-
Notifications
You must be signed in to change notification settings - Fork 1
Issues: code-423n4/2022-12-tessera-findings
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
GroupBuy can be drained of all ETH.
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-09
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#52
opened Dec 19, 2022 by
code423n4
GroupBuys that are completely filled still don't raise stated target amount
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-09
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#49
opened Dec 19, 2022 by
code423n4
Attacker can steal the amount collected so far in the GroupBuy for NFT purchase.
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-08
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#47
opened Dec 19, 2022 by
code423n4
Earlier bidders get cut out of future NFT holdings by bidders specifying the same price.
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-08
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#45
opened Dec 19, 2022 by
code423n4
User loses collateral converted to pendingBalance when cash() or list() is called
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-07
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#44
opened Dec 19, 2022 by
code423n4
Funds are permanently stuck in OptimisticListingSeaport.sol contract if active proposal is executed after new proposal is pending.
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-06
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#43
opened Dec 19, 2022 by
code423n4
Loss of ETH for proposer when it is a contract that doesn't have fallback function.
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
M-07
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#40
opened Dec 19, 2022 by
code423n4
Only one Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-06
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
GroupBuy
can ever use USDT or similar tokens with front-running approval protections
2 (Med Risk)
#37
opened Dec 19, 2022 by
code423n4
Orders may not be fillable due to missing approvals
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-05
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#36
opened Dec 19, 2022 by
code423n4
Priority queue min accounting breaks when nodes are split in two
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-04
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#32
opened Dec 19, 2022 by
code423n4
Users that send funds at a price lower than the current low bid have the funds locked
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-03
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#31
opened Dec 19, 2022 by
code423n4
QA Report
bug
Something isn't working
grade-a
Q-04
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#29
opened Dec 19, 2022 by
code423n4
Gas Optimizations
bug
Something isn't working
G (Gas Optimization)
G-02
grade-a
#28
opened Dec 19, 2022 by
code423n4
Attacker can DOS OptimisticListing with very low cost
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-05
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#25
opened Dec 19, 2022 by
code423n4
Attacker can delay proposal rejection
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
downgraded by judge
Judge downgraded the risk level of this issue
M-02
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
#24
opened Dec 19, 2022 by
code423n4
QA Report
bug
Something isn't working
edited-by-warden
grade-b
Q-03
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#22
opened Dec 19, 2022 by
code423n4
Gas Optimizations
bug
Something isn't working
edited-by-warden
G (Gas Optimization)
G-01
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#21
opened Dec 19, 2022 by
code423n4
A malicious feeReceiver can prevent the listing from being purchased
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
grade-b
Q-02
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#17
opened Dec 19, 2022 by
code423n4
GroupBuy may purchase NFT not in the allowed list
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
M-01
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
#14
opened Dec 18, 2022 by
code423n4
OptimisticListingSeaport.propose sets pendingBalances of newly added proposer instead of previous one
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-04
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#12
opened Dec 18, 2022 by
code423n4
Groupbuy: _verifyUnsuccessfulState and _verifySuccessfulState both can return true when block.timestamp == pool.terminationPeriod
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-03
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#10
opened Dec 18, 2022 by
code423n4
GroupBuy: Lost ETH when the NFT is bought for less than the minimum reserve price
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
H-02
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#7
opened Dec 18, 2022 by
code423n4
GroupBuy does not check return value of call
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
H-01
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#6
opened Dec 18, 2022 by
code423n4
QA Report
bug
Something isn't working
grade-a
Q-01
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#4
opened Dec 18, 2022 by
code423n4
ProTip!
Type g i on any issue or pull request to go back to the issue listing page.