issues
search
sherlock-audit
/
2023-12-avail-judging
4
stars
4
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
m4ttm - Lack of zero checks in updateTokens allows AvailBridge assetId to be set
#134
sherlock-admin2
closed
8 months ago
1
Avci - the nonce value doesnt increace and its always == 1
#133
sherlock-admin
closed
8 months ago
1
Udsen - THERE IS NO MAXIMUM UPPERBOUND RESTRICTION FOR THE `feePerByte` VALUE WHEN IT IS BEING SET
#132
sherlock-admin2
closed
8 months ago
1
JP_Courses - `AvailBridge::sendMessage()` Sending messages of still VALID length `data.length == MAX_DATA_LENGTH` will trigger tx revert, effectively DoS-ing the passing of arbitrary data from Ethereum to Avail
#131
sherlock-admin
closed
8 months ago
5
0xMR0 - verification of bridge leaf will always fail due to unhashed leaf input argument
#130
sherlock-admin2
closed
8 months ago
4
kgothatso - `AvailBridge :: withdrawFees` can be called by anyone and can cause front-running ans a DOS attack
#129
sherlock-admin
closed
8 months ago
1
John_Femi - No check between Avail token and ERC20 Token
#128
sherlock-admin2
closed
8 months ago
1
rekxor - AvailBridge.sol :: receiveAVAIL() has a wrong check in the if condition L219
#127
sherlock-admin
closed
8 months ago
1
Udsen - MERKLE LEAVES HAVE THE SAME LENGTH OF 64BYTES AS THE PARENT NODES IN THE `AvailBridge._checkDataRoot` FUNCTION THUS VALIDATING FRAUDULENT MERKLE PROOF
#126
sherlock-admin2
closed
8 months ago
1
jasonxiale - AvailBridge doesn't return overpayment
#125
sherlock-admin
closed
8 months ago
1
alexzoid - `sendMessage()` Allow Spamming of Off-Chain Infrastructure
#124
sherlock-admin2
closed
8 months ago
1
Damiclone - potential theft of bridges fee due to poor withdrawal design
#123
sherlock-admin
closed
8 months ago
1
jasonxiale - assets might be stuck in the AvailBridge
#122
sherlock-admin2
closed
8 months ago
1
m4ttm - Excess funds are lost when using sendMessage
#121
sherlock-admin
closed
8 months ago
1
404Notfound - Merkle leaf values for `dataRootCommitment` are 64 bytes before hashing which can lead to merkle tree collisions
#120
sherlock-admin2
closed
8 months ago
1
dermaroller5 - sendMessage will wrongfully fail in a scenario where a user sends max data length
#119
sherlock-admin
closed
8 months ago
1
ten-on-ten - Denial of Service when vectorx address is changed
#118
sherlock-admin2
closed
8 months ago
2
Udsen - THERE IS NO LOGIC IN THE `AvailBridge` CONTRACT TO WITHDRAW THE LOCKED FUNDS, IN THE EVENT, THE CONTRACT IS PAUSED DUE TO AN EMERGENCY
#117
sherlock-admin
closed
8 months ago
1
m4ttm - Reverse order of constructor arguments for ERC20 name and symbol
#116
sherlock-admin2
closed
8 months ago
8
dermaroller5 - WithdrawFees can be called by anyone which can lead to loss of funds.
#115
sherlock-admin
closed
8 months ago
1
m4ttm - Incorrect use of >= to check against MAX_DATA_LENGTH
#114
sherlock-admin2
closed
8 months ago
1
Jaraxxus - Excess msg.value is not refunded when calling sendMessage, which will affect fees calculation as well
#113
sherlock-admin
closed
8 months ago
1
DenTonylifer - Loss of funds when sending a message
#112
sherlock-admin2
closed
8 months ago
1
Jaraxxus - Usage of 64 bytes before hashing can lead to merkle tree collisions
#111
sherlock-admin
closed
8 months ago
1
Udsen - THE `msg.sender` OF THE `AvailBridge.sendMessage` TRANSACTION WILL LOSE THE EXCESSIVE NATIVE ETH FUNDS TRANSFERRED TO THE TRANSACTION SINCE THIER IS NOT LOGIC TO REFUND THE EXCESSIVE AMOUNT
#110
sherlock-admin2
closed
8 months ago
1
jasonxiale - Messages are vulnerable to cross-chain replay attacks
#109
sherlock-admin
closed
8 months ago
1
Udsen - `AvailBridge.receiveETH` FUNCTION DOES NOT PERFORM INPUT VALIDAITON CHECK ON RECIPIENT ADDRESS FOR `address(0)` THUS COULD LEAD TO LOSS OF FUNDS
#108
sherlock-admin2
closed
8 months ago
1
evmboi32 - Excess funds are not returned to the msg.sender when sending a message
#107
sherlock-admin
closed
8 months ago
1
Bauer - Merkle leaf values are 64 bytes before hashing which can lead to merkle tree collisions
#106
sherlock-admin2
closed
8 months ago
1
DenTonylifer - Lack of balance check
#105
sherlock-admin
closed
8 months ago
1
evmboi32 - No way to recover funds from the failed bridge transaction.
#104
sherlock-admin2
closed
8 months ago
1
Udsen - `AvaildBridge.initialize` FUNCTION DOES NOT CHECK THE RETURN BOOLEAN VALUE OF `_grantRole(PAUSER_ROLE, pauser)` CALL FOR SUCCESS THUS PUTTING THE ENTIRE BRIDGE IN DANGER IN THE EVENT OF AN EMERGENCY
#103
sherlock-admin
closed
8 months ago
1
0xWallSecurity - [M-2] Users can send empty messages without paying fees
#102
sherlock-admin2
closed
8 months ago
1
John_Femi - Bridge can only be done in one direction
#101
sherlock-admin
closed
8 months ago
1
0xWallSecurity - [M-1] ERC20 Tokens sent over the bridge may get locked, if the allowed token-list updates, before the ERC20 are received.
#100
sherlock-admin2
closed
8 months ago
1
Udsen - __gap VARIABLE IS NOT DEFINED IN THE `AvailBridge` UPGRADEABLE CONTRACT
#99
sherlock-admin
closed
8 months ago
1
0xhashiman - Lack of __gap Variable
#98
sherlock-admin2
closed
8 months ago
2
0xlamide - Users funds can be lost if transaction reverts on the receiving chain
#97
sherlock-admin
closed
8 months ago
1
0xlamide - Users fy
#96
sherlock-admin2
closed
8 months ago
1
KiteWeb3 - Potential Denial-of-Service (DoS) Risk Due to Lack of Upper Limit and Absence of Event Emission in ```AvailBridge::updateFeePerByte()```
#95
sherlock-admin
closed
8 months ago
1
r0ck3tz - Missing initialization of implementation contract
#94
sherlock-admin2
closed
8 months ago
1
KiteWeb3 - Incorrect Data Length Validation in ```AvailBridge::sendMessage``` function
#93
sherlock-admin
closed
8 months ago
1
0xC - Integer Overflow in `sendERC20` Function
#92
sherlock-admin2
closed
8 months ago
1
0xC - Integer Overflow in `sendETH` Function
#91
sherlock-admin
closed
8 months ago
1
0xC - Integer Overflow in `sendAVAIL` Function
#90
sherlock-admin2
closed
8 months ago
1
0xC - Integer Overflow in `sendMessage` Function
#89
sherlock-admin
closed
8 months ago
2
gqrp - Invalid
#88
sherlock-admin2
closed
8 months ago
1
caventa - receiveETH could spend fee
#87
sherlock-admin
closed
8 months ago
5
0x52 - Not requiring approvals for wAVAIL bridges make the token dangerous in some existing defi platforms
#86
sherlock-admin2
closed
8 months ago
2
0x52 - Very large sends from AvailBridge will break receiving bridge and cause loss of funds
#85
sherlock-admin
closed
8 months ago
5
Next