Skip to content

Issues: code-423n4/2024-11-nibiru-validation

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

63 Open 135 Closed
63 Open 135 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or ⇧ + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
πŸ‘ πŸ‘Ž πŸ˜„ πŸŽ‰ πŸ˜• ❀️ πŸš€ πŸ‘€

Issues list

Potentially sensitive issue - disclosed privately 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working sufficient quality report This report is of sufficient quality
#200 opened Nov 26, 2024 by thebrittfactor
1
Potentially sensitive issue - disclosed privately 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working sufficient quality report This report is of sufficient quality
#199 opened Nov 26, 2024 by thebrittfactor
1
RPC Inability to Return Custom Errors 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working edited-by-warden πŸ€–_primary AI based primary recommendation sufficient quality report This report is of sufficient quality
#173 opened Nov 25, 2024 by c4-bot-6
Internal Transactions Bypass EIP-3529 Gas Refund Cap 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working πŸ€–_primary AI based primary recommendation πŸ€–_12_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#171 opened Nov 25, 2024 by c4-bot-3
Tokens that are upgradeable would be linked to multiple bank denoms 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working πŸ€–_primary AI based primary recommendation πŸ€–_11_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#170 opened Nov 25, 2024 by c4-bot-6
Nibiru's bank coin to EVM balance tracking logic is completely broken for rebasing tokens and would lead to leakage/loss of funds when converting 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working πŸ€–_primary AI based primary recommendation πŸ€–_02_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#169 opened Nov 25, 2024 by c4-bot-3
Tokens such as MKR that return bytes32 as _name_ and _symbol_ would be broken when integrated 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working πŸ€–_primary AI based primary recommendation πŸ€–_25_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#165 opened Nov 25, 2024 by c4-bot-8
Adversary can drain the token holders due to missing signature validation 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working πŸ€–_primary AI based primary recommendation πŸ€–_21_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#163 opened Nov 25, 2024 by c4-bot-10
Multiple FunTokens can be created for a single ERC20 address 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working πŸ€–_11_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#161 opened Nov 25, 2024 by c4-bot-10
Malicious users will transfer funds directly to module accounts causing potential chain halt 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working πŸ€–_primary AI based primary recommendation sufficient quality report This report is of sufficient quality
#160 opened Nov 25, 2024 by c4-bot-4
Arbitrary minting of tokens 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working πŸ€–_21_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#159 opened Nov 25, 2024 by c4-bot-3
Users can halt chain by spam-creating FunTokens and minting bank coins for a huge amount of spam addresses 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working πŸ€–_primary AI based primary recommendation πŸ€–_82_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#158 opened Nov 25, 2024 by c4-bot-10
Bank module supply invariant can be triggered if a contract owning FunToken bank coins is self-destructed 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working πŸ€–_82_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#155 opened Nov 25, 2024 by c4-bot-3
A malicious contract can halt the chain by calling FunToken.sendToBank recursively 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working πŸ€–_15_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#137 opened Nov 25, 2024 by c4-bot-9
There's no TxHash and Logs for CallContracts 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working πŸ€–_primary AI based primary recommendation sufficient quality report This report is of sufficient quality
#127 opened Nov 25, 2024 by c4-bot-8
Inconsistent State Management: EthereumTx StateDB Overriding CallContract Results 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working πŸ€–_primary AI based primary recommendation sufficient quality report This report is of sufficient quality
#126 opened Nov 25, 2024 by c4-bot-4
Gas is not consumed when precompile method fail, allowing resource consumption related DOS 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working πŸ€–_primary AI based primary recommendation πŸ€–_09_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#125 opened Nov 25, 2024 by c4-bot-4
Unlimited Nibi could be minted because evm and bank balance are not synced when staking 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working πŸ€–_primary AI based primary recommendation sufficient quality report This report is of sufficient quality
#124 opened Nov 25, 2024 by c4-bot-4
Potentially sensitive issue - disclosed privately again 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working πŸ€–_primary AI based primary recommendation sufficient quality report This report is of sufficient quality
#117 opened Nov 25, 2024 by c4-bot-6
Nibiru EVM is not compliant with Cancun fork 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working πŸ€–_primary AI based primary recommendation πŸ€–_14_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#88 opened Nov 24, 2024 by c4-bot-9
Coinbase fees are not transferred to the coinbase address deviating from the standard execution client spec 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working πŸ€–_primary AI based primary recommendation πŸ€–_36_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#82 opened Nov 24, 2024 by c4-bot-4
Only hardcoded base fee is deducted from the user's account which is not correct 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working πŸ€–_36_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#81 opened Nov 24, 2024 by c4-bot-8
MaxPriorityFeePerGas and MaxFeePerGas are specified for a user which is not correct 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working πŸ€–_primary AI based primary recommendation sufficient quality report This report is of sufficient quality
#80 opened Nov 24, 2024 by c4-bot-4
effectiveGasPriceDec does not depend on the user and uses hardcoded parameter leading to a potential tx revert 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working πŸ€–_primary AI based primary recommendation sufficient quality report This report is of sufficient quality
#79 opened Nov 24, 2024 by c4-bot-10
evmante_increment_sender_seq does not check if the operation is the contract creation 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working πŸ€–_primary AI based primary recommendation sufficient quality report This report is of sufficient quality
#78 opened Nov 24, 2024 by c4-bot-9
ProTip! Find all open issues with in progress development work with linked:pr.