Skip to content

Issues: code-423n4/2024-11-nibiru-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

22 Open 64 Closed
22 Open 64 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or ⇧ + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
πŸ‘ πŸ‘Ž πŸ˜„ πŸŽ‰ πŸ˜• ❀️ πŸš€ πŸ‘€

Issues list

QA Report 2nd place bug Something isn't working grade-b Q-01 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#71 opened Nov 30, 2024 by howlbot-integration bot
2
QA Report 1st place bug Something isn't working grade-a Q-02 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax selected for report This submission will be included/highlighted in the audit report sufficient quality report This report is of sufficient quality
#69 opened Nov 30, 2024 by howlbot-integration bot
5
Vesting Account Preemption Attack Preventing Future Contract Deployment 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working edited-by-warden H-01 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#60 opened Nov 28, 2024 by howlbot-integration bot
4
Non-deterministic gas consumption due to shared StateDB pointer in bank keeper affecting consensus 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-02 primary issue Highest quality submission among a set of duplicates πŸ€–_17_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sufficient quality report This report is of sufficient quality
#57 opened Nov 28, 2024 by howlbot-integration bot
6
Invalid Asset Pair Parsing Due to Colon Delimiter Conflict bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-b primary issue Highest quality submission among a set of duplicates Q-03 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax πŸ€–_primary AI based primary recommendation sufficient quality report This report is of sufficient quality
#55 opened Nov 28, 2024 by howlbot-integration bot
1
3
ERC20 Transfer Fails With Non-Compliant Tokens Missing Return Values 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-01 primary issue Highest quality submission among a set of duplicates πŸ€–_10_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sufficient quality report This report is of sufficient quality
#54 opened Nov 28, 2024 by howlbot-integration bot
1
11
Double fee application breaks supply invariant for fee-on-transfer ERC20s 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-02 primary issue Highest quality submission among a set of duplicates πŸ€–_02_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#48 opened Nov 28, 2024 by howlbot-integration bot
1
4
Gas used mismatch in failed contract calls can lead to wrong gas deductions 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-03 primary issue Highest quality submission among a set of duplicates πŸ€–_primary AI based primary recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#46 opened Nov 28, 2024 by howlbot-integration bot
1
11
Gas refunds use block gas instead of transaction gas, leading to incorrect refund amounts 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-04 primary issue Highest quality submission among a set of duplicates πŸ€–_12_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue sufficient quality report This report is of sufficient quality
#45 opened Nov 28, 2024 by howlbot-integration bot
6
Inconsistent Fee Denomination Handling in Transaction Validation and Building 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-05 primary issue Highest quality submission among a set of duplicates πŸ€–_31_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#44 opened Nov 28, 2024 by howlbot-integration bot
1
4
RPC DOS via TraceTx 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue edited-by-warden M-06 primary issue Highest quality submission among a set of duplicates πŸ€–_primary AI based primary recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sufficient quality report This report is of sufficient quality
#35 opened Nov 28, 2024 by howlbot-integration bot
4
Nonce can be manipulated by inserting a contract creation EthereumTx message first in an SDK TX with multiple EthereumTX messages 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue M-07 primary issue Highest quality submission among a set of duplicates πŸ€–_117_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue sufficient quality report This report is of sufficient quality
#29 opened Nov 28, 2024 by howlbot-integration bot
14
Unlimited Nibi could be minted because evm and bank balance are not synced when staking 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-03 primary issue Highest quality submission among a set of duplicates πŸ€–_primary AI based primary recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#26 opened Nov 28, 2024 by howlbot-integration bot
4
Gas is not consumed when precompile method fail, allowing resource consumption related DOS 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-04 primary issue Highest quality submission among a set of duplicates πŸ€–_primary AI based primary recommendation πŸ€–_09_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#25 opened Nov 28, 2024 by howlbot-integration bot
1
7
Inconsistent State Management: EthereumTx StateDB Overriding CallContract Results 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-05 primary issue Highest quality submission among a set of duplicates πŸ€–_primary AI based primary recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#24 opened Nov 28, 2024 by howlbot-integration bot
1
9
Tokens such as MKR that return bytes32 as _name_ and _symbol_ would be broken when integrated bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-a primary issue Highest quality submission among a set of duplicates QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax πŸ€–_primary AI based primary recommendation πŸ€–_25_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#15 opened Nov 28, 2024 by howlbot-integration bot
7
Nibiru's bank coin to EVM balance tracking logic is completely broken for rebasing tokens and would lead to leakage/loss of funds when converting 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue M-08 primary issue Highest quality submission among a set of duplicates πŸ€–_primary AI based primary recommendation πŸ€–_02_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue sufficient quality report This report is of sufficient quality
#14 opened Nov 28, 2024 by howlbot-integration bot
8
QA Report bug Something isn't working grade-b Q-04 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#8 opened Nov 25, 2024 by c4-bot-8
1
The bankBalance function failed to handle errors correctly. 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-09 primary issue Highest quality submission among a set of duplicates πŸ€–_primary AI based primary recommendation πŸ€–_46_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#5 opened Nov 25, 2024 by c4-bot-9
3
Hardcoded gas used in ERC20 queries allows for block production halt from infinite recursion 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working edited-by-warden H-06 primary issue Highest quality submission among a set of duplicates πŸ€–_primary AI based primary recommendation πŸ€–_15_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#4 opened Nov 23, 2024 by c4-bot-6
1
6
IOracle.queryExchangeRate returns incorrect blockTimeMs 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue M-10 primary issue Highest quality submission among a set of duplicates πŸ€–_primary AI based primary recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#2 opened Nov 22, 2024 by c4-bot-10
6
Agreements & Disclosures
#1 opened Oct 8, 2024 by code4rena-id bot
1
ProTip! no:milestone will show everything without a milestone.