sherlock-audit 2024-02-optimism-2024-judging issues

sherlock-audit / 2024-02-optimism-2024-judging

6 stars 4 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

bareli - use safetransfer instead of transfer

#151 sherlock-admin4 closed 6 months ago
1
MiloTruck - Dispute games can be resolved with uncontested claims still unresolved

#150 sherlock-admin3 closed 6 months ago
1
0xHunterBug - A bad actor can make other users lose their fund for ever.

#149 sherlock-admin2 closed 6 months ago
0
zraxx - Resolved claims can still be attacked, rendering the game permanently unsolvable.

#148 sherlock-admin4 closed 6 months ago
1
0xHunterBug - account can prevent the owner from pulling WETH

#147 sherlock-admin3 closed 6 months ago
0
0xHunterBug - Allowance front-run

#146 sherlock-admin2 closed 6 months ago
0
CodeWasp - Withdrawals may fail to finalize, permanently locking user funds

#145 sherlock-admin4 closed 6 months ago
2
KupiaSec - Incorrect clock check when resolving a claim in fault dispute game, leading to incorrect bond distribution and making attacker always right

#144 sherlock-admin3 closed 6 months ago
11
MiloTruck - Incorrect time check in `FaultDisputeGame.resolveClaim()` allows dispute games to become unresolvable

#143 sherlock-admin2 closed 6 months ago
1
bigbick123456789000 - Unauthorized parties can claim the credit intended for the designated recipient

#142 sherlock-admin4 closed 6 months ago
1
bigbick123456789000 - Possible Gas Griefing in `unlock` Function of `DelayedWETH` Contract

#141 sherlock-admin3 closed 6 months ago
1
laizy - the `initialize` function in `FaultDisputeGame` use `tx.origin` as claimant of the root claim

#140 sherlock-admin2 closed 6 months ago
4
guhu95 - Spoofing multiple dispute games for same proposal due to one sided calldata length check

#139 sherlock-admin4 closed 6 months ago
1
bigbick123456789000 - Approve/TransferFrom Race Condition in WETH98 Contract

#138 sherlock-admin3 closed 6 months ago
0
gesha17 - respectedGameType initialized in constructor, not in initializer function

#137 sherlock-admin2 closed 6 months ago
1
OMEN - IF there is reorg happen , creator of dispute game will lose funds even when it's valid root claim

#136 sherlock-admin4 closed 6 months ago
2
guhu95 - Downcasting in LibGameType.raw allows bypassing `respectedGameType` safety checks

#135 sherlock-admin3 closed 6 months ago
1
OMEN - invalid L1 head will be load if reorg happened

#134 sherlock-admin2 closed 6 months ago
2
Laksmana - Villain can call ``proveWithdrawalTransaction`` with someone's disputeGameIndex or the old disputeGameIndex

#133 sherlock-admin4 closed 6 months ago
1
peanuts - The delay set in DelayedWETH is insufficient if resolution is wrong

#132 sherlock-admin3 closed 6 months ago
1
XDZIBEC - Silent Failure in WETH Withdrawal

#131 sherlock-admin2 closed 6 months ago
1
XDZIBEC - Unvalidated Root Claim in _verifyExecBisectionRoot

#130 sherlock-admin4 closed 6 months ago
5
John_Femi - Using the unlock will disable withdrawal of funds temporarily

#129 sherlock-admin3 closed 6 months ago
2
forgebyola - Frontrunning of Approval in WETH98 may cause double spending against User

#128 sherlock-admin2 closed 6 months ago
1
MiloTruck - Changing `respectedGameType` can permanently prevent an address from proving/finalizing a withdrawal

#127 sherlock-admin4 closed 6 months ago
0
gesha17 - Malicios user can put unlimited number of duplicate entries into a proofSubmitters array when a dispute game is blacklisted

#126 sherlock-admin3 closed 6 months ago
1
MiloTruck - `calldatasize()` check in `FaultDisputeGame.initialize()` can be bypassed when `_extraData` has less bytes

#125 sherlock-admin2 closed 6 months ago
1
fibonacci - DisputeGameFactory DoS due to incorrect extra data

#124 sherlock-admin4 closed 6 months ago
0
peanuts - It is possible for an earlier claim to resolve before a later one

#123 sherlock-admin3 closed 6 months ago
5
bigbick123456789000 - Users can call `attack` and `claim` on the same claim

#122 sherlock-admin2 closed 6 months ago
1
ch13fd357r0y3r - Withdrawal transaction can be proven on In-Progress Game Status.

#121 sherlock-admin4 closed 6 months ago
12
peanuts - If a subgame has both attack and defend claims and the challenger loses, the defender of the challenger should not be able to get his bond back

#120 sherlock-admin3 closed 6 months ago
1
fibonacci - User might not be able to finalize their transaction

#119 sherlock-admin2 closed 6 months ago
41
KupiaSec - Incorrect logic around resolving claims and distributing bonds.

#118 sherlock-admin4 closed 6 months ago
2
peanuts - Players in the DisputeGame can prevent other players from getting their rewards by frontrunning resolveClaim()

#117 sherlock-admin3 closed 6 months ago
1
fibonacci - OptimismPortal2's respectedGameType property is not initialized

#116 sherlock-admin2 closed 6 months ago
1
FassiSecurity - Corrupted data when creating a new game

#115 sherlock-admin4 closed 6 months ago
2
fibonacci - OptimismPortal2 cannot be initialized

#114 sherlock-admin3 closed 6 months ago
0
FastTiger - The `FaultDisputeGame.sol#step()` function does not check whether the clock of its root has not expired.

#113 sherlock-admin2 closed 6 months ago
4
FastTiger - Due to lack of validation in the `FaultDisputeGame.sol#initialize()` function, duplicate checking in the `DisputeGameFactory.sol#create()` function can be bypassed.

#112 sherlock-admin4 closed 6 months ago
7
FastTiger - The `FaultDisputeGame.sol#step()` function is vulnerable to Front-running Attack.

#111 sherlock-admin3 closed 6 months ago
3
FastTiger - Incorrect check for withdrawal delay period in function `DelayedWETH.sol#withdraw()`

#110 sherlock-admin2 closed 6 months ago
1
0x007 - DelayedWETH.DELAY_SECONDS could be bypassed by calling resolve a long time after unlocking

#109 sherlock-admin4 closed 6 months ago
1
0x007 - extraData might not equal _extraData

#108 sherlock-admin3 closed 6 months ago
1
peanuts - Players can still withdraw their bond if the game is resolved wrongly

#107 sherlock-admin2 closed 6 months ago
1
GalloDaSballo - `resolveClaim` will not allow solving subclaims once game is `resolve`d, causing bonds to be lost

#106 sherlock-admin4 closed 6 months ago
1
ZdravkoHr. - Users transactions may become stuck after gameType upgrades

#105 sherlock-admin3 closed 6 months ago
0
Stiglitz - Fault Dispute Game is prone to front-running

#104 sherlock-admin2 closed 6 months ago
0
0xdeadbeef - `OptimismPortal2` upgrade will delay `OptimismPortal` proven withdrawals.

#103 sherlock-admin4 closed 6 months ago
2
peanuts - It is not possible to reprove a withdrawal hash if CHALLENGER_WINS

#102 sherlock-admin3 closed 6 months ago
1

Previous Next