issues
search
sherlock-audit
/
2024-08-tokamak-network-judging
1
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
obront - Users can abuse callbacks in Native Token to get mispriced deposits, wasting L2 blockspace
#40
sherlock-admin2
opened
3 weeks ago
0
obront - L1 contract can evade aliasing, spoofing unowned L2 address
#39
sherlock-admin4
opened
3 weeks ago
1
GGONE - Balance Underflow Vulnerability in MemoryStateDB: Allowing Negative Balances
#38
sherlock-admin3
opened
3 weeks ago
0
dagos - finalizeBridgeETH() and finalizeBridgeERC20() Functions Fail Because xDomainMsgSender variable Remains at Default Value
#37
sherlock-admin2
opened
3 weeks ago
0
GGONE - Gas Estimation and Insufficient Buffer in CrossDomainMessenger May Lead to Fund Loss
#36
sherlock-admin4
opened
3 weeks ago
0
TessKimy - Deposits from `onApprove()` always reverts at L2 if target is equal to L2 Bridge and it makes native token stuck at L1
#35
sherlock-admin3
opened
3 weeks ago
0
newspacexyz - Attacker Can Steal ERC20 tokens via Fake Nonces
#34
sherlock-admin2
opened
3 weeks ago
0
0x46 - Will not approve due to not zero allowance
#33
sherlock-admin4
opened
3 weeks ago
0
GGONE - Revert on Insufficient Gas in CrossDomainMessenger May Lead to Irrecoverable Fund Loss
#32
sherlock-admin3
opened
3 weeks ago
0
GGONE - Incorrect Gas Calculation During Cross-Chain Message Packing Leading to Underpayment by Users
#31
sherlock-admin2
opened
3 weeks ago
0
dany.armstrong90 - Tokens for failed V0 messages will be locked forever.
#30
sherlock-admin4
opened
3 weeks ago
0
albahaca0000 - Replay Attack Vulnerability in `relayMessage` Function
#29
sherlock-admin3
opened
3 weeks ago
0
azanux - H1 - Wrong implementation of upgradeable Initializable.sol in L1CrossDomainMessenger
#28
sherlock-admin2
opened
3 weeks ago
0
albahaca0000 - Incorrect msg.sender Check in Token Approval Callback
#27
sherlock-admin4
opened
3 weeks ago
0
KingNFT - L2 -> L1 messages might get stuck due to incorrect gas check in ````L1CrossDomainMessenger.relayMessage()````
#26
sherlock-admin3
opened
3 weeks ago
1
0x40 - DOS on finalizeETHWithdrawal()::L1StandardBridge.sol when recipient cannot receive ETH (Deny Of Service)
#25
sherlock-admin2
opened
3 weeks ago
0
0xastronatey - Tokens May Become Stuck in relayMessage When Target Cannot Retrieve Them
#24
sherlock-admin4
opened
3 weeks ago
0
0xastronatey - NFTs Can Become Stuck Due to Paused NFT Contracts During Withdrawal
#23
sherlock-admin3
opened
3 weeks ago
0
0xastronatey - Bridge Insolvency Risk from Deflationary or Fee-on-Transfer Tokens
#22
sherlock-admin2
opened
3 weeks ago
0
ChainPatrol - DoS in `relayMessage` function
#21
sherlock-admin4
opened
3 weeks ago
0
_karanel - Users will never receive `ETH` on L2 after bridging from L1
#20
sherlock-admin3
opened
3 weeks ago
0
KingNFT - Incorrect address aliasing while deposit transacton by ````onApprove()````
#19
sherlock-admin2
opened
3 weeks ago
0
_karanel - `OptimismPortal2` contract accepts ETH deposits which breaks an invariant of the protocol
#18
sherlock-admin4
opened
3 weeks ago
0
KingNFT - Governance manipulation attack on ````NativeTokens````
#17
sherlock-admin3
opened
3 weeks ago
0
0xlrivo - Smart contract addresses can bypass address aliasing via OptimismPortal2:onApprove()
#16
sherlock-admin2
opened
3 weeks ago
0
haxagon - Large messages can be permanently be lost due to unaccounted gas costs
#15
sherlock-admin4
opened
3 weeks ago
0
haxagon - Address aliasing will not be applied if a contract calls `approveAndCall` directly on the portal allowing for impersonation attacks on L2
#14
sherlock-admin3
opened
3 weeks ago
0
JuggerNaut63 - Address Aliasing Mismanagement in `depositTransaction` Leading to Potential Loss of Funds
#13
sherlock-admin2
opened
3 weeks ago
0
JuggerNaut63 - Gas Limit Misconfiguration Risk Causing Permanent Asset Lock in Cross-Layer Transfers
#12
sherlock-admin4
opened
3 weeks ago
0
JuggerNaut63 - Cross-Chain Message Lockup and Replay Vulnerability
#11
sherlock-admin3
opened
3 weeks ago
0
JuggerNaut63 - Excessive Token Withdrawal in ERC20 Bridging Finalization
#10
sherlock-admin2
opened
3 weeks ago
0
JuggerNaut63 - Absence of Pause Mechanism in Critical Bridging Functions
#9
sherlock-admin4
opened
3 weeks ago
0
0x416 - Fund in portal or messager can be stolen in case native token changes
#8
sherlock-admin3
opened
3 weeks ago
0
0x416 - Fund can be locked in OptimismPortal or Cross chain messager
#7
sherlock-admin2
opened
3 weeks ago
0
0x416 - Lack of consideration for external call gas cost when computing min gas amount when sending message
#6
sherlock-admin4
opened
3 weeks ago
0
0x416 - Address aliasing protection is bypassed for smart contract that triggers approveAndCall
#5
sherlock-admin3
opened
3 weeks ago
0
Kalogerone - Some standard tokens will always revert when calling the `approve` function with 0 amount
#4
sherlock-admin2
opened
3 weeks ago
0
0xastronatey - Incorrect Calldata Gas Estimation Could Lead to Some Deposits Failing Unexpectedly
#3
sherlock-admin4
opened
3 weeks ago
0
0xastronatey - Cross Domain Messengers Can Fail in Relaying a Message
#2
sherlock-admin3
opened
3 weeks ago
0
justAWanderKid - Loss of Tokens if Recipient is EOA During L2-to-L1 Bridging
#1
sherlock-admin2
opened
3 weeks ago
0
Previous