issues
search
sherlock-audit
/
2023-12-avail-judging
4
stars
4
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
0x52 - User can circumvent fee requirement by sending message with no data
#84
sherlock-admin2
closed
8 months ago
3
0x52 - User can receive tokens/messages to address(0) by using a malformed destination address
#83
sherlock-admin
closed
8 months ago
2
0x52 - AvailBridge#updateTokens will cause bridge to break for updated assets
#82
sherlock-admin2
closed
8 months ago
4
kgothatso - `AvailBridge :: sendERC20` can revert transaction if receive address is a contract and cause a DOS attack
#81
sherlock-admin
closed
8 months ago
1
kgothatso - `AvailBridge :: sendETH` can revert transaction if receive address is a contract and cause a DOS attack
#80
sherlock-admin2
closed
8 months ago
2
kgothatso - `AvailBridge :: updateTokens` can register a non allowed tokens
#79
sherlock-admin
closed
8 months ago
1
kgothatso - `Merkle :: verify ` Gas limit is inaccurate
#78
sherlock-admin2
closed
8 months ago
1
kgothatso - ` AvailBridge :: withdrawFees ` Reentrancy attack from false update of state varible
#77
sherlock-admin
closed
8 months ago
1
r0ck3tz - Incorrect check for the maximum length of the message
#76
sherlock-admin2
closed
8 months ago
1
Tricko - `AvailBridge._checkDataRoot()` is susceptible to preimage attacks on merkle trees.
#75
sherlock-admin
closed
8 months ago
1
aslanbek - Wrong comparison operator for the data length check
#74
sherlock-admin2
closed
8 months ago
1
Anubis - Missing Zero Address Validation for Token Addresses
#73
sherlock-admin
closed
8 months ago
1
soliditywala - Excessive fee not returned
#72
sherlock-admin2
closed
8 months ago
14
soliditywala - Wrong check in sendMessage()
#71
sherlock-admin
closed
8 months ago
1
soliditywala - Fees can be burned due to allowing feeRecipient to be address 0
#70
sherlock-admin2
closed
8 months ago
1
bareli - Merkle tree is balanced
#69
sherlock-admin
closed
8 months ago
1
soliditywala - No cap on feePerByte
#68
sherlock-admin2
closed
8 months ago
2
bareli - Centralization Risk:
#67
sherlock-admin
closed
8 months ago
1
bareli - low-level call to transfer ETH
#66
sherlock-admin2
closed
8 months ago
1
bareli - No zero addresss verification for feeRecipient
#65
sherlock-admin
closed
8 months ago
1
Tricko - Wrong message length check in `AvailBridge.sendMessage()`.
#64
sherlock-admin2
closed
8 months ago
1
IvanFitro - AvailBridge.sol :: sendMessage() Users can submit excess fees, and the surplus is not refunded.
#63
sherlock-admin
closed
8 months ago
1
deepplus - `sendMessage` function of `AvailBridge` contract doesn't refund left ether to users.
#62
sherlock-admin2
closed
8 months ago
1
fugazzi - Data root validation is vulnerable to the second preimage attack
#61
sherlock-admin
closed
8 months ago
1
ravikiran.web3 - AvailBridge::sendAVAIL() could result in caller losing of Avail in the AvailBridge contract on Ethereum blockchain
#60
sherlock-admin2
closed
8 months ago
1
kgothatso - Contract `AvailBridge :: ` can emit events after has transaction failed
#59
sherlock-admin
closed
8 months ago
1
Anubis - Unchecked Return Value for ETH Transfers in receiveETH
#58
sherlock-admin2
closed
8 months ago
1
Anubis - Potential for Front-Running in Merkle Proof Verification
#57
sherlock-admin
closed
8 months ago
1
Anubis - Lack of Reentrancy Protection in Functions Interacting with External Contracts
#56
sherlock-admin2
closed
8 months ago
1
Anubis - Lack of Validation for newFeeRecipient in initialize Function
#55
sherlock-admin
closed
8 months ago
1
Anubis - Potential Reentrancy in Mint and Burn Functions
#54
sherlock-admin2
closed
8 months ago
1
Anubis - Lack of Zero Address Validation in Constructor
#53
sherlock-admin
closed
8 months ago
1
kgothatso - ` AvailBridge :: updateFeePerByte ` can set `feePerByte` to zero and cause DOS transaction not going through
#52
sherlock-admin2
closed
8 months ago
1
vvv - Proofs for verifyBridgeLeaf and verifyBlobLeaf methods can be swapped by specifyng crafted blobRoot and bridgeRoot in _checkDataRoot
#51
sherlock-admin
closed
8 months ago
3
kgothatso - `WrappedAvail :: constructor ` can cause `bridge` to an address that does not belong to the correct `bridge` address
#50
sherlock-admin2
closed
8 months ago
1
KiteWeb3 - ```AvailBridge::updateFeeRecipient()``` possible lost of funds (fees) for missing Zero Address Check in
#49
sherlock-admin
closed
8 months ago
1
namx05 - Missing Zero-Address Check in Constructor
#48
sherlock-admin2
closed
8 months ago
1
namx05 - Unauthorized Withdrawal Vulnerability
#47
sherlock-admin
closed
8 months ago
1
0xC - Unvalidated Input Decoding in `receiveERC20` Function in `AvailBridge` Contract
#46
sherlock-admin2
closed
8 months ago
1
0xC - Unvalidated Input Decoding in `receiveETH` Function in `AvailBridge` Contract
#45
sherlock-admin
closed
8 months ago
1
0xlamide - Overpayed fees are not refunded to user resulting in loss of funds for the user
#44
sherlock-admin2
closed
8 months ago
1
Pelz - Excess ETH sent in AvailBridge::sendMessage function not refunded back to the users
#43
sherlock-admin
closed
8 months ago
2
Pelz - Lack of Interface Validation in AvailBridge Contract
#42
sherlock-admin2
closed
8 months ago
1
ravikiran.web3 - Messages flowing from Ethereum to Avail Blockchain does not have a message consumed lock
#41
sherlock-admin
closed
8 months ago
1
Anubis - ERC20 Permit Implementation
#40
sherlock-admin2
closed
8 months ago
1
Anubis - Dependency on External Bridge
#39
sherlock-admin
closed
8 months ago
1
Anubis - Contract Upgradeability and Initialization
#38
sherlock-admin2
closed
8 months ago
1
Anubis - Message Source Authentication
#37
sherlock-admin
closed
8 months ago
1
Anubis - Fee Management and Withdrawal
#36
sherlock-admin2
closed
8 months ago
1
Anubis - Arbitrary Message and Token Transfer Verification
#35
sherlock-admin
closed
8 months ago
1
Previous
Next