issues
search
sherlock-audit
/
2023-03-optimism-judging
7
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
0xdeadbeef - InvalidMessage can cause migration to halt
#112
sherlock-admin
closed
1 year ago
6
prapandey031 - Delegate call to the initiateWithdrawal() function of the L2ToL1MessagePasser.sol would result in positive msg.value without sending any real value
#111
sherlock-admin
closed
1 year ago
0
prapandey031 - Replay of L2ToL1 Messages due to absence of check for sent messages and overflow of msgNonce in the initiateWithdrawal() function of the L2ToL1MessagePasser.sol
#110
sherlock-admin
closed
1 year ago
2
obront - Reduced performance when `l1Blocks` in BatchQueue is empty due to wrong CriticalError emission
#109
sherlock-admin
closed
1 year ago
2
prapandey031 - Delegate call to the depositTransaction() function of the OptimismPortal.sol would result in high msg.value without sending any real value
#108
sherlock-admin
closed
1 year ago
0
obront - Optimism node is susceptible to Gossip-related attacks due to a bug in handling its configuration
#107
sherlock-admin
closed
1 year ago
7
prapandey031 - The check "msg.sender != tx.origin" in the depositTransaction() of the OptimismPortal.sol can be broken
#106
sherlock-admin
closed
1 year ago
2
obront - Incorrect validation checks will allow data corruption in derivation pipeline
#105
sherlock-admin
closed
1 year ago
2
unforgiven - cross domain messages with big calldata would be not-relay-able because baseGas() overestimate the intrinsic gas
#104
sherlock-admin
closed
1 year ago
3
prapandey031 - Address aliasing can result in L2 accounts already having ETH or address(0) while depositing L1 to L2
#103
sherlock-admin
closed
1 year ago
2
obront - Interaction with OptimismPortal implementation will result in loss of funds
#102
sherlock-admin
closed
1 year ago
3
obront - LES transactions are not sent to the sequencer
#101
sherlock-admin
closed
1 year ago
2
obront - Wrong _minGasLimit sent from Bridge to Cross Domain Messenger
#100
sherlock-admin
closed
1 year ago
6
obront - Reentrancy in Cross Domain Messenger can cause permanent loss of funds
#99
sherlock-admin
closed
1 year ago
1
obront - Migration can brick high gas transactions due to delivery cost exceeding block gas limit
#98
sherlock-admin
closed
1 year ago
6
unforgiven - valid old withdrawals with more than 25M intrinsic gas can be DOSed by attacker after migration because code cap gasLimit at 25M
#97
sherlock-admin
closed
1 year ago
2
obront - CrossDomainMessenger does not successfully guarantee replayability, can lose user funds
#96
sherlock-admin
opened
1 year ago
7
prapandey031 - No whenNotPaused() modifier in the depositTransaction() function in OptimismPortal.sol
#95
sherlock-admin
closed
1 year ago
0
Koolex - Withdrawals initiation targeting **OptimismPortal** is allowed although finalizing it is not
#94
sherlock-admin
closed
1 year ago
0
obront - All migrated withdrarwals that require more than 135,175 gas may be bricked
#93
sherlock-admin
opened
1 year ago
8
Jeiwan - `CrossDomainMessenger` over-estimates the gas required to pass cross-chain messages and contradicts the intrinsic gas calculation, forcing users to pay more
#92
sherlock-admin
closed
1 year ago
6
obront - Submission interval is unreasonably restricted, bricking migration process or immutably setting incorrect params
#91
sherlock-admin
closed
1 year ago
2
obront - Migrated withdrawals requiring over 25mm gas will be bricked
#90
sherlock-admin
closed
1 year ago
0
obront - Setting `baseFeeMaxChangeDenominator` to 1 will break all deposits
#89
sherlock-admin
closed
1 year ago
6
Jeiwan - Gas usage of cross-chain messages is undercounted, causing discrepancy between L1 and L2 and impacting intrinsic gas calculation
#88
sherlock-admin
opened
1 year ago
5
Jeiwan - Legacy withdrawals can be relayed twice, causing double spending of bridged assets
#87
sherlock-admin
opened
1 year ago
1
unforgiven - Invalid L2 sender in CrossDomainMessenger
#86
sherlock-admin
closed
1 year ago
0
Koolex - Possible loss of funds if the minimum gas limit is set too high on deposit
#85
sherlock-admin
closed
1 year ago
7
unforgiven - DOS and griefing the sequencer by bridging large data deposits from L1 to L2 with low gas
#84
sherlock-admin
closed
1 year ago
0
8olidity - use safetransferFrom()
#83
sherlock-admin
closed
1 year ago
0
Koolex - L2 block gas limit can be set too high which has critical impact
#82
sherlock-admin
closed
1 year ago
6
Koolex - Legacy messages that are already relayed can still be finalized
#81
sherlock-admin
closed
1 year ago
6
Koolex - Possible loss of funds in case extra ether sent to **OptimismPortal** for old withdrawals
#80
sherlock-admin
closed
1 year ago
2
Koolex - LES Issue#175 from the previous contest isn't fixed.
#79
sherlock-admin
closed
1 year ago
4
Koolex - Stuck funds can not be recovered although possible loss of funds is likely especially for a custom developed messengers
#78
sherlock-admin
closed
1 year ago
2
Koolex - Estimating gas required to relay the message on both L1 and L2 is incorrect
#77
sherlock-admin
closed
1 year ago
10
OCC - Lack of access control mechanism
#76
sherlock-admin
closed
1 year ago
0
HE1M - Missing `onlyEOA` in `OptimismPortal` and `L2ToL1MessagePasser`
#75
sherlock-admin
closed
1 year ago
2
XDZIBEC - Vulnerability in OVM_DeployerWhitelist contracts
#74
sherlock-admin
closed
1 year ago
0
rvierdiiev - User can be temporary blocked to prove his transaction after removal of output from L2OutputOracle
#73
sherlock-admin
closed
1 year ago
6
rvierdiiev - Proposer can provide output without _l1BlockHash which will make output to be invalid in case of l1 reorg
#72
sherlock-admin
closed
1 year ago
2
Koolex - `finalizeWithdrawalTransaction` transaction will not be processed if the minimum gas is set too high
#71
sherlock-admin
closed
1 year ago
4
Koolex - Initiating withdrawals on L2 is always open (not pausable) which has a non-trivial impact
#70
sherlock-admin
closed
1 year ago
6
Koolex - Big withdrawals can not be halted in case of an emerging issue
#69
sherlock-admin
closed
1 year ago
1
Koolex - Deleting output proposals can not be paused by any role which could possibly lead to critical impact
#68
sherlock-admin
closed
1 year ago
8
0xdeadbeef - Malicious actor can prevent migration by calling a non-existing function in `OVM_L2ToL1MessagePasser` and making `ReadWitnessData` return an error
#67
sherlock-admin
opened
1 year ago
2
Barichek - Withdrawal transactions may temporarily get stuck if the output root is reproposed
#66
sherlock-admin
closed
1 year ago
2
HE1M - Messing up `from` or `sender` address on the receiver chain
#65
sherlock-admin
closed
1 year ago
2
OCC - getL1GasUsed() function may not accurately calculate the gas used for a transaction
#64
sherlock-admin
closed
1 year ago
0
OCC - Risk of Integer Overflow in L1 Fee Calculation
#63
sherlock-admin
closed
1 year ago
0
Next