sherlock-audit 2024-09-orderly-network-solana-contract-judging issues

sherlock-audit / 2024-09-orderly-network-solana-contract-judging

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Fit Canvas Pangolin - In the _lzSend() function call, the _refundAddress is incorrectly set to address(this).

#126 sherlock-admin2 opened 4 days ago
0
Fit Canvas Pangolin - The Vault contract on the Solana side lacks a method for withdrawing fees.

#125 sherlock-admin2 opened 4 days ago
0
Droll Cider Armadillo - Fees is not tabulated properly in oapp_lz_receive.rs

#124 sherlock-admin4 opened 4 days ago
0
Droll Cider Armadillo - reinit_oapp will not work after resetting oapp

#123 sherlock-admin4 opened 4 days ago
0
Silly Amber Shell - An attacker can repeatedly DoS `SolConnector` by sending maliciously deposit requests

#122 sherlock-admin4 opened 4 days ago
0
Silly Amber Shell - Excess fees refunded by endpoint will be stuck in `solana-vault` as it has no instructions to transfer them out

#121 sherlock-admin2 opened 4 days ago
0
Silly Amber Shell - Excess fees refunded by endpoint will be stuck in `SolConnector` as it has no function to transfer them out

#120 sherlock-admin3 opened 4 days ago
0
Silly Amber Shell - Attacker can copy valid message and call `solana-vault::oapp_lz_receive` with arbitrary accounts allowing him to steal tokens from `vault_deposit_wallet`

#119 sherlock-admin3 opened 4 days ago
0
Sleepy Seaweed Chinchilla - eth will be lost in _lzSend

#118 sherlock-admin3 opened 4 days ago
0
Harsh Pine Octopus - Excessive message fees may get stuck in `SolConnector` contract during cross-chain message sending

#117 sherlock-admin4 opened 4 days ago
0
Harsh Pine Octopus - Missing `msg.value` verification in `lzReceive` enables undervaluation exploit

#116 sherlock-admin2 opened 4 days ago
0
Jovial Lilac Sloth - Using `unwrap()` on `ParsePubkeyError::WrongSize` will cause a panic

#115 sherlock-admin2 opened 4 days ago
0
Droll Cider Armadillo - reset_vault.rs and reinit_vault.rs does not work as intended

#114 sherlock-admin2 opened 4 days ago
0
Droll Cider Armadillo - oappConfig init can be called multiple times to take control of the admin

#113 sherlock-admin2 opened 4 days ago
0
Jovial Lilac Sloth - The improper verification of the array parameter in `LzMessage::decode` will cause a panic

#112 sherlock-admin4 opened 4 days ago
0
Sunny Syrup Worm - Uninitialized Accounts Cause Reverts in `solana_vault::lz_receive`

#111 sherlock-admin4 opened 4 days ago
0
Raspy Seaweed Bear - Ordering Requirement of Nonces Leads to DoS on Solana

#110 sherlock-admin4 opened 4 days ago
0
Raspy Seaweed Bear - Ordering Requirement of Nonces Leads to DoS on Orderly chain

#109 sherlock-admin4 opened 4 days ago
0
Radiant Punch Dalmatian - SolConnector is not using whenPaused and whenNotPaused modifiers for withdrawals

#108 sherlock-admin2 opened 4 days ago
0
Sunny Syrup Worm - Incorrect Constraint in SetPeer Hinders Admin Updates During Peer Changes

#107 sherlock-admin3 opened 4 days ago
0
Plain Corduroy Goblin - Protocol Fund Drain via LayerZero Fee Exhaustion Through Invalid Cross-Chain Withdrawals

#106 sherlock-admin4 opened 4 days ago
0
Sunny Syrup Worm - `oapp_quote` Always Applies `Send-and-Call` Option, Leading to Higher Fee Estimates

#105 sherlock-admin2 opened 4 days ago
0
Sunny Syrup Worm - Flaw in Token Validation Process Allows Users to Deposit Unauthorized Tokens for Authorized Tokens

#104 sherlock-admin3 opened 4 days ago
0
Radiant Punch Dalmatian - Incorrect implementation of quote instruction leads users to pay extra fees for deposits

#103 sherlock-admin4 opened 4 days ago
0
Radiant Punch Dalmatian - ReinitOApp function does not allow setting new endpoint program

#102 sherlock-admin2 opened 4 days ago
0
Petite Pecan Starfish - fees will be locked in vault

#101 sherlock-admin3 opened 4 days ago
0
Sunny Syrup Worm - Unchecked `deposit_token` Allows Malicious Token Substitution During Withdrawals

#100 sherlock-admin4 opened 4 days ago
0
Orbiting Tweed Shell - A malicious user can withdrawals another user's money

#99 sherlock-admin2 opened 4 days ago
0
Plain Corduroy Goblin - Cross-Chain Balance Invariant Vulnerability in Orderly Network's LayerZero Configuration Due to Reorg

#98 sherlock-admin3 opened 4 days ago
0
Sunny Syrup Worm - Inadequate User Verification Allows Unauthorized Token Redirection

#97 sherlock-admin4 opened 4 days ago
1
Fit Canvas Pangolin - The absence of the addExecutorOrderedExecutionOption parameter causes the ordered delivery mode to fail.

#96 sherlock-admin2 opened 4 days ago
0
Fit Canvas Pangolin - In the deposit() function, due to the lack of a check on deposit_token, an attacker can use the Mint of any token to replace the Mint of USDC.

#95 sherlock-admin3 opened 4 days ago
0
Fit Canvas Pangolin - Issue with Closing the Account on solana

#94 sherlock-admin4 opened 4 days ago
0
Plain Corduroy Goblin - Attacker will drain vault assets through token validation bypass

#93 sherlock-admin2 opened 4 days ago
0
Broad Pecan Pheasant - Insufficient Access Control on OAppConfig Initialization

#92 sherlock-admin3 opened 4 days ago
0
Broad Pecan Pheasant - Unauthorized Deposit into Another User's Vault

#91 sherlock-admin4 opened 4 days ago
0
Fit Mango Moose - Malicious user user can aviod paying LZ fees and steal other users excess fees

#90 sherlock-admin2 opened 4 days ago
0
Dizzy Green Mantis - Inconsistent `AccountDepositSol` struct in `ILedger.sol` and `msd_codec.rs`

#89 sherlock-admin3 opened 4 days ago
0
Fit Mango Moose - Excess fees are not sent back and stuck in SolConnector.sol

#88 sherlock-admin4 opened 4 days ago
0
Petite Pecan Starfish - admin cannot reinit oappConfig

#87 sherlock-admin2 opened 4 days ago
0
Petite Pecan Starfish - users can withdraw disallowed tokens

#86 sherlock-admin3 opened 4 days ago
0
Petite Pecan Starfish - malicious user can drain solana vault

#85 sherlock-admin4 opened 4 days ago
0
Petite Pecan Starfish - admin cannot update peer address

#84 sherlock-admin2 opened 4 days ago
0
Petite Pecan Starfish - users can deposit more than expected in rate limiter

#83 sherlock-admin3 opened 4 days ago
0
Petite Pecan Starfish - users lose their assets if their withdraw token amount be greater than uint64.max

#82 sherlock-admin4 opened 4 days ago
0
Petite Pecan Starfish - admin cannot sweep left over assets in solconnector

#81 sherlock-admin2 opened 4 days ago
0
Immense Rouge Goose - Invalid Tokens are allowed to be deposited into the Vault

#80 sherlock-admin3 opened 4 days ago
0
Fit Canvas Pangolin - The SolConnector::withdraw() function is missing the whenNotPaused modifier.

#79 sherlock-admin4 opened 4 days ago
0
Immense Rouge Goose - Any One Can Withdraw from the Vault When It has funds

#78 sherlock-admin2 opened 4 days ago
0
Uneven Opaque Cottonmouth - Attacker will bridge fake tokens to Orderly for USDC

#77 sherlock-admin3 opened 4 days ago
0

Previous Next