issues
search
sherlock-audit
/
2024-02-optimism-2024-judging
6
stars
4
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Trust - Loss of bond amounts on re-org attacks
#201
sherlock-admin3
opened
7 months ago
14
MiloTruck - Leftmost claim incentives can be abused to steal bonds from honest parties
#200
sherlock-admin2
closed
6 months ago
2
Trust - Threat of unlimited parallelized games undermine core properties of the dispute game
#199
sherlock-admin4
closed
6 months ago
2
Trust - Loss of bonds and the game due to wrong assumption in resolveClaim()
#198
sherlock-admin3
closed
6 months ago
1
Trust - The in-game chess clock runs incorrectly, counting the seconds spend in favor of the non-answering team and leading to incorrect resolutions.
#197
sherlock-admin2
closed
6 months ago
1
shealtielanz - The Proxy Admin Owner is not able to upgrade smart contracts that sit behind a `Proxy contract` as stated in the Q&A.
#196
sherlock-admin4
closed
6 months ago
0
Trust - An attacker can cause temporary freeze of funds to a participant in the FaultDisputeGame
#195
sherlock-admin3
closed
6 months ago
8
Trust - Theft of initial bonds from proposers who are using smart wallets
#194
sherlock-admin2
opened
7 months ago
30
Trust - M - The safety mechanism of the DelayedWETH contract can be bypassed
#193
sherlock-admin4
closed
6 months ago
56
Trust - The respectedGameType is not initialized leading to unsactioned game types being respected
#192
sherlock-admin3
closed
6 months ago
1
gesha17 - User can frontrun call to setInitBond() whenever a new gameImpl is introduced and create dispute games without paying bonds
#191
sherlock-admin2
closed
6 months ago
0
Shield - Withdrawal proving and withdrawal finalization can be executed in two different `respectedGameTypes`
#190
sherlock-admin4
closed
6 months ago
1
FonDevs - Incorrect check if the calldatasize is too large when creating a new `GameType`
#189
sherlock-admin3
closed
6 months ago
1
0xDjango - ETH Bonds at the lowest depth of their respective path can be frozen
#188
sherlock-admin2
closed
6 months ago
1
jasonxiale - No Storage Gap for Upgradeable Contracts
#187
sherlock-admin4
closed
6 months ago
1
0xdeadbeef - Proven but not finalized withdrawals need to be re-proved when a new respected game type is changed
#186
sherlock-admin3
closed
6 months ago
0
shealtielanz - EOA's depositing on L2 will lose their funds if they do not control same address on L2.
#185
sherlock-admin2
closed
6 months ago
1
aycozynfada - Missing msg.value Check in depositTransaction Function
#184
sherlock-admin4
closed
6 months ago
0
FonDevs - `respectedGameType` is set in the constructor and not in the initializer function
#183
sherlock-admin3
closed
6 months ago
1
AllTooWell - If the game resolution logic is wrong, there is no way to start game again in the same game type
#182
sherlock-admin2
closed
6 months ago
0
bareli - wrong implement of "findLatestGames" function.
#181
sherlock-admin4
closed
6 months ago
1
lemonmon - `AnchorStateRegistry` does not have the mechanism to invalidate game result
#180
sherlock-admin3
closed
6 months ago
0
tsvetanovv - The `depositTransaction()` function will often revert even when `_gasLimit` is sufficient because `minimumGasLimit()` is not calculated correctly
#179
sherlock-admin2
closed
6 months ago
1
nuthan2x - Users cannot create a new game or proposal if the old game is blacklisted
#178
sherlock-admin4
closed
6 months ago
1
CodeWasp - DelayedWETH unlocking may lead to DoS / perpetual locking of funds
#177
sherlock-admin3
closed
6 months ago
0
CodeWasp - Bonds at `MAX_GAME_DEPTH`` can be irrevocably locked
#176
sherlock-admin2
closed
6 months ago
9
guhu95 - New dispute game cannot be created for the same root claim with a different L1 parent hash
#175
sherlock-admin4
closed
6 months ago
2
shealtielanz - Malicious users can bypass Optimism's air-gaps by manipulating Immutable arguments in their fault dispute game proxies.
#174
sherlock-admin3
closed
6 months ago
0
rvierdiiev - DelayedWETH.unlock extends existing lock
#173
sherlock-admin2
closed
6 months ago
0
thisvishalsingh - Inadequate Access Control in `unlock` Function Leading to Griefing and State Bloat
#172
sherlock-admin4
closed
6 months ago
1
lemonmon - `OptimismPortal2` not initialized `respectedGameTypeUpdatedAt` will allow games created before the upgrade
#171
sherlock-admin3
closed
6 months ago
1
lemonmon - `LibGameType:raw` will unsafely cast resulting in incorrect comparison between GameTypes
#170
sherlock-admin2
closed
6 months ago
1
darkbit - Guardian can override accepted valid withdrawals after PROOF_MATURITY_DELAY_SECONDS and DISPUTE_GAME_FINALITY_DELAY_SECONDS passed
#169
sherlock-admin4
closed
6 months ago
0
lemonmon - `FaultDisputeGame:move` can be called after `resolveClaim` makes the game unable to be resolved
#168
sherlock-admin3
closed
6 months ago
3
guhu95 - Uninitialized `respectedGameType` may cause game type mismatch and fraudulent proofs
#167
sherlock-admin2
closed
6 months ago
1
MiloTruck - Deploying dispute games with `CREATE` makes it susceptible to L1 re-orgs
#166
sherlock-admin4
closed
6 months ago
1
bareli - wrong calling initialize function to "address(0)"
#165
sherlock-admin3
closed
6 months ago
0
lemonmon - `FaultDisputeGame`: The bond will be locked if the leaf is not resolved before the entire `resolve`
#164
sherlock-admin2
closed
6 months ago
9
bareli - "Withdrawal Logic issue"
#163
sherlock-admin4
closed
6 months ago
1
MiloTruck - L1 re-orgs could cause `FaultDisputeGame.move()` to be executed on the wrong parent claim
#162
sherlock-admin3
closed
6 months ago
1
0xdeadbeef - Guardian role can be abused to delay withdrawals even when replaced
#161
sherlock-admin2
closed
6 months ago
10
ch13fd357r0y3r - Fake or Empty proof can be validated successfully on `step()` function
#160
sherlock-admin4
closed
6 months ago
4
lemonmon - A duplicate dispute game may be created for the same output proposal due to an issue inside `FaultDisputeGame.initialize()`
#159
sherlock-admin3
closed
6 months ago
1
ZanyBonzy - Users can avoid withdrawal delay time after first request.
#158
sherlock-admin2
closed
6 months ago
3
guhu95 - Blacklisting a malfunctioning game may still prevent reproving if `status()` reverts
#157
sherlock-admin4
closed
6 months ago
15
0xHunterBug - Agreement Misinterpretation in Step Function Causes Dispute Resolution Issues
#156
sherlock-admin3
closed
6 months ago
1
joshuajee - Return status from call in the `finalizeWithdrawalTransactionExternalProof` is not properly checked meaning the `call` can fail, without being reverted
#155
sherlock-admin2
closed
6 months ago
0
CodeWasp - Non-upgradable Guardian will render the system inoperable in case of compromise
#154
sherlock-admin4
closed
6 months ago
0
Z3R0 - Withdrawal Delay Improperly Enforced
#153
sherlock-admin3
closed
6 months ago
1
MiloTruck - `DisputeGameFactory.create()` does not protect against L1 re-orgs
#152
sherlock-admin2
closed
6 months ago
1
Previous
Next