README.md

Fuel Network | Attackathon

Reports by Severity

Critical | High | Medium | Low | Insight

Critical

• Attackathon _ Fuel Network 32965 - [Blockchain_DLT - Critical] Messages to L included even on reverts allows theft from bridge
• Attackathon _ Fuel Network 33351 - [Smart Contract - Critical] ABI supertraits methods are available externally
• Attackathon _ Fuel Network 33519 - [Smart Contract - Critical] Silent Stack overflow on variables between cross-contract calls

High

• Attackathon _ Fuel Network 32269 - [Smart Contract - High] Incorrect fuel dce optimization register usage tracking
• Attackathon _ Fuel Network 32465 - [Blockchain_DLT - High] Abuse of CCP instruction to do cheap memory clears
• Attackathon _ Fuel Network 32696 - [Smart Contract - High] incorrect setting of non_negative value in ceil function in all IFP libs
• Attackathon _ Fuel Network 32700 - [Smart Contract - High] double increasing underlying value in ceil function can lead to sendunsend more amounts tofrom users when its called
• Attackathon _ Fuel Network 32706 - [Smart Contract - High] the function subtract in signed libs like Isw did not handle the case when selfvalue is smaller than othervalue value correctly
• Attackathon _ Fuel Network 32825 - [Blockchain_DLT - High] Consensus between -bit and -bit system can fail for LDC opcode
• Attackathon _ Fuel Network 32872 - [Smart Contract - High] Incorrect load_store_to_memcopy optimization
• Attackathon _ Fuel Network 33039 - [Smart Contract - High] The subtraction function is not correctly implemented for signed integers which can lead to incorrect values being calculated
• Attackathon _ Fuel Network 33168 - [Smart Contract - High] Incorrect Sign Determination In Multiply Divide Operations within IFP Implementations
• Attackathon _ Fuel Network 33175 - [Smart Contract - High] Sway-lib Subtract i Logic Vulnerability
• Attackathon _ Fuel Network 33195 - [Smart Contract - High] Incorrect Calculations in Subtraction Functions for Signed Integers
• Attackathon _ Fuel Network 33227 - [Smart Contract - High] Lack of overflow protection in the pow functions for unsigned integers can lead to a loss of coins when calculating coin amounts
• Attackathon _ Fuel Network 33242 - [Smart Contract - High] Incorrect Implementation of IFP Multiply and Divide Functions
• Attackathon _ Fuel Network 33248 - [Smart Contract - High] Incorrect Implementation of IFP Floor and Ceil Functions
• Attackathon _ Fuel Network 33267 - [Smart Contract - High] Bug in Multiply and Divide function
• Attackathon _ Fuel Network 33331 - [Smart Contract - High] Overflow in Types Less Than u

Medium

• Attackathon _ Fuel Network 32271 - [Blockchain_DLT - Medium] Incorrect state range access helper
• Attackathon _ Fuel Network 32275 - [Smart Contract - Medium] Various Sway Libs Bugs
• Attackathon _ Fuel Network 32486 - [Blockchain_DLT - Medium] Public RPC node craches via GraphQL API
• Attackathon _ Fuel Network 32628 - [Blockchain_DLT - Medium] A GraphQL query crashes core process
• Attackathon _ Fuel Network 32768 - [Blockchain_DLT - Medium] WDCM and WQCM doesnt respect the fuel-specs
• Attackathon _ Fuel Network 32884 - [Smart Contract - Medium] Compilerstd-lib storage collison between variables and StorageMap allows hidden backdoors likely loss of funds
• Attackathon _ Fuel Network 32886 - [Smart Contract - Medium] Incorrect function purity check
• Attackathon _ Fuel Network 32973 - [Smart Contract - Medium] Impl block dependency overwriting
• Attackathon _ Fuel Network 33170 - [Smart Contract - Medium] UFP Exp In Sway-lib Logic Vulnerability
• Attackathon _ Fuel Network 33186 - [Smart Contract - Medium] _compute_bytecode_root goes to an infinite loop when bytecode is empty
• Attackathon _ Fuel Network 33193 - [Blockchain_DLT - Medium] Fuel SDKs ABI Decoder Behaves Differently Based On Architecture Of The Machine
• Attackathon _ Fuel Network 33233 - [Smart Contract - Medium] Incorrect Implementation of Unsigned -bit Fixed Point Fractional Function
• Attackathon _ Fuel Network 33302 - [Smart Contract - Medium] Exp function does not work correctly
• Attackathon _ Fuel Network 33303 - [Smart Contract - Medium] Incorrect sign change
• Attackathon _ Fuel Network 33360 - [Blockchain_DLT - Medium] The typescript SDK has no awareness of to-be-spent transactions causing some transactions to fail or silently get pruned as they are funded with already used UTXOs
• Attackathon _ Fuel Network 33451 - [Smart Contract - Medium] Incorrect code size estimation can bypass protocol security checks leading to loss of user funds
• Attackathon _ Fuel Network 33488 - [Smart Contract - Medium] Insecure implementation of StorageMap could lead to unintended storage overwrite

Low

• Attackathon _ Fuel Network 32270 - [Smart Contract - Low] Inappropriate fuel dce on side affects
• Attackathon _ Fuel Network 32302 - [Smart Contract - Low] Src ContractConfigurables hash collision
• Attackathon _ Fuel Network 32327 - [Websites and Applications - Low] REVISED Malicious Downtime via missing Input Validation on Fuel Wallet Browser Extension Backend GraphQL server
• Attackathon _ Fuel Network 32388 - [Smart Contract - Low] Buffer overflow in EncodeBufferAppend intrinsic
• Attackathon _ Fuel Network 32390 - [Smart Contract - Low] Unchecked Virtual Immediate Construction Overflows Value Range
• Attackathon _ Fuel Network 32438 - [Smart Contract - Low] Unhandled Bailout During AbstractInstructionSet Constant Folding Pass
• Attackathon _ Fuel Network 32439 - [Smart Contract - Low] Missing Alignment Check During AbstractInstructionSet Constant Folding Pass
• Attackathon _ Fuel Network 32453 - [Smart Contract - Low] Unhandled Side Effect During AbstractInstructionSet Constant Folding
• Attackathon _ Fuel Network 32459 - [Websites and Applications - Low] URGENT WEB funds drained using URL path based manipulation and injection an attacker can spoof domains on any important web dapp API call as legitimate domains
• Attackathon _ Fuel Network 32491 - [Smart Contract - Low] Incorrect PushA PopA Mask Calculation
• Attackathon _ Fuel Network 32537 - [Smart Contract - Low] Different data types can be used when initializing an array which can lead to incorrect values in variables in smart contracts and the Rust SDK
• Attackathon _ Fuel Network 32548 - [Smart Contract - Low] Uncaught Integer Overflow During AbstractInstructionSet Constant Folding
• Attackathon _ Fuel Network 32612 - [Smart Contract - Low] Lack of slot hashing at adminsw can cause storage collision
• Attackathon _ Fuel Network 32673 - [Smart Contract - Low] Missing array length check for non constant evaluable index
• Attackathon _ Fuel Network 32703 - [Smart Contract - Low] Unexpected variable shadowing during ir generation
• Attackathon _ Fuel Network 32728 - [Smart Contract - Low] Incorrect literal type inference
• Attackathon _ Fuel Network 32730 - [Smart Contract - Low] The Sway compiler currently disallows read access to storage when the call is made within the fallback function
• Attackathon _ Fuel Network 32786 - [Smart Contract - Low] incorrect set of i bits to which it should be bits
• Attackathon _ Fuel Network 32812 - [Smart Contract - Low] Sway-libSRC- Buffer overflow in swap_configurables allows for verifying arbitrary codeconfig loss of funds
• Attackathon _ Fuel Network 32849 - [Smart Contract - Low] Insufficient array construction element type check
• Attackathon _ Fuel Network 32854 - [Smart Contract - Low] Sway-libstd-libcompiler Storage collision between admin lib storage map variables leads to admin takeover loss of funds
• Attackathon _ Fuel Network 32859 - [Smart Contract - Low] Incorrect argument pointer creation
• Attackathon _ Fuel Network 32979 - [Smart Contract - Low] operations with StorageVec incorrectly revert due to the type size
• Attackathon _ Fuel Network 33045 - [Smart Contract - Low] Compiler Dead Code Elimination inconsistently removes arithmetic checks leading to missing assertions likely loss of funds
• Attackathon _ Fuel Network 33239 - [Smart Contract - Low] Incorrect Implementation of IFP Min Functions
• Attackathon _ Fuel Network 33295 - [Smart Contract - Low] Bug in array decoding can lead to critical security vulnerabilities in protocols built on Fuel
• Attackathon _ Fuel Network 33346 - [Blockchain_DLT - Low] Incorrect error handling when executing block can cause network shutdown by hanging the poa service of network nodes halting block production
• Attackathon _ Fuel Network 33433 - [Smart Contract - Low] Self-append in Bytes data structure causes memory corruption leading to potential DOS attacks

Insight

• Attackathon _ Fuel Network 32276 - [Smart Contract - Insight] wrong implementation in gt and lt functions in IFP libs
• Attackathon _ Fuel Network 32291 - [Blockchain_DLT - Insight] Profiling is incorrect for dependent gas costs
• Attackathon _ Fuel Network 32314 - [Smart Contract - Insight] Missing _disableInitializers in FuelERCGatewayV contract
• Attackathon _ Fuel Network 32378 - [Smart Contract - Insight] Missing Zero-Check for Recipient Address in withdraw Function
• Attackathon _ Fuel Network 32412 - [Smart Contract - Insight] the IFP divide functions does not have check to
• Attackathon _ Fuel Network 32536 - [Smart Contract - Insight] The control flow graph is incorrectly constructed for the return path analysis which leads to an incorrect return path analysis
• Attackathon _ Fuel Network 32695 - [Blockchain_DLT - Insight] increasing processing for public nodes with rpc
• Attackathon _ Fuel Network 32835 - [Smart Contract - Insight] sway compiler doesnt prevent function selector collisions
• Attackathon _ Fuel Network 32860 - [Blockchain_DLT - Insight] Resource Abuse CCP instruction is loading the contract into memory before charging GAS
• Attackathon _ Fuel Network 32924 - [Smart Contract - Insight] sways legacy storage namespacing is broken and leads to collisions
• Attackathon _ Fuel Network 32935 - [Smart Contract - Insight] Insufficient trait duplication check
• Attackathon _ Fuel Network 32937 - [Smart Contract - Insight] Fallback function can be directly called with arguments as a named function
• Attackathon _ Fuel Network 32938 - [Smart Contract - Insight] Insufficient declaration shadowing check
• Attackathon _ Fuel Network 32978 - [Blockchain_DLT - Insight] isolating the node from the networkcausing OOM by resource exhaust
• Attackathon _ Fuel Network 32987 - [Blockchain_DLT - Insight] Sending a message with ETH and data to the FuelMessagePortal does not increase the balance on the L and users can not move the funds
• Attackathon _ Fuel Network 33101 - [Smart Contract - Insight] Associated functions that were implemented for tuples or arrays cannot be called
• Attackathon _ Fuel Network 33139 - [Smart Contract - Insight] Unreachable panic in sway compiler when parsing malicious cfg in contract
• Attackathon _ Fuel Network 33140 - [Smart Contract - Insight] Sway compiler crash when compile malicious contract with error const
• Attackathon _ Fuel Network 33171 - [Smart Contract - Insight] panic on unwrapping in decl_to_type_info
• Attackathon _ Fuel Network 33172 - [Smart Contract - Insight] OOB in type_check_analyze of ImplTrait
• Attackathon _ Fuel Network 33181 - [Smart Contract - Insight] users messages might encode incorrect data when they call deposit function on L erc bridge before the assetIssuerID is set
• Attackathon _ Fuel Network 33191 - [Smart Contract - Insight] Sway Formatting Behaves Differently Based On Architecture Of The Machine
• Attackathon _ Fuel Network 33203 - [Smart Contract - Insight] function inlining doesnt consider asm blocks instr count which leads to bloating contract size
• Attackathon _ Fuel Network 33207 - [Smart Contract - Insight] users created message when withdrawing from L-L is not possible to execute on L if the assetIssuerID got changed
• Attackathon _ Fuel Network 33240 - [Smart Contract - Insight] Incorrect Bitness in IFP Types
• Attackathon _ Fuel Network 33286 - [Smart Contract - Insight] panic on unwrapping in type_check_trait_implementation
• Attackathon _ Fuel Network 33401 - [Smart Contract - Insight] insight compiler crash - trait dummy method was not properly replaced
• Attackathon _ Fuel Network 33407 - [Smart Contract - Insight] Missing Zero-Check for to Address in withdraw Function
• Attackathon _ Fuel Network 33444 - [Smart Contract - Insight] Sway compiler crash for access out-of-bound memory in intrinsic function arguments check during semantic analysis
• Attackathon _ Fuel Network 33450 - [Blockchain_DLT - Insight] fuel_gas_price_algorithm AlgorithmV may panic
• Attackathon _ Fuel Network 33487 - [Smart Contract - Insight] Flags Do Not Affect Types Less Than u

Reports by Type

Smart Contract | Blockchain/DLT | Websites and Applications

Smart Contract

• Attackathon _ Fuel Network 32269 - [Smart Contract - High] Incorrect fuel dce optimization register usage tracking
• Attackathon _ Fuel Network 32270 - [Smart Contract - Low] Inappropriate fuel dce on side affects
• Attackathon _ Fuel Network 32275 - [Smart Contract - Medium] Various Sway Libs Bugs
• Attackathon _ Fuel Network 32276 - [Smart Contract - Insight] wrong implementation in gt and lt functions in IFP libs
• Attackathon _ Fuel Network 32302 - [Smart Contract - Low] Src ContractConfigurables hash collision
• Attackathon _ Fuel Network 32314 - [Smart Contract - Insight] Missing _disableInitializers in FuelERCGatewayV contract
• Attackathon _ Fuel Network 32378 - [Smart Contract - Insight] Missing Zero-Check for Recipient Address in withdraw Function
• Attackathon _ Fuel Network 32388 - [Smart Contract - Low] Buffer overflow in EncodeBufferAppend intrinsic
• Attackathon _ Fuel Network 32390 - [Smart Contract - Low] Unchecked Virtual Immediate Construction Overflows Value Range
• Attackathon _ Fuel Network 32412 - [Smart Contract - Insight] the IFP divide functions does not have check to
• Attackathon _ Fuel Network 32438 - [Smart Contract - Low] Unhandled Bailout During AbstractInstructionSet Constant Folding Pass
• Attackathon _ Fuel Network 32439 - [Smart Contract - Low] Missing Alignment Check During AbstractInstructionSet Constant Folding Pass
• Attackathon _ Fuel Network 32453 - [Smart Contract - Low] Unhandled Side Effect During AbstractInstructionSet Constant Folding
• Attackathon _ Fuel Network 32491 - [Smart Contract - Low] Incorrect PushA PopA Mask Calculation
• Attackathon _ Fuel Network 32536 - [Smart Contract - Insight] The control flow graph is incorrectly constructed for the return path analysis which leads to an incorrect return path analysis
• Attackathon _ Fuel Network 32537 - [Smart Contract - Low] Different data types can be used when initializing an array which can lead to incorrect values in variables in smart contracts and the Rust SDK
• Attackathon _ Fuel Network 32548 - [Smart Contract - Low] Uncaught Integer Overflow During AbstractInstructionSet Constant Folding
• Attackathon _ Fuel Network 32612 - [Smart Contract - Low] Lack of slot hashing at adminsw can cause storage collision
• Attackathon _ Fuel Network 32673 - [Smart Contract - Low] Missing array length check for non constant evaluable index
• Attackathon _ Fuel Network 32696 - [Smart Contract - High] incorrect setting of non_negative value in ceil function in all IFP libs
• Attackathon _ Fuel Network 32700 - [Smart Contract - High] double increasing underlying value in ceil function can lead to sendunsend more amounts tofrom users when its called
• Attackathon _ Fuel Network 32703 - [Smart Contract - Low] Unexpected variable shadowing during ir generation
• Attackathon _ Fuel Network 32706 - [Smart Contract - High] the function subtract in signed libs like Isw did not handle the case when selfvalue is smaller than othervalue value correctly
• Attackathon _ Fuel Network 32728 - [Smart Contract - Low] Incorrect literal type inference
• Attackathon _ Fuel Network 32730 - [Smart Contract - Low] The Sway compiler currently disallows read access to storage when the call is made within the fallback function
• Attackathon _ Fuel Network 32786 - [Smart Contract - Low] incorrect set of i bits to which it should be bits
• Attackathon _ Fuel Network 32812 - [Smart Contract - Low] Sway-libSRC- Buffer overflow in swap_configurables allows for verifying arbitrary codeconfig loss of funds
• Attackathon _ Fuel Network 32835 - [Smart Contract - Insight] sway compiler doesnt prevent function selector collisions
• Attackathon _ Fuel Network 32849 - [Smart Contract - Low] Insufficient array construction element type check
• Attackathon _ Fuel Network 32854 - [Smart Contract - Low] Sway-libstd-libcompiler Storage collision between admin lib storage map variables leads to admin takeover loss of funds
• Attackathon _ Fuel Network 32859 - [Smart Contract - Low] Incorrect argument pointer creation
• Attackathon _ Fuel Network 32872 - [Smart Contract - High] Incorrect load_store_to_memcopy optimization
• Attackathon _ Fuel Network 32884 - [Smart Contract - Medium] Compilerstd-lib storage collison between variables and StorageMap allows hidden backdoors likely loss of funds
• Attackathon _ Fuel Network 32886 - [Smart Contract - Medium] Incorrect function purity check
• Attackathon _ Fuel Network 32924 - [Smart Contract - Insight] sways legacy storage namespacing is broken and leads to collisions
• Attackathon _ Fuel Network 32935 - [Smart Contract - Insight] Insufficient trait duplication check
• Attackathon _ Fuel Network 32937 - [Smart Contract - Insight] Fallback function can be directly called with arguments as a named function
• Attackathon _ Fuel Network 32938 - [Smart Contract - Insight] Insufficient declaration shadowing check
• Attackathon _ Fuel Network 32973 - [Smart Contract - Medium] Impl block dependency overwriting
• Attackathon _ Fuel Network 32979 - [Smart Contract - Low] operations with StorageVec incorrectly revert due to the type size
• Attackathon _ Fuel Network 33039 - [Smart Contract - High] The subtraction function is not correctly implemented for signed integers which can lead to incorrect values being calculated
• Attackathon _ Fuel Network 33045 - [Smart Contract - Low] Compiler Dead Code Elimination inconsistently removes arithmetic checks leading to missing assertions likely loss of funds
• Attackathon _ Fuel Network 33101 - [Smart Contract - Insight] Associated functions that were implemented for tuples or arrays cannot be called
• Attackathon _ Fuel Network 33139 - [Smart Contract - Insight] Unreachable panic in sway compiler when parsing malicious cfg in contract
• Attackathon _ Fuel Network 33140 - [Smart Contract - Insight] Sway compiler crash when compile malicious contract with error const
• Attackathon _ Fuel Network 33168 - [Smart Contract - High] Incorrect Sign Determination In Multiply Divide Operations within IFP Implementations
• Attackathon _ Fuel Network 33170 - [Smart Contract - Medium] UFP Exp In Sway-lib Logic Vulnerability
• Attackathon _ Fuel Network 33171 - [Smart Contract - Insight] panic on unwrapping in decl_to_type_info
• Attackathon _ Fuel Network 33172 - [Smart Contract - Insight] OOB in type_check_analyze of ImplTrait
• Attackathon _ Fuel Network 33175 - [Smart Contract - High] Sway-lib Subtract i Logic Vulnerability
• Attackathon _ Fuel Network 33181 - [Smart Contract - Insight] users messages might encode incorrect data when they call deposit function on L erc bridge before the assetIssuerID is set
• Attackathon _ Fuel Network 33186 - [Smart Contract - Medium] _compute_bytecode_root goes to an infinite loop when bytecode is empty
• Attackathon _ Fuel Network 33191 - [Smart Contract - Insight] Sway Formatting Behaves Differently Based On Architecture Of The Machine
• Attackathon _ Fuel Network 33195 - [Smart Contract - High] Incorrect Calculations in Subtraction Functions for Signed Integers
• Attackathon _ Fuel Network 33203 - [Smart Contract - Insight] function inlining doesnt consider asm blocks instr count which leads to bloating contract size
• Attackathon _ Fuel Network 33207 - [Smart Contract - Insight] users created message when withdrawing from L-L is not possible to execute on L if the assetIssuerID got changed
• Attackathon _ Fuel Network 33227 - [Smart Contract - High] Lack of overflow protection in the pow functions for unsigned integers can lead to a loss of coins when calculating coin amounts
• Attackathon _ Fuel Network 33233 - [Smart Contract - Medium] Incorrect Implementation of Unsigned -bit Fixed Point Fractional Function
• Attackathon _ Fuel Network 33239 - [Smart Contract - Low] Incorrect Implementation of IFP Min Functions
• Attackathon _ Fuel Network 33240 - [Smart Contract - Insight] Incorrect Bitness in IFP Types
• Attackathon _ Fuel Network 33242 - [Smart Contract - High] Incorrect Implementation of IFP Multiply and Divide Functions
• Attackathon _ Fuel Network 33248 - [Smart Contract - High] Incorrect Implementation of IFP Floor and Ceil Functions
• Attackathon _ Fuel Network 33267 - [Smart Contract - High] Bug in Multiply and Divide function
• Attackathon _ Fuel Network 33286 - [Smart Contract - Insight] panic on unwrapping in type_check_trait_implementation
• Attackathon _ Fuel Network 33295 - [Smart Contract - Low] Bug in array decoding can lead to critical security vulnerabilities in protocols built on Fuel
• Attackathon _ Fuel Network 33302 - [Smart Contract - Medium] Exp function does not work correctly
• Attackathon _ Fuel Network 33303 - [Smart Contract - Medium] Incorrect sign change
• Attackathon _ Fuel Network 33331 - [Smart Contract - High] Overflow in Types Less Than u
• Attackathon _ Fuel Network 33351 - [Smart Contract - Critical] ABI supertraits methods are available externally
• Attackathon _ Fuel Network 33401 - [Smart Contract - Insight] insight compiler crash - trait dummy method was not properly replaced
• Attackathon _ Fuel Network 33407 - [Smart Contract - Insight] Missing Zero-Check for to Address in withdraw Function
• Attackathon _ Fuel Network 33433 - [Smart Contract - Low] Self-append in Bytes data structure causes memory corruption leading to potential DOS attacks
• Attackathon _ Fuel Network 33444 - [Smart Contract - Insight] Sway compiler crash for access out-of-bound memory in intrinsic function arguments check during semantic analysis
• Attackathon _ Fuel Network 33451 - [Smart Contract - Medium] Incorrect code size estimation can bypass protocol security checks leading to loss of user funds
• Attackathon _ Fuel Network 33487 - [Smart Contract - Insight] Flags Do Not Affect Types Less Than u
• Attackathon _ Fuel Network 33488 - [Smart Contract - Medium] Insecure implementation of StorageMap could lead to unintended storage overwrite
• Attackathon _ Fuel Network 33519 - [Smart Contract - Critical] Silent Stack overflow on variables between cross-contract calls

Blockchain/DLT

• Attackathon _ Fuel Network 32271 - [Blockchain_DLT - Medium] Incorrect state range access helper
• Attackathon _ Fuel Network 32291 - [Blockchain_DLT - Insight] Profiling is incorrect for dependent gas costs
• Attackathon _ Fuel Network 32465 - [Blockchain_DLT - High] Abuse of CCP instruction to do cheap memory clears
• Attackathon _ Fuel Network 32486 - [Blockchain_DLT - Medium] Public RPC node craches via GraphQL API
• Attackathon _ Fuel Network 32628 - [Blockchain_DLT - Medium] A GraphQL query crashes core process
• Attackathon _ Fuel Network 32695 - [Blockchain_DLT - Insight] increasing processing for public nodes with rpc
• Attackathon _ Fuel Network 32768 - [Blockchain_DLT - Medium] WDCM and WQCM doesnt respect the fuel-specs
• Attackathon _ Fuel Network 32825 - [Blockchain_DLT - High] Consensus between -bit and -bit system can fail for LDC opcode
• Attackathon _ Fuel Network 32860 - [Blockchain_DLT - Insight] Resource Abuse CCP instruction is loading the contract into memory before charging GAS
• Attackathon _ Fuel Network 32965 - [Blockchain_DLT - Critical] Messages to L included even on reverts allows theft from bridge
• Attackathon _ Fuel Network 32978 - [Blockchain_DLT - Insight] isolating the node from the networkcausing OOM by resource exhaust
• Attackathon _ Fuel Network 32987 - [Blockchain_DLT - Insight] Sending a message with ETH and data to the FuelMessagePortal does not increase the balance on the L and users can not move the funds
• Attackathon _ Fuel Network 33193 - [Blockchain_DLT - Medium] Fuel SDKs ABI Decoder Behaves Differently Based On Architecture Of The Machine
• Attackathon _ Fuel Network 33346 - [Blockchain_DLT - Low] Incorrect error handling when executing block can cause network shutdown by hanging the poa service of network nodes halting block production
• Attackathon _ Fuel Network 33360 - [Blockchain_DLT - Medium] The typescript SDK has no awareness of to-be-spent transactions causing some transactions to fail or silently get pruned as they are funded with already used UTXOs
• Attackathon _ Fuel Network 33450 - [Blockchain_DLT - Insight] fuel_gas_price_algorithm AlgorithmV may panic

Websites and Applications

• Attackathon _ Fuel Network 32327 - [Websites and Applications - Low] REVISED Malicious Downtime via missing Input Validation on Fuel Wallet Browser Extension Backend GraphQL server
• Attackathon _ Fuel Network 32459 - [Websites and Applications - Low] URGENT WEB funds drained using URL path based manipulation and injection an attacker can spoof domains on any important web dapp API call as legitimate domains