sherlock-audit 2024-08-tokamak-network-judging issues

sherlock-audit / 2024-08-tokamak-network-judging

1 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Remove require statement for calling paused in L2StandardBridge

#90 theo-learner opened 1 month ago
2
Add RELAY_GAS_CHECK_BUFFER_INCLUDING_APPROVAL instead of increasing RELAY_GAS_CHECK_BUFFER

#89 theo-learner opened 1 month ago
2
Use internal functions for querying nativeTokenAddress() in L1StandardBridge and L1CrossDomainMessenger

#88 nguyenzung opened 1 month ago
2
Gentle Gingham Urchin - Useless code

#87 sherlock-admin4 closed 1 month ago
0
Glamorous Tangerine Cricket - There is no check for zero amount in `StandardBridge::_initiateBridgeETH` function

#86 sherlock-admin2 closed 1 month ago
0
Tame Plum Ram - Incorrect `OptimismPortal` file being imported in `L1CrossDomainMessenger`

#85 sherlock-admin3 closed 1 month ago
0
Tame Plum Ram - Missing `L1StandardBridge::finalizeNativeTokenWithdrawal` function causes failure to finalize withdrawal of native token from L2 to L1

#84 sherlock-admin4 closed 1 month ago
0
Albort - • If the value of deposits[_localToken][_remoteToken] is insufficient, it can result in an underflow, causing the transaction to revert.

#83 sherlock-admin3 opened 1 month ago
0
Albort - The unsafe token-to-validation process

#82 sherlock-admin2 opened 1 month ago
0
wellbyt3 - bridgeERC20 withdraws get nativeToken stuck on L2

#81 sherlock-admin4 opened 1 month ago
0
0xlucky - User will lost their bridged funds through bridgeNativeToken() in Standardbridge.sol , if user using account abstraction wallet / multisig

#80 sherlock-admin3 opened 1 month ago
0
Demhack - Attacker will exploit reentrancy vulnerability to relay messages multiple times

#79 sherlock-admin4 closed 1 month ago
0
Demhack - Attacker will exploit unchecked `_value` to steal funds from the protocol

#78 sherlock-admin2 closed 1 month ago
0
Albort - Lack of Access Control in `finalizeDeposit`

#77 sherlock-admin4 opened 1 month ago
0
speedy78214 - Improper initialization of `L1StandardBridge` will disable bridging `ETH` until at least one other asset is bridged

#76 sherlock-admin3 opened 1 month ago
0
Albort - Reentrancy leading to the unintended retention of token approvals, which can result in unauthorized token transfers

#75 sherlock-admin2 opened 1 month ago
0
jsmi - `L11CrossDomainMessenger::sendMessage()` doesn't check `_minGasLimit`.

#74 sherlock-admin4 opened 1 month ago
0
0x73696d616f - Base gas is not updated which will lead to failed l2 -> l1 message

#73 sherlock-admin3 opened 1 month ago
0
oxchryston - Calling the initialize function in the constructor() while passing address(0) as parameters will render contract unusable.

#72 sherlock-admin2 opened 1 month ago
0
10ap17 - Bridge finalization failure due to incorrect deposit accounting

#71 sherlock-admin4 opened 1 month ago
0
IzuMan - `Paused Bridge` will allow `Users` to Initiate a bridge and `Lock Funds` In the Bridge

#70 sherlock-admin3 opened 1 month ago
0
TessKimy - New `relayMessage()` implementation on L1 cross domain messenger can cause messages unreplayable even if it's failed

#69 sherlock-admin2 opened 1 month ago
0
CodeDesignz - [M-1] `L1CrossDomainMessenger::_sendNativeTokenMessage` has no check for `_amount` value 0, resulting in the `relayMessage` to trigger even for the 0 value

#68 sherlock-admin4 opened 1 month ago
0
CodeDesignz - [H-1] `OptimismPortal2::depositTransaction` function does not have access control, opening it up to bypass the protocol checks and deposit tokens on `OptimismPortal2` contract

#67 sherlock-admin3 opened 1 month ago
0
agent3bood - Attacker will mint more tokens on L2 than deposited on L1

#66 sherlock-admin2 opened 1 month ago
0
oxchryston - `Gasgriefing` due to lack of check for paused contract in `L1StandardBridge.sol` and `L2StandardBridge.sol`

#65 sherlock-admin4 opened 1 month ago
0
SyncCode2017 - No validation of resolveData allowing an attacker to resolve challenges with invalid data and earn locked funds.

#64 sherlock-admin3 opened 1 month ago
0
OMEN - Gas Abuse in Cross-Chain Messaging

#63 sherlock-admin2 opened 1 month ago
0
importDev0x - Smart contract users can Bridge ETH or ERC20 tokens from their account to themselves with `bridgeETHTo` and `bridgeERC20To` functions

#62 sherlock-admin4 opened 1 month ago
0
0xDemon - Bridges can be frontrun by malicious actors

#61 sherlock-admin3 opened 1 month ago
0
ChainPatrol - Gas usage of cross-chain messages is undercounted, causing discrepancy between L1 and L2 and impacting intrinsic gas calculation

#60 sherlock-admin2 opened 1 month ago
0
mgf15 - Deposits from L1 to L2 using L1CrossDomainMessenger will fail when L2CrossDomainMessenger is paused

#59 sherlock-admin4 opened 1 month ago
0
eta - Using `tx.origin` to Determine `Constants.ESTIMATION_ADDRESS` Exposes Contract to Attack

#58 sherlock-admin3 opened 1 month ago
0
nikhilx0111 - initiate bridge will always revert incase of a eth price dip

#57 sherlock-admin4 closed 1 month ago
0
Mahi_Vasisth - Misleading `Payable` Function with Restrictive `msg.value` Check in `L1CrossDomainMessenger`

#56 sherlock-admin3 opened 1 month ago
0
eta - Unverified Cross-Chain Token and Messages Allow Manipulation and Financial Loss

#55 sherlock-admin2 opened 1 month ago
0
ChainPatrol - contract with only `IOptimismMintableERC20` interface is not compatible with `StandardBridge`

#54 sherlock-admin4 opened 1 month ago
0
OMEN - Re-proving Withdrawals in Optimism Portal

#53 sherlock-admin3 opened 1 month ago
0
ChainPatrol - Unauthorized Fund Transfers via Manipulated Metadata in `finalizeWithdrawalTransactionExternalProof`

#52 sherlock-admin2 opened 1 month ago
0
KingNFT - Users might permanently lose their fund while depositing from L1 -> L2 with long messages

#51 sherlock-admin4 opened 1 month ago
0
Mahi_Vasisth - `paused` Function Of `StandardBridge` Always Returns False, Ignoring Bridge Pause State

#50 sherlock-admin3 opened 1 month ago
0
GGONE - Gas Overestimation May Lead to Transaction Rejection

#49 sherlock-admin2 opened 1 month ago
0
Spomaria - The `StandardBridge::finalizeBridgeERC20` function reverts for tokens that are not optimism mintable leading to loss of user funds

#48 sherlock-admin4 opened 1 month ago
0
obront - `RELAY_RESERVED_GAS` may be insufficient for post-call processing on Cross Domain Messenger

#47 sherlock-admin3 opened 1 month ago
0
obront - `onApprove()` can force accidental contract creation

#46 sherlock-admin2 opened 1 month ago
0
obront - `seigManager` on `L2NativeToken` can cause withdrawals to revert, losing funds

#45 sherlock-admin4 opened 1 month ago
0
obront - L2 to L1 messages to a `fallback()` function will be skipped

#44 sherlock-admin3 opened 1 month ago
0
obront - All native token withdrawals to EOA will fail

#43 sherlock-admin2 opened 1 month ago
0
obront - Pausable native token can lead to lost withdrawals

#42 sherlock-admin4 opened 1 month ago
0
obront - Withdrawals can be bricked due to gas calculation underflow

#41 sherlock-admin3 opened 1 month ago
0