-
Notifications
You must be signed in to change notification settings - Fork 0
Issues: code-423n4/2024-06-thorchain-validation
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
QA Report
bug
Something isn't working
edited-by-warden
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sufficient quality report
This report is of sufficient quality
#233
opened Jun 12, 2024 by
c4-bot-10
QA Report
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sufficient quality report
This report is of sufficient quality
#231
opened Jun 12, 2024 by
c4-bot-5
QA Report
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sufficient quality report
This report is of sufficient quality
#230
opened Jun 12, 2024 by
c4-bot-5
QA Report
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sufficient quality report
This report is of sufficient quality
#219
opened Jun 12, 2024 by
c4-bot-2
Calling Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
🤖_12_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
_transferOutAndCallV5 function is always DOS'ed for all vaults when corresponding ERC20 token is a fee-on-transfer token, such as STA
2 (Med Risk)
#199
opened Jun 12, 2024 by
c4-bot-5
aggregationPayload.fromAmount of an ERC20 token can be lost when calling _transferOutAndCallV5 function for such token if target aggregator's swapOutV5 function call reverts
3 (High Risk)
#198
opened Jun 12, 2024 by
c4-bot-7
QA Report
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sufficient quality report
This report is of sufficient quality
#192
opened Jun 12, 2024 by
c4-bot-6
ThorChain will be informed wrongly about the unsuccessful ETH transfers due to the incorrect events emissions
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
🤖_03_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
#191
opened Jun 12, 2024 by
c4-bot-9
looping through the whiteList aggregator even though disableWhitelist=1
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
🤖_primary
AI based primary recommendation
sufficient quality report
This report is of sufficient quality
#187
opened Jun 12, 2024 by
c4-bot-1
QA Report
bug
Something isn't working
edited-by-warden
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sufficient quality report
This report is of sufficient quality
#161
opened Jun 12, 2024 by
c4-bot-1
[H-02] Incorrect recipient inside Assets can be stolen/lost/compromised directly
bug
Something isn't working
edited-by-warden
🤖_12_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
THORChain_Router::_transferOutAndCallV5, leading to sending gas asset to the payload target, not the recipient
3 (High Risk)
#155
opened Jun 12, 2024 by
c4-bot-7
The Assets can be stolen/lost/compromised directly
bug
Something isn't working
🤖_19_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
TransferOutAndCallV5 event is not caught by smartcontract_log_parser.go
3 (High Risk)
#121
opened Jun 11, 2024 by
c4-bot-9
Gas Price Overestimation Due to Incorrect Standard Deviation Calculation.
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
🤖_primary
AI based primary recommendation
sufficient quality report
This report is of sufficient quality
#108
opened Jun 11, 2024 by
c4-bot-10
Bifrost Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
edited-by-warden
🤖_primary
AI based primary recommendation
🤖_18_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
risk of griefing attack due to missing early exit path for transferOutAndCall
2 (Med Risk)
#83
opened Jun 10, 2024 by
c4-bot-3
smartcontract_log_parser.go client is setting Assets can be stolen/lost/compromised directly
bug
Something isn't working
edited-by-warden
🤖_04_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
isVaultTransfer to true in the vaultTransferEvent case
3 (High Risk)
#69
opened Jun 10, 2024 by
c4-bot-1
QA Report
bug
Something isn't working
edited-by-warden
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sufficient quality report
This report is of sufficient quality
#62
opened Jun 10, 2024 by
c4-bot-5
QA Report
bug
Something isn't working
edited-by-warden
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sufficient quality report
This report is of sufficient quality
#46
opened Jun 8, 2024 by
c4-bot-8
Bifrost Assets can be stolen/lost/compromised directly
bug
Something isn't working
edited-by-warden
🤖_18_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
risk of DoS due to the increase in transactions and events to process
3 (High Risk)
#45
opened Jun 8, 2024 by
c4-bot-3
Users will be denied from using a particular protocol functionality under a certain case
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
🤖_07_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
#33
opened Jun 8, 2024 by
c4-bot-7
batchTransferOutV5 could emit multiple TransferOut events, but Bifrost Observation can handle only one per transaction.
3 (High Risk)
#7
opened Jun 6, 2024 by
c4-bot-4
Fund stuck forever in vault in case of multiple deposits to different vaults
3 (High Risk)
#6
opened Jun 6, 2024 by
c4-bot-8
ProTip!
Mix and match filters to narrow down what you’re looking for.