sherlock-audit 2024-08-tokamak-network-judging issues

sherlock-audit / 2024-08-tokamak-network-judging

1 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

obront - Users can abuse callbacks in Native Token to get mispriced deposits, wasting L2 blockspace

#40 sherlock-admin2 opened 3 weeks ago
0
obront - L1 contract can evade aliasing, spoofing unowned L2 address

#39 sherlock-admin4 opened 3 weeks ago
1
GGONE - Balance Underflow Vulnerability in MemoryStateDB: Allowing Negative Balances

#38 sherlock-admin3 opened 3 weeks ago
0
dagos - finalizeBridgeETH() and finalizeBridgeERC20() Functions Fail Because xDomainMsgSender variable Remains at Default Value

#37 sherlock-admin2 opened 3 weeks ago
0
GGONE - Gas Estimation and Insufficient Buffer in CrossDomainMessenger May Lead to Fund Loss

#36 sherlock-admin4 opened 3 weeks ago
0
TessKimy - Deposits from `onApprove()` always reverts at L2 if target is equal to L2 Bridge and it makes native token stuck at L1

#35 sherlock-admin3 opened 3 weeks ago
0
newspacexyz - Attacker Can Steal ERC20 tokens via Fake Nonces

#34 sherlock-admin2 opened 3 weeks ago
0
0x46 - Will not approve due to not zero allowance

#33 sherlock-admin4 opened 3 weeks ago
0
GGONE - Revert on Insufficient Gas in CrossDomainMessenger May Lead to Irrecoverable Fund Loss

#32 sherlock-admin3 opened 3 weeks ago
0
GGONE - Incorrect Gas Calculation During Cross-Chain Message Packing Leading to Underpayment by Users

#31 sherlock-admin2 opened 3 weeks ago
0
dany.armstrong90 - Tokens for failed V0 messages will be locked forever.

#30 sherlock-admin4 opened 3 weeks ago
0
albahaca0000 - Replay Attack Vulnerability in `relayMessage` Function

#29 sherlock-admin3 opened 3 weeks ago
0
azanux - H1 - Wrong implementation of upgradeable Initializable.sol in L1CrossDomainMessenger

#28 sherlock-admin2 opened 3 weeks ago
0
albahaca0000 - Incorrect msg.sender Check in Token Approval Callback

#27 sherlock-admin4 opened 3 weeks ago
0
KingNFT - L2 -> L1 messages might get stuck due to incorrect gas check in ````L1CrossDomainMessenger.relayMessage()````

#26 sherlock-admin3 opened 3 weeks ago
1
0x40 - DOS on finalizeETHWithdrawal()::L1StandardBridge.sol when recipient cannot receive ETH (Deny Of Service)

#25 sherlock-admin2 opened 3 weeks ago
0
0xastronatey - Tokens May Become Stuck in relayMessage When Target Cannot Retrieve Them

#24 sherlock-admin4 opened 3 weeks ago
0
0xastronatey - NFTs Can Become Stuck Due to Paused NFT Contracts During Withdrawal

#23 sherlock-admin3 opened 3 weeks ago
0
0xastronatey - Bridge Insolvency Risk from Deflationary or Fee-on-Transfer Tokens

#22 sherlock-admin2 opened 3 weeks ago
0
ChainPatrol - DoS in `relayMessage` function

#21 sherlock-admin4 opened 3 weeks ago
0
_karanel - Users will never receive `ETH` on L2 after bridging from L1

#20 sherlock-admin3 opened 3 weeks ago
0
KingNFT - Incorrect address aliasing while deposit transacton by ````onApprove()````

#19 sherlock-admin2 opened 3 weeks ago
0
_karanel - `OptimismPortal2` contract accepts ETH deposits which breaks an invariant of the protocol

#18 sherlock-admin4 opened 3 weeks ago
0
KingNFT - Governance manipulation attack on ````NativeTokens````

#17 sherlock-admin3 opened 3 weeks ago
0
0xlrivo - Smart contract addresses can bypass address aliasing via OptimismPortal2:onApprove()

#16 sherlock-admin2 opened 3 weeks ago
0
haxagon - Large messages can be permanently be lost due to unaccounted gas costs

#15 sherlock-admin4 opened 3 weeks ago
0
haxagon - Address aliasing will not be applied if a contract calls `approveAndCall` directly on the portal allowing for impersonation attacks on L2

#14 sherlock-admin3 opened 3 weeks ago
0
JuggerNaut63 - Address Aliasing Mismanagement in `depositTransaction` Leading to Potential Loss of Funds

#13 sherlock-admin2 opened 3 weeks ago
0
JuggerNaut63 - Gas Limit Misconfiguration Risk Causing Permanent Asset Lock in Cross-Layer Transfers

#12 sherlock-admin4 opened 3 weeks ago
0
JuggerNaut63 - Cross-Chain Message Lockup and Replay Vulnerability

#11 sherlock-admin3 opened 3 weeks ago
0
JuggerNaut63 - Excessive Token Withdrawal in ERC20 Bridging Finalization

#10 sherlock-admin2 opened 3 weeks ago
0
JuggerNaut63 - Absence of Pause Mechanism in Critical Bridging Functions

#9 sherlock-admin4 opened 3 weeks ago
0
0x416 - Fund in portal or messager can be stolen in case native token changes

#8 sherlock-admin3 opened 3 weeks ago
0
0x416 - Fund can be locked in OptimismPortal or Cross chain messager

#7 sherlock-admin2 opened 3 weeks ago
0
0x416 - Lack of consideration for external call gas cost when computing min gas amount when sending message

#6 sherlock-admin4 opened 3 weeks ago
0
0x416 - Address aliasing protection is bypassed for smart contract that triggers approveAndCall

#5 sherlock-admin3 opened 3 weeks ago
0
Kalogerone - Some standard tokens will always revert when calling the `approve` function with 0 amount

#4 sherlock-admin2 opened 3 weeks ago
0
0xastronatey - Incorrect Calldata Gas Estimation Could Lead to Some Deposits Failing Unexpectedly

#3 sherlock-admin4 opened 3 weeks ago
0
0xastronatey - Cross Domain Messengers Can Fail in Relaying a Message

#2 sherlock-admin3 opened 3 weeks ago
0
justAWanderKid - Loss of Tokens if Recipient is EOA During L2-to-L1 Bridging

#1 sherlock-admin2 opened 3 weeks ago
0