Comments (1)
I would consider this as low vulnerability. This should not affect user funds in any way, and could do harm only in a very specific scenario. But this is correct formally and recommendation is concise and fixes this particular issue.
from 2022-10-mover-judging.
Related Issues (20)
- ak1 - Lack for sanity check while setting the exchangeProxyContract, trustedRegistryContract could cause the protocol to misbehave. HOT 1
- WATCHPUG - The value of `to` parameter in `_bridgeTxData` can be malicious HOT 2
- ignacio - LACK OF REENTRANCY GUARDS ON EXTERNAL FUNCTIONS HOT 1
- WATCHPUG - `exchangeFee` can be escaped HOT 3
- 8olidity - Malicious tokens can safeTransferFrom() results HOT 1
- WATCHPUG - `_expectedMinimumReceived` should consider `topupFee` HOT 1
- WATCHPUG - Lack of sanity checks in the setter functions can result in malfunctions HOT 1
- WATCHPUG - Slippage tolerance for Synapse should not be specified as constant values of `0.95`, `0.91` HOT 1
- ak1 - _processTopup will not work when SYNAPSE bridge is paused. All other process could not function. HOT 1
- ignacio - ABI.ENCODEPACKED() SHOULD NOT BE USED WITH DYNAMIC TYPES WHEN PASSING THE RESULT TO A HASH FUNCTION SUCH AS KECCAK256()
- ignacio - <ARRAY>.LENGTH SHOULD NOT BE LOOKED UP IN EVERY LOOP OF A FOR-LOOP and Increments can be unchecked
- ak1 - checkAllowance could not work as intended when the token decimal value is not 18 HOT 1
- ignacio - Miners can influence the value of block.timestamp to perform Maximal Extractable Value (MEV) attacks.
- ak1 - No clarity on the amount of fee set by admin. Could lead to loss of fund to protocol user. Lack of decentalisation
- vlad - Unprotected initialize function of the implementation contract
- vlad - Reuse of the signature for CardTopupTrusted
- vlad - Reuse of the same input parameters in CardTopupMPTProof HOT 1
- vlad - Invalid logic of checkApprove when input data is not long enough HOT 1
- ak1 - Implementation of own signing and verifying mechanism is more dangerous. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from 2022-10-mover-judging.