-
Notifications
You must be signed in to change notification settings - Fork 0
Issues: code-423n4/2024-09-kakarot-findings
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
BLOCKHASH Opcode does not comply with Kakarot spec
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-5
edited-by-warden
grade-b
Q-01
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
π€_21_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#130
opened Oct 28, 2024 by
howlbot-integration
bot
QA Report
bug
Something isn't working
grade-a
Q-02
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#128
opened Oct 28, 2024 by
howlbot-integration
bot
QA Report
bug
Something isn't working
grade-b
Q-03
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#127
opened Oct 28, 2024 by
howlbot-integration
bot
Unauthorized Contracts Can Bypass Precompile Authorization via delegatecall in Kakarot zkEVM
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
edited-by-warden
H-01
primary issue
Highest quality submission among a set of duplicates
π€_primary
AI based primary recommendation
π€_34_group
AI based duplicate group recommendation
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#124
opened Oct 28, 2024 by
howlbot-integration
bot
RIPEMD160 precompile crashes with a Cairo exception for some input lengths
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
edited-by-warden
M-01
primary issue
Highest quality submission among a set of duplicates
π€_48_group
AI based duplicate group recommendation
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#120
opened Oct 28, 2024 by
howlbot-integration
bot
Prover can cheat in felt_to_bytes_little due to value underflow
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
edited-by-warden
H-02
primary issue
Highest quality submission among a set of duplicates
π€_03_group
AI based duplicate group recommendation
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#118
opened Oct 28, 2024 by
howlbot-integration
bot
Address aliasing is wrongfully applied even to EOAs
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-02
primary issue
Highest quality submission among a set of duplicates
π€_05_group
AI based duplicate group recommendation
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#111
opened Oct 28, 2024 by
howlbot-integration
bot
No way to cancel l1 -< l2 messages
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-03
primary issue
Highest quality submission among a set of duplicates
π€_09_group
AI based duplicate group recommendation
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#105
opened Oct 28, 2024 by
howlbot-integration
bot
Unchecked Memory Access and Integer Overflow Risks Lead to Arbitrary Memory Corruption
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-77
grade-b
Q-04
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
π€_00_group
AI based duplicate group recommendation
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
sufficient quality report
This report is of sufficient quality
#100
opened Oct 27, 2024 by
howlbot-integration
bot
Underpaid Computation Attack Through Access List Manipulation
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
edited-by-warden
grade-b
Q-05
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
π€_17_group
AI based duplicate group recommendation
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
sufficient quality report
This report is of sufficient quality
#97
opened Oct 27, 2024 by
howlbot-integration
bot
Missing Constraint in default_dict_copy
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
edited-by-warden
H-03
primary issue
Highest quality submission among a set of duplicates
π€_primary
AI based primary recommendation
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#91
opened Oct 27, 2024 by
howlbot-integration
bot
Incorrect ByteArray can be deserialized
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
grade-b
primary issue
Highest quality submission among a set of duplicates
Q-06
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
π€_07_group
AI based duplicate group recommendation
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
sufficient quality report
This report is of sufficient quality
#86
opened Oct 27, 2024 by
howlbot-integration
bot
Selfdestruct opcode transfers ETH to the wrong address
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
grade-b
primary issue
Highest quality submission among a set of duplicates
Q-07
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
π€_13_group
AI based duplicate group recommendation
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
sufficient quality report
This report is of sufficient quality
#83
opened Oct 27, 2024 by
howlbot-integration
bot
In exec_create, if unable to transfer value, evm should be returned, not child_evm
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
grade-b
primary issue
Highest quality submission among a set of duplicates
Q-08
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
π€_primary
AI based primary recommendation
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
sufficient quality report
This report is of sufficient quality
#70
opened Oct 27, 2024 by
howlbot-integration
bot
decode_legacy_tx
allows validation of signatures with chain_id that are larger than felt, and overflows
2 (Med Risk)
#69
opened Oct 27, 2024 by
howlbot-integration
bot
Arbitrary jump destinations can be appended to contract accounts
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
grade-a
primary issue
Highest quality submission among a set of duplicates
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
π€_65_group
AI based duplicate group recommendation
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
sufficient quality report
This report is of sufficient quality
#67
opened Oct 25, 2024 by
c4-bot-4
QA Report
bug
Something isn't working
grade-a
Q-09
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#66
opened Oct 25, 2024 by
c4-bot-9
ExponentiationImpl::pow()
returns 0 for 0^0
2 (Med Risk)
#65
opened Oct 25, 2024 by
c4-bot-9
Reentrancy check in account_contract can be easily circumvented
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-06
primary issue
Highest quality submission among a set of duplicates
π€_62_group
AI based duplicate group recommendation
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#64
opened Oct 25, 2024 by
c4-bot-10
Kakarot precompiles can be called in a staticcall context, allowing writes in view functions
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
edited-by-warden
grade-a
primary issue
Highest quality submission among a set of duplicates
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
π€_34_group
AI based duplicate group recommendation
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
sufficient quality report
This report is of sufficient quality
#63
opened Oct 25, 2024 by
c4-bot-9
Non-finalized dictionary in RIPEMD160 allows forging of output
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-04
primary issue
Highest quality submission among a set of duplicates
π€_primary
AI based primary recommendation
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#54
opened Oct 25, 2024 by
c4-bot-6
RIPEMD-160 precompile yields wrong hashes for large set of inputs due to off-by-one error
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-05
primary issue
Highest quality submission among a set of duplicates
π€_primary
AI based primary recommendation
π€_01_group
AI based duplicate group recommendation
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#50
opened Oct 25, 2024 by
c4-bot-6
Account contract does not gracefully handle panics in called contracts
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
M-07
primary issue
Highest quality submission among a set of duplicates
π€_primary
AI based primary recommendation
π€_23_group
AI based duplicate group recommendation
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#49
opened Oct 25, 2024 by
c4-bot-4
DualVmToken
can be abused to cause RPC-level reverts by revoking native token approval to Kakarot
2 (Med Risk)
#48
opened Oct 25, 2024 by
c4-bot-6
QA Report
bug
Something isn't working
grade-a
insufficient quality report
This report is not of sufficient quality
Q-10
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#46
opened Oct 25, 2024 by
c4-bot-3
Previous Next
ProTip!
no:milestone will show everything without a milestone.