Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

QA Report #66

Open
c4-bot-9 opened this issue Oct 25, 2024 · 4 comments
Open

QA Report #66

c4-bot-9 opened this issue Oct 25, 2024 · 4 comments
Labels
bug Something isn't working grade-a Q-09 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality

Comments

@c4-bot-9
Copy link
Contributor

See the markdown file with the details of this report here.

@c4-bot-9 c4-bot-9 added bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels Oct 25, 2024
c4-bot-10 added a commit that referenced this issue Oct 25, 2024
c4-bot-4 added a commit that referenced this issue Oct 25, 2024
@howlbot-integration howlbot-integration bot added the sufficient quality report This report is of sufficient quality label Oct 28, 2024
@ClementWalter ClementWalter added the sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") label Nov 4, 2024
@c4-judge
Copy link
Contributor

c4-judge commented Nov 8, 2024

dmvt marked the issue as selected for report

@c4-judge c4-judge added selected for report This submission will be included/highlighted in the audit report grade-a labels Nov 8, 2024
@c4-judge
Copy link
Contributor

c4-judge commented Nov 8, 2024

dmvt marked the issue as grade-a

@thebrittfactor thebrittfactor removed the selected for report This submission will be included/highlighted in the audit report label Nov 8, 2024
@thebrittfactor
Copy link

Staff have removed the selected for report label until final QA ranks have been determined.

@thebrittfactor thebrittfactor added the selected for report This submission will be included/highlighted in the audit report label Nov 18, 2024
@thebrittfactor
Copy link

thebrittfactor commented Nov 18, 2024

Staff have added the selected for report label in order to assign report IDs, but will also include in the final report for completeness.

@C4-Staff C4-Staff added the Q-09 label Nov 18, 2024
obatirou added a commit to kkrt-labs/kakarot that referenced this issue Nov 25, 2024
code-423n4/2024-09-kakarot-findings#66

*  Missing boundary check in EVM transaction decoding
adds a check to ensure [call_array].data_offset + [call_array].data_len
<= calldata_len
* Several of the stack_size_diff values defined in constants.cairo are
off
   put the right values
* After Kakarot's native token is changed, an approval from
account_contract instances can't be re-triggered
   remove the setter, this will not change
* Some invalid values for the v field in Ethereum signatures are
accepted
   add a check to ensure y_parity is 0 or 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working grade-a Q-09 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
Projects
None yet
Development

No branches or pull requests

5 participants