-
Notifications
You must be signed in to change notification settings - Fork 0
Issues: code-423n4/2023-11-zetachain-findings
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
Gas Coin Setup Result In Immediate Profitable Arbitrage
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
insufficient quality report
This report is not of sufficient quality
M-01
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#580
opened Dec 18, 2023 by
c4-bot-1
QA Report
bug
Something isn't working
grade-a
Q-01
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#579
opened Dec 18, 2023 by
liveactionllama
Logs not processing because of panics
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
grade-a
insufficient quality report
This report is not of sufficient quality
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#573
opened Dec 18, 2023 by
c4-bot-4
QA Report
bug
Something isn't working
grade-a
Q-02
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#569
opened Dec 18, 2023 by
c4-bot-3
JSON-RPC DoS through Websockets
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
M-02
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#566
opened Dec 18, 2023 by
c4-bot-4
AddToInTxTracker doens't allow permissionless tx validation for Bitcoin chain, InTxTracker permissionless tx validation for Bitcoin chain will always fail
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
insufficient quality report
This report is not of sufficient quality
M-03
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#563
opened Dec 18, 2023 by
c4-bot-4
Missing Requirement Length Lead to Out of Bounds Error and Panic
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
edited-by-warden
grade-a
primary issue
Highest quality submission among a set of duplicates
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
satisfactory
satisfies C4 submission criteria; eligible for awards
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
sufficient quality report
This report is of sufficient quality
#562
opened Dec 18, 2023 by
c4-bot-3
QA Report
bug
Something isn't working
grade-a
Q-03
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#554
opened Dec 18, 2023 by
c4-bot-3
Broken Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-01
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
NonceVoter Allows Observer to Halt the Chain
3 (High Risk)
#547
opened Dec 18, 2023 by
c4-bot-6
Denial-of-Service Through UTXOs Flooding
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
grade-a
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
satisfactory
satisfies C4 submission criteria; eligible for awards
sufficient quality report
This report is of sufficient quality
#546
opened Dec 18, 2023 by
c4-bot-1
AddBlockHeader Cannot Cope with Reorgs
2 (Med Risk)
#542
opened Dec 18, 2023 by
c4-bot-10
Limited Voting Options Allow Ballot Creation Spam
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
insufficient quality report
This report is not of sufficient quality
M-05
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#536
opened Dec 18, 2023 by
c4-bot-4
Policy_Type_group1 Can Activate flags.BlockHeaderVerificationFlags
bug
#533
opened Dec 18, 2023 by
c4-bot-4
QA Report
bug
Something isn't working
grade-a
Q-05
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sufficient quality report
This report is of sufficient quality
#526
opened Dec 18, 2023 by
c4-bot-3
When reverting a cross chain tx with ERC20/native token as coinType, gas will always be underpaid due to inconsistent handling of median gasPrice
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
edited-by-warden
grade-b
Q-06
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#516
opened Dec 18, 2023 by
c4-bot-10
QA Report
bug
Something isn't working
edited-by-warden
grade-a
Q-04
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#515
opened Dec 18, 2023 by
c4-bot-10
QA Report
bug
Something isn't working
grade-b
Q-07
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sufficient quality report
This report is of sufficient quality
#512
opened Dec 18, 2023 by
c4-bot-9
PayGasFeeInZetaAndUpdateCctx() is prone to slippage, causing sender overpays the revert gas and lose returned funds
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-06
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#507
opened Dec 18, 2023 by
c4-bot-9
User not refunded for failed Zeta gas payment in cross chain transaction
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-07
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#504
opened Dec 18, 2023 by
c4-bot-4
Funds from reverted transaction may be lost/locked
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-08
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sufficient quality report
This report is of sufficient quality
#498
opened Dec 18, 2023 by
c4-bot-4
QA Report
bug
Something isn't working
grade-b
insufficient quality report
This report is not of sufficient quality
Q-08
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#488
opened Dec 18, 2023 by
c4-bot-7
QA Report
bug
Something isn't working
grade-b
Q-09
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sufficient quality report
This report is of sufficient quality
#445
opened Dec 18, 2023 by
c4-bot-10
QA Report
bug
Something isn't working
grade-b
insufficient quality report
This report is not of sufficient quality
Q-10
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#443
opened Dec 17, 2023 by
c4-bot-9
Direct WETH swap fails due to incompatibility with Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
insufficient quality report
This report is not of sufficient quality
M-09
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
ZetaTokenConsumerUniV3 & ZetaTokenConsumerPancakeV3
2 (Med Risk)
#422
opened Dec 17, 2023 by
c4-bot-4
QA Report
bug
Something isn't working
grade-a
high quality report
This report is of especially high quality
Q-11
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#421
opened Dec 17, 2023 by
c4-bot-8
Previous Next
ProTip!
What’s not been updated in a month: updated:<2024-08-21.