergyk - QueryFilter may query more events than needed for the migration
#242
github-actions[bot]
closed
1 year ago
0
cergyk - Extra onlyOtherBridge modifier on finalizeERC20Withdrawal in L1StandardBridge.sol
#241
github-actions[bot]
closed
1 year ago
0
Handle - `getL2OutputIndexAfter` can return a incorrect index
#240
github-actions[bot]
closed
1 year ago
1
ak1 - L2OutputOracle.sol#L85-L99 : Validate the SUBMISSION_INTERVAL and L2_BLOCK_TIME variables
#239
github-actions[bot]
closed
1 year ago
1
cergyk - Failed pre-bedrock deposits will be unreplayable after migration, and thus be lost
#238
github-actions[bot]
closed
1 year ago
1
cergyk - Fee on transfer/deflationary tokens are not correctly handled by L1StandardBridge.sol
#237
github-actions[bot]
closed
1 year ago
1
ck - `outputRoot` is retrieved from `getL2Output` not `getL2OutputAfter`
#236
github-actions[bot]
closed
1 year ago
0
unforgiven - [High] Function MigrateWithdrawal() may set gas limit so high for old withdrawals when migrating them by mistake and they can't be relayed in the L1 and users funds would be lost
#235
github-actions[bot]
opened
1 year ago
5
xiaoming90 - `SELFDESTRUCT` will not work anymore after EIP-4758
#234
github-actions[bot]
closed
1 year ago
1
ck - Block number is not an input to `proveWithdrawalTransaction` in `OptimismPortal`
#233
github-actions[bot]
opened
1 year ago
0
xiaoming90 - Migration Process Can Be DOSed By Anyone
#232
github-actions[bot]
closed
1 year ago
0
unforgiven - [Low] Function cdexp() Arithmetic has hardcoded 1e18 value instead of using FixedPointMathLib.wad
#231
github-actions[bot]
closed
1 year ago
0
cergyk - Max fee increase invariant is not respected in ResourceMetering.sol
#230
github-actions[bot]
closed
1 year ago
1
unforgiven - [Low] should only burn the transferred withdrawal amounts
#229
github-actions[bot]
closed
1 year ago
1
unforgiven - [Medium] Challenger shouldn't be able to delete finalized L2 outputs
#228
github-actions[bot]
closed
1 year ago
5
c7e7eff - ERC721 tokens can be left locked in the L1 Bridge during withdrawal.
#227
github-actions[bot]
closed
1 year ago
1
Ro - Incorrect contract naming
#226
github-actions[bot]
closed
1 year ago
0
Ro - Incorrect chain id in cross-chain transactions
#225
github-actions[bot]
closed
1 year ago
1
unforgiven - [High] Attacker can block other users L2 to L1 withdrawals in the OptimisimPortal and lock their funds by proving it to the wrong output index if sequencer send invalid L2 output root(future L2 blocks states) for that index
#224
github-actions[bot]
closed
1 year ago
1
unforgiven - [Medium] Function PreCheckWithdrawals() doesn't uniquify withdrawal items, this may cause double spend parameters like gas limit set differently for those duplicate items
#223
github-actions[bot]
closed
1 year ago
5
rvierdiiev - FeeVault set 20K gas limit which can be not enough to bridge fee from L2 to L1
#222
github-actions[bot]
closed
1 year ago
0
c7e7eff - Proxy storage collision risk
#221
github-actions[bot]
closed
1 year ago
1
lemonmon - contract with only `IOptimismMintableERC20` interface is not compatible with `StandardBridge`
#220
github-actions[bot]
opened
1 year ago
0
RaymondFam - `getL2OutputIndexAfter()` returns output regardless of the validity of input `_l2BlockNumber`
#219
github-actions[bot]
closed
1 year ago
1
unforgiven - [High] Function PreCheckWithdrawals() assumes that all the messages in the LegacyMessagePasserAddr are from L2CrossDomainMessanger and attacker can break migration script by calling OVM_L2ToL1MessagePasser.passMessageToL1() before migration
#218
github-actions[bot]
closed
1 year ago
1
lemonmon - withdrawals: finalize and prove are two step process
#217
github-actions[bot]
closed
1 year ago
0
Robert - Default transferFrom in ERC721Bridge Allows Stealing of Stuck Tokens And Other Unintended Behaviors
#216
github-actions[bot]
closed
1 year ago
1
lemonmon - withdrawals: incorrect field name `message`
#215
github-actions[bot]
closed
1 year ago
0
Previous
Next