issues
search
sherlock-audit
/
2023-05-ecoprotocol-judging
1
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
branch_indigo - L2 Transfer Likely Reverts Due to Insufficient Approved Allowance During Rebase
#165
sherlock-admin
closed
1 year ago
3
ww4tson - Storage state of `CrossDomainEnabledUpgradeable` is not upgradable
#164
sherlock-admin
closed
1 year ago
0
Jaraxxus - If rebase happens during L1 to L2 token transfer, then L2 tokens may not get the equivalent L1 deposit
#163
sherlock-admin
closed
1 year ago
0
ww4tson - Optimism bridge not supporting rebasing tokens for now
#162
sherlock-admin
closed
1 year ago
0
MohammedRizwan - Use safeTransferFrom instead of transferFrom
#161
sherlock-admin
closed
1 year ago
0
james_wu - L1 ECO tokens are locked permanently to L2ECOBridge contract
#160
sherlock-admin
closed
1 year ago
0
ecexit - eccentricexit - Updates to Inflation Multiplier on L2 can undone by anyone via OOG + replay.
#159
sherlock-admin
closed
1 year ago
5
walter - Different inflationMultipliers on contracts deployed (2 bridges)
#158
sherlock-admin
closed
1 year ago
0
Jaraxxus - L1ECOBridge function depositERC20To does not have the onlyEOA modifier
#157
sherlock-admin
closed
1 year ago
0
branch_indigo - L2Rebase Vulnerable to L1 MEV Attack or Sequencer Front-Running Potentially Causing Excessive L2ECO Minting
#156
sherlock-admin
closed
1 year ago
3
pontifex - User tokens can be locked on the `L1ECOBridge` contract
#155
sherlock-admin
closed
1 year ago
0
0xDjango - Attacker can overwrite the L2 `inflationMultiplier` with previous values
#154
sherlock-admin
closed
1 year ago
5
MohammedRizwan - updateTokenRoleAdmin() should be two step update process
#153
sherlock-admin
closed
1 year ago
0
walter - Bridge contracts aren't upgraedable
#152
sherlock-admin
closed
1 year ago
0
pontifex - Burning token by user on the L2 has no effect on the L1's totalSupply
#151
sherlock-admin
closed
1 year ago
0
Bauer - Stealing funds from users
#150
sherlock-admin
closed
1 year ago
0
0xfuje - Desynced rebase between L1 and L2 could lead to partly lost user funds or attacker gaining funds
#149
sherlock-admin
closed
1 year ago
2
Kose - Gasless Bridging from L1 to L2
#148
sherlock-admin
closed
1 year ago
0
Bahurum - Refunding will always revert
#147
sherlock-admin
closed
1 year ago
0
walter - Need to check params
#146
sherlock-admin
closed
1 year ago
0
T1MOH - Funds will stuck in L2ECOBridge when L1ECO is paused
#145
sherlock-admin
closed
1 year ago
0
libratus - Inflation multiplier can change between initiating and finalizing L2 deposit breaking accounting
#144
sherlock-admin
closed
1 year ago
0
libratus - Inflation multiplier can change between initiating and finalizing L2 withdrawal breaking accounting
#143
sherlock-admin
closed
1 year ago
0
0xdeadbeef - Malicious actor cause rebase to an old inflation multiplier
#142
sherlock-admin
opened
1 year ago
7
0xHati - Deposits, withdrawals and rebase won't work when the L2 bridge is upgraded because it wont have permission on the L2ECO token
#141
sherlock-admin
closed
1 year ago
0
SanketKogekar - In _initiateERC20Deposit the tokens to deposit are never approved by the function
#140
sherlock-admin
closed
1 year ago
0
0xdeadbeef - L2 upgrades are not rollback resistant
#139
sherlock-admin
closed
1 year ago
6
SanketKogekar - Accidently setting `linearInflationMultiplier` to 0 in `_rebase` breaks a lot of functionality which could be fatal for the protocol.
#138
sherlock-admin
closed
1 year ago
0
0xfuje - Pause incompatibility between L1 and L2 Eco
#137
sherlock-admin
closed
1 year ago
0
0xfuje - Too little `l2Gas` set on `depositERC20()` function could lead to lost deposited user funds
#136
sherlock-admin
closed
1 year ago
7
0xfuje - `onlyFromCrossDomain` Denial of Service on mainnet
#135
sherlock-admin
closed
1 year ago
0
RaymondFam - Potential Inflation Adjustment Imbalance in Cross-Chain Withdrawals and Deposits
#134
sherlock-admin
closed
1 year ago
0
SanketKogekar - Initiates bridging of 0 amount of tokens and allows minting & burning 0 tokens.
#133
sherlock-admin
closed
1 year ago
0
MohammedRizwan - Missing zero address check on initialize( ) function can cause redeployement of contracts
#132
sherlock-admin
closed
1 year ago
0
blackhole - Potential Implications of Changing `inflationMultiplier` during L2-to-L1 Bridge Transfers
#131
sherlock-admin
closed
1 year ago
0
SanketKogekar - Single-step process for critical ownership transfer/renounce in `updateTokenRoleAdmin` (tokenRoleAdmin)
#130
sherlock-admin
closed
1 year ago
0
0xdeadbeef - Withdrawals with more then 120,000 data length cannot be u-turned.
#129
sherlock-admin
closed
1 year ago
0
SanketKogekar - Dummy (ignore)
#128
sherlock-admin
closed
1 year ago
0
cccz - When the protocol is initially deployed, the inflationMultiplier for L1 and L2 may not be equal
#127
sherlock-admin
closed
1 year ago
0
n33k - Stale inflationMultiplier in L1ECOBridge
#126
sherlock-admin
opened
1 year ago
9
N16H7M4R3 - Functions finalizeERC20Withdrawal() and _initiateERC20Deposit() does not rebase inflationMultiplier
#125
sherlock-admin
closed
1 year ago
0
SanketKogekar - Missing `onlyEOA` modifier on `depositERC20To` function.
#124
sherlock-admin
closed
1 year ago
0
evilakela - Inflation multiplier not applied to L2ECO#allowance
#123
sherlock-admin
closed
1 year ago
0
0xdeadbeef - Malicious actor can delay withdrawals by 7 days if ECO.sol is paused
#122
sherlock-admin
closed
1 year ago
3
scaraven - New implementation contracts should be checked that interfaces match with old implementation
#121
sherlock-admin
closed
1 year ago
0
evilakela - No precision scaling L2ECO.sol
#120
sherlock-admin
closed
1 year ago
0
aidenpearce369 - Unchecked return type validation in `_initiateERC20Deposit`
#119
sherlock-admin
closed
1 year ago
0
N16H7M4R3 - The assertion in the onlyEOA() modifier can be bypassed.
#118
sherlock-admin
closed
1 year ago
0
scaraven - ~ No __gap[] in `CrossDomainEnabledUpgradeable.sol`~ Invalid Issue PLEASE IGNORE
#117
sherlock-admin
closed
1 year ago
0
scaraven - L2ECO should have pausable functionality
#116
sherlock-admin
closed
1 year ago
0
Next