├── README.md ├── data ├── 0x11singh99-827.json ├── 0x11singh99-G.md ├── 0x180db-446.json ├── 0x180db-75.json ├── 0xAadi-886.json ├── 0xAadi-Q.md ├── 0xAnah-400.json ├── 0xAnah-G.md ├── 0xDING99YA-459.json ├── 0xDING99YA-460.json ├── 0xDING99YA-461.json ├── 0xDING99YA-462.json ├── 0xDING99YA-463.json ├── 0xDemon-335.json ├── 0xDemon-336.json ├── 0xDemon-Q.md ├── 0xHelium-550.json ├── 0xHelium-Analysis.md ├── 0xPetroff-41.json ├── 0xRstStn-514.json ├── 0xRstStn-640.json ├── 0xRstStn-868.json ├── 0xRstStn-G.md ├── 0xRstStn-Q.md ├── 0xSmartContract-323.json ├── 0xSmartContract-384.json ├── 0xSmartContract-385.json ├── 0xSmartContract-Analysis.md ├── 0xSmartContract-Q.md ├── 0xStalin-287.json ├── 0xStalin-332.json ├── 0xStalin-423.json ├── 0xStalin-464.json ├── 0xStalin-86.json ├── 0xStalin-877.json ├── 0xStriker-866.json ├── 0xStriker-Q.md ├── 0xTheC0der-885.json ├── 0xTiwa-755.json ├── 0xWaitress-72.json ├── 0xWaitress-81.json ├── 0xWaitress-92.json ├── 0xWaitress-Q.md ├── 0xadrii-298.json ├── 0xadrii-333.json ├── 0xastronatey-2.json ├── 0xblackskull-396.json ├── 0xblackskull-650.json ├── 0xblackskull-655.json ├── 0xblackskull-658.json ├── 0xblackskull-Q.md ├── 0xbrett8571-149.json ├── 0xbrett8571-150.json ├── 0xbrett8571-151.json ├── 0xbrett8571-153.json ├── 0xbrett8571-154.json ├── 0xbrett8571-155.json ├── 0xbrett8571-156.json ├── 0xbrett8571-157.json ├── 0xbrett8571-158.json ├── 0xbrett8571-159.json ├── 0xbrett8571-160.json ├── 0xbrett8571-161.json ├── 0xbrett8571-162.json ├── 0xbrett8571-163.json ├── 0xbrett8571-164.json ├── 0xbrett8571-Analysis.md ├── 0xfuje-401.json ├── 0xfuje-402.json ├── 0xfuje-403.json ├── 0xfuje-405.json ├── 0xfuje-406.json ├── 0xfuje-418.json ├── 0xgrbr-374.json ├── 0xgrbr-375.json ├── 0xmuxyz-387.json ├── 0xmuxyz-388.json ├── 0xnev-570.json ├── 0xnev-571.json ├── 0xnev-572.json ├── 0xnev-573.json ├── 0xnev-574.json ├── 0xnev-Analysis.md ├── 0xsagetony-767.json ├── 0xsagetony-770.json ├── 0xsagetony-Analysis.md ├── 0xsagetony-Q.md ├── 0xsurena-16.json ├── 0xsurena-266.json ├── 0xsurena-269.json ├── 0xsurena-301.json ├── 0xsurena-343.json ├── 0xsurena-36.json ├── 0xsurena-364.json ├── 0xsurena-371.json ├── 0xsurena-96.json ├── 0xta-841.json ├── 0xta-G.md ├── 33BYTEZZZ-408.json ├── 33BYTEZZZ-409.json ├── 33BYTEZZZ-412.json ├── 33BYTEZZZ-414.json ├── 33BYTEZZZ-416.json ├── 33BYTEZZZ-417.json ├── 33BYTEZZZ-442.json ├── 33BYTEZZZ-474.json ├── 33BYTEZZZ-476.json ├── 33BYTEZZZ-477.json ├── 33BYTEZZZ-479.json ├── 33BYTEZZZ-775.json ├── 33BYTEZZZ-Analysis.md ├── 33BYTEZZZ-Q.md ├── 3docSec-348.json ├── 3docSec-349.json ├── 3docSec-350.json ├── 3docSec-351.json ├── 3docSec-352.json ├── 3docSec-354.json ├── 3docSec-355.json ├── 3docSec-Q.md ├── 7ashraf-599.json ├── 7ashraf-600.json ├── 7ashraf-723.json ├── 7ashraf-Q.md ├── ABA-300.json ├── ABA-421.json ├── ABA-556.json ├── ABAIKUNANBAEV-71.json ├── AISec-256.json ├── AISec-3.json ├── AISec-455.json ├── AISec-5.json ├── AISec-G.md ├── Aamir-280.json ├── Aamir-286.json ├── Aamir-294.json ├── Aamir-426.json ├── Aamir-534.json ├── Aamir-535.json ├── Aamir-806.json ├── Aamir-Analysis.md ├── Aamir-G.md ├── Aamir-Q.md ├── Abdul-337.json ├── Arz-867.json ├── Arz-881.json ├── Atree-330.json ├── Audinarey-825.json ├── Audinarey-842.json ├── Audinarey-858.json ├── Aymen0909-845.json ├── Aymen0909-862.json ├── BLOS-331.json ├── BRONZEDISC-6.json ├── BRONZEDISC-829.json ├── BRONZEDISC-Q.md ├── Bauchibred-318.json ├── Bauchibred-319.json ├── Bauchibred-320.json ├── Bauchibred-321.json ├── Bauchibred-322.json ├── Bauchibred-899.json ├── Bauchibred-Analysis.md ├── Bauchibred-Q.md ├── Black_Box_DD-118.json ├── Black_Box_DD-17.json ├── Black_Box_DD-291.json ├── Black_Box_DD-Q.md ├── Bryan_Conquer-56.json ├── Bryan_Conquer-Q.md ├── Chom-67.json ├── Daniel526-120.json ├── Daniel526-122.json ├── Daniel526-124.json ├── Daniel526-136.json ├── Daniel526-137.json ├── Daniel526-180.json ├── Daniel526-183.json ├── Daniel526-202.json ├── Daniel526-205.json ├── Daniel526-217.json ├── Daniel526-292.json ├── Daniel526-296.json ├── Daniel526-Q.md ├── DanielArmstrong-411.json ├── DanielArmstrong-524.json ├── DanielArmstrong-654.json ├── DanielArmstrong-656.json ├── DanielTan_MetaTrust-692.json ├── DanielTan_MetaTrust-Q.md ├── Dastan-317.json ├── Dastan-326.json ├── Dastan-329.json ├── Dastan-366.json ├── Dastan-Analysis.md ├── DavidGiladi-413.json ├── DavidGiladi-G.md ├── DavylVinyl-43.json ├── DavylVinyl-44.json ├── DavylVinyl-45.json ├── DavylVinyl-46.json ├── DavylVinyl-47.json ├── DavylVinyl-48.json ├── DavylVinyl-50.json ├── DavylVinyl-51.json ├── DavylVinyl-52.json ├── DavylVinyl-53.json ├── DavylVinyl-54.json ├── DavylVinyl-Analysis.md ├── DavylVinyl-Q.md ├── Defiesta-306.json ├── Defiesta-310.json ├── Defiesta-339.json ├── Defiesta-Analysis.md ├── Defiesta-G.md ├── Defiesta-Q.md ├── DevABDee-487.json ├── DevABDee-488.json ├── DevABDee-501.json ├── DevABDee-504.json ├── DevABDee-G.md ├── Dinesh11G-206.json ├── Dinesh11G-207.json ├── Dinesh11G-209.json ├── Dinesh11G-211.json ├── Dinesh11G-212.json ├── Dinesh11G-32.json ├── Dinesh11G-33.json ├── Dinesh11G-84.json ├── Dinesh11G-Q.md ├── DoNothing-8.json ├── Eurovickk-830.json ├── Eurovickk-857.json ├── Eurovickk-859.json ├── Eurovickk-G.md ├── Eurovickk-Q.md ├── Franklin-490.json ├── Franklin-Q.md ├── GKBG-852.json ├── GKBG-Q.md ├── GREY-HAWK-REACH-13.json ├── GREY-HAWK-REACH-625.json ├── GREY-HAWK-REACH-668.json ├── HChang26-117.json ├── Hama-103.json ├── Hama-106.json ├── Hama-112.json ├── Hama-129.json ├── Hama-131.json ├── Hama-559.json ├── Hama-561.json ├── Hama-64.json ├── Hama-65.json ├── IceBear-125.json ├── IceBear-297.json ├── IceBear-353.json ├── IceBear-360.json ├── Inspecktor-608.json ├── Inspecktor-611.json ├── Inspecktor-626.json ├── Inspecktor-627.json ├── Inspecktor-628.json ├── Inspecktor-629.json ├── Inspecktor-630.json ├── Inspecktor-631.json ├── Inspecktor-632.json ├── Inspecktor-634.json ├── Inspecktor-635.json ├── Inspecktor-637.json ├── Inspecktor-639.json ├── Inspecktor-641.json ├── Inspecktor-646.json ├── Inspecktor-647.json ├── Inspecktor-649.json ├── Inspecktor-662.json ├── Inspecktor-696.json ├── Inspecktor-697.json ├── Inspecktor-698.json ├── Inspecktor-700.json ├── Inspecktor-701.json ├── Inspecktor-702.json ├── Inspecktor-704.json ├── Inspecktor-741.json ├── Inspecktor-751.json ├── Inspecktor-766.json ├── Inspecktor-Q.md ├── JCK-557.json ├── JCK-876.json ├── JCK-Analysis.md ├── JCK-G.md ├── JP_Courses-193.json ├── John-778.json ├── John-Q.md ├── John_Femi-579.json ├── Jorgect-539.json ├── Jorgect-546.json ├── Jorgect-549.json ├── Jorgect-553.json ├── Jorgect-Q.md ├── Joshuajee-451.json ├── Joshuajee-452.json ├── Joshuajee-453.json ├── Joshuajee-837.json ├── Joshuajee-Analysis.md ├── Joshuajee-G.md ├── Joshuajee-Q.md ├── K42-175.json ├── K42-275.json ├── K42-276.json ├── K42-Analysis.md ├── K42-G.md ├── K42-Q.md ├── Kek-467.json ├── Kek-468.json ├── Kek-469.json ├── Kek-470.json ├── Kek-471.json ├── Kek-472.json ├── Kek-Q.md ├── KingNFT-734.json ├── KingNFT-82.json ├── Koolex-789.json ├── Koolex-790.json ├── Koolex-793.json ├── Koolex-798.json ├── Koolex-826.json ├── Koolex-860.json ├── Koolex-875.json ├── Koolex-894.json ├── Kow-244.json ├── Kow-249.json ├── Kow-258.json ├── Kow-262.json ├── Kow-263.json ├── Kral01-708.json ├── Kral01-874.json ├── Limbooo-771.json ├── Limbooo-776.json ├── Limbooo-785.json ├── Limbooo-788.json ├── LinKenji-583.json ├── LinKenji-584.json ├── LinKenji-585.json ├── LinKenji-586.json ├── LinKenji-587.json ├── LinKenji-588.json ├── LinKenji-589.json ├── LinKenji-590.json ├── LinKenji-591.json ├── LinKenji-592.json ├── LinKenji-593.json ├── LinKenji-595.json ├── LinKenji-596.json ├── LinKenji-597.json ├── LinKenji-598.json ├── LinKenji-Q.md ├── Littlebeast-581.json ├── Littlebeast-Analysis.md ├── LokiThe5th-399.json ├── LokiThe5th-671.json ├── LokiThe5th-745.json ├── LokiThe5th-774.json ├── LokiThe5th-902.json ├── LokiThe5th-903.json ├── LokiThe5th-Analysis.md ├── LokiThe5th-Q.md ├── LowK-49.json ├── MIQUINHO-102.json ├── MIQUINHO-104.json ├── MIQUINHO-39.json ├── MIQUINHO-40.json ├── MIQUINHO-900.json ├── MIQUINHO-G.md ├── MIQUINHO-Q.md ├── MSK-794.json ├── MSK-812.json ├── MSK-Analysis.md ├── MSK-Q.md ├── MrPotatoMagic-386.json ├── MrPotatoMagic-458.json ├── MrPotatoMagic-522.json ├── MrPotatoMagic-526.json ├── MrPotatoMagic-552.json ├── MrPotatoMagic-564.json ├── MrPotatoMagic-864.json ├── MrPotatoMagic-901.json ├── MrPotatoMagic-Analysis.md ├── MrPotatoMagic-G.md ├── MrPotatoMagic-Q.md ├── Myd-612.json ├── Myd-614.json ├── Myd-615.json ├── Myd-616.json ├── Myd-617.json ├── Myd-618.json ├── Myd-619.json ├── Myd-620.json ├── Myd-621.json ├── Myd-622.json ├── Myd-623.json ├── Myd-624.json ├── Naresh-19.json ├── Naresh-208.json ├── Naresh-74.json ├── Naresh-78.json ├── Naresh-Q.md ├── Neon2835-295.json ├── Nikki-99.json ├── NoTechBG-678.json ├── NoTechBG-685.json ├── NoTechBG-688.json ├── NoTechBG-689.json ├── NoTechBG-690.json ├── NoTechBG-691.json ├── NoTechBG-693.json ├── NoTechBG-694.json ├── NoTechBG-737.json ├── Noro-818.json ├── Nyx-664.json ├── Nyx-670.json ├── OMEN-197.json ├── OMEN-444.json ├── OMEN-466.json ├── OMEN-478.json ├── OMEN-489.json ├── OMEN-568.json ├── OMEN-575.json ├── OMEN-577.json ├── OMEN-580.json ├── OMEN-850.json ├── OMEN-891.json ├── Oxsadeeq-407.json ├── Oxsadeeq-569.json ├── Oxsadeeq-576.json ├── Oxsadeeq-Analysis.md ├── PASCAL-493.json ├── PASCAL-554.json ├── PASCAL-555.json ├── PASCAL-Q.md ├── Peetza-356.json ├── Pessimistic-382.json ├── Pessimistic-383.json ├── Polaris_tow-363.json ├── Polaris_tow-Q.md ├── QiuhaoLi-633.json ├── QiuhaoLi-663.json ├── QiuhaoLi-669.json ├── QiuhaoLi-673.json ├── QiuhaoLi-683.json ├── QiuhaoLi-706.json ├── QiuhaoLi-731.json ├── QiuhaoLi-739.json ├── QiuhaoLi-749.json ├── QiuhaoLi-784.json ├── QiuhaoLi-792.json ├── QiuhaoLi-828.json ├── QiuhaoLi-844.json ├── Raihan-666.json ├── Raihan-G.md ├── Rolezn-168.json ├── Rolezn-G.md ├── SAAJ-659.json ├── SAAJ-819.json ├── SAAJ-Analysis.md ├── SAAJ-G.md ├── SAQ-892.json ├── SAQ-G.md ├── SM3_SS-499.json ├── SM3_SS-G.md ├── SY_S-878.json ├── SY_S-G.md ├── SaeedAlipoor01988-14.json ├── SanketKogekar-838.json ├── SanketKogekar-840.json ├── SanketKogekar-Q.md ├── Sathish9098-742.json ├── Sathish9098-77.json ├── Sathish9098-773.json ├── Sathish9098-783.json ├── Sathish9098-79.json ├── Sathish9098-Analysis.md ├── Sathish9098-G.md ├── Sathish9098-Q.md ├── Satyam_Sharma-55.json ├── Sentry-456.json ├── Sentry-457.json ├── Soul22-661.json ├── SovaSlava-223.json ├── SovaSlava-253.json ├── SovaSlava-278.json ├── SovaSlava-Q.md ├── SpicyMeatball-146.json ├── SpicyMeatball-73.json ├── SpicyMeatball-80.json ├── Stormreckson-245.json ├── Stormreckson-247.json ├── Stormreckson-248.json ├── Stormreckson-250.json ├── Stormreckson-251.json ├── Stormreckson-252.json ├── Stormreckson-254.json ├── Stormreckson-255.json ├── Stormreckson-324.json ├── Stormreckson-325.json ├── Stormreckson-381.json ├── Stormreckson-Q.md ├── T1MOH-57.json ├── T1MOH-58.json ├── TangYuanShen-216.json ├── Tendency-528.json ├── Tendency-529.json ├── Tendency-695.json ├── Tendency-710.json ├── Tendency-719.json ├── Topmark-213.json ├── Topmark-215.json ├── Topmark-218.json ├── Topmark-219.json ├── Topmark-222.json ├── Topmark-224.json ├── Topmark-259.json ├── Topmark-260.json ├── Topmark-Q.md ├── Udsen-810.json ├── Udsen-813.json ├── Udsen-817.json ├── Udsen-820.json ├── Udsen-821.json ├── Udsen-822.json ├── Udsen-831.json ├── Udsen-834.json ├── Udsen-836.json ├── Udsen-846.json ├── Udsen-853.json ├── Udsen-889.json ├── Udsen-G.md ├── Udsen-Q.md ├── V1235816-107.json ├── V1235816-133.json ├── V1235816-76.json ├── V1235816-83.json ├── Vagner-527.json ├── Vagner-530.json ├── Viktor_Cortess-267.json ├── Viktor_Cortess-272.json ├── Viktor_Cortess-274.json ├── Viktor_Cortess-277.json ├── Viktor_Cortess-279.json ├── Viktor_Cortess-281.json ├── Viktor_Cortess-282.json ├── Viktor_Cortess-303.json ├── Viktor_Cortess-377.json ├── Viktor_Cortess-420.json ├── Viktor_Cortess-543.json ├── Viktor_Cortess-548.json ├── Viktor_Cortess-727.json ├── Viktor_Cortess-Q.md ├── Viraz-544.json ├── Viraz-551.json ├── Viraz-757.json ├── Viraz-805.json ├── Viraz-Q.md ├── XDZIBECX-108.json ├── XDZIBECX-141.json ├── XDZIBECX-143.json ├── XDZIBECX-147.json ├── XDZIBECX-194.json ├── XDZIBECX-20.json ├── XDZIBECX-21.json ├── XDZIBECX-G.md ├── XDZIBECX-Q.md ├── YakuzaKiawe-210.json ├── Yanchuan-531.json ├── Yanchuan-765.json ├── Yanchuan-808.json ├── Yanchuan-855.json ├── ZdravkoHr-165.json ├── ZdravkoHr-443.json ├── ZdravkoHr-660.json ├── ZdravkoHr-743.json ├── ZdravkoHr-746.json ├── ZdravkoHr-87.json ├── ZdravkoHr-Analysis.md ├── ZdravkoHr-Q.md ├── Zims-176.json ├── _eperezok-200.json ├── abi-23.json ├── abi-25.json ├── abi-Analysis.md ├── albahaca-424.json ├── albahaca-667.json ├── albahaca-Analysis.md ├── albahaca-Q.md ├── albertwh1te-390.json ├── albertwh1te-391.json ├── albertwh1te-601.json ├── albertwh1te-Analysis.md ├── albertwh1te-Q.md ├── alexweb3-782.json ├── alexweb3-787.json ├── alexxander-676.json ├── alexxander-677.json ├── alexxander-679.json ├── alexxander-680.json ├── alexxander-848.json ├── alexxander-Analysis.md ├── ast3ros-758.json ├── ast3ros-759.json ├── ast3ros-760.json ├── ast3ros-761.json ├── ast3ros-762.json ├── ast3ros-763.json ├── ast3ros-764.json ├── ast3ros-904.json ├── ast3ros-Q.md ├── audityourcontracts-465.json ├── audityourcontracts-475.json ├── audityourcontracts-508.json ├── audityourcontracts-516.json ├── audityourcontracts-Q.md ├── ayden-198.json ├── ayden-199.json ├── ayden-201.json ├── ayden-204.json ├── ayden-314.json ├── ayden-395.json ├── ayo_dev-265.json ├── ayo_dev-G.md ├── backd00r104-890.json ├── bareli-786.json ├── bareli-791.json ├── bareli-796.json ├── bareli-802.json ├── bareli-811.json ├── bareli-G.md ├── bin2chen-606.json ├── bin2chen-607.json ├── bin2chen-610.json ├── bin2chen-613.json ├── bin2chen-Q.md ├── blutorque-166.json ├── blutorque-167.json ├── blutorque-449.json ├── blutorque-G.md ├── bronze_pickaxe-540.json ├── bronze_pickaxe-542.json ├── btk-711.json ├── btk-824.json ├── c0pp3rscr3w3r-772.json ├── c0pp3rscr3w3r-781.json ├── c0pp3rscr3w3r-800.json ├── c0pp3rscr3w3r-Q.md ├── c3phas-861.json ├── c3phas-G.md ├── cartlex_-651.json ├── cartlex_-652.json ├── cartlex_-G.md ├── cartlex_-Q.md ├── castle_chain-135.json ├── castle_chain-138.json ├── castle_chain-Q.md ├── catellatech-445.json ├── catellatech-447.json ├── catellatech-448.json ├── catellatech-Analysis.md ├── catwhiskeys-311.json ├── catwhiskeys-Q.md ├── chaduke-105.json ├── chaduke-110.json ├── chaduke-174.json ├── chaduke-195.json ├── chaduke-196.json ├── chaduke-22.json ├── chaduke-288.json ├── chaduke-289.json ├── chaduke-315.json ├── chaduke-88.json ├── chaduke-89.json ├── chaduke-91.json ├── chaduke-Analysis.md ├── chaduke-Q.md ├── ciphermarco-533.json ├── ciphermarco-567.json ├── clara-777.json ├── clara-G.md ├── cyberinn-115.json ├── cyberinn-242.json ├── cyberinn-243.json ├── dd0x7e8-7.json ├── debo-100.json ├── debo-126.json ├── debo-128.json ├── debo-134.json ├── debo-144.json ├── debo-18.json ├── debo-24.json ├── debo-26.json ├── debo-273.json ├── debo-28.json ├── debo-283.json ├── debo-284.json ├── debo-285.json ├── debo-29.json ├── debo-307.json ├── debo-31.json ├── debo-500.json ├── debo-503.json ├── debo-505.json ├── debo-513.json ├── debo-515.json ├── debo-532.json ├── debo-558.json ├── debo-62.json ├── debo-63.json ├── debo-66.json ├── debo-68.json ├── debo-69.json ├── debo-70.json ├── debo-85.json ├── debo-856.json ├── debo-871.json ├── debo-879.json ├── debo-897.json ├── debo-Analysis.md ├── debo-G.md ├── debo-Q.md ├── dharma09-748.json ├── dharma09-G.md ├── eeshenggoh-11.json ├── eeshenggoh-37.json ├── eeshenggoh-Q.md ├── emerald7017-170.json ├── emerald7017-228.json ├── emerald7017-229.json ├── emerald7017-230.json ├── emerald7017-231.json ├── emerald7017-232.json ├── emerald7017-233.json ├── emerald7017-234.json ├── emerald7017-235.json ├── emerald7017-236.json ├── emerald7017-237.json ├── emerald7017-238.json ├── emerald7017-239.json ├── emerald7017-240.json ├── emerald7017-241.json ├── emerald7017-Analysis.md ├── ether_sky-594.json ├── ether_sky-603.json ├── ether_sky-645.json ├── ether_sky-744.json ├── fatherOfBlocks-537.json ├── fatherOfBlocks-538.json ├── fatherOfBlocks-G.md ├── fatherOfBlocks-Q.md ├── grearlake-270.json ├── grearlake-271.json ├── grearlake-290.json ├── grearlake-392.json ├── gumgumzum-735.json ├── gumgumzum-769.json ├── gumgumzum-823.json ├── gumgumzum-98.json ├── gumgumzum-Q.md ├── gztttt-642.json ├── hals-428.json ├── hals-433.json ├── hals-434.json ├── hals-437.json ├── hals-441.json ├── hihen-779.json ├── hihen-G.md ├── hunter_w3b-835.json ├── hunter_w3b-870.json ├── hunter_w3b-Analysis.md ├── hunter_w3b-G.md ├── ihtishamsudo-497.json ├── ihtishamsudo-609.json ├── ihtishamsudo-833.json ├── ihtishamsudo-Analysis.md ├── ihtishamsudo-Q.md ├── imare-797.json ├── imare-799.json ├── imare-801.json ├── imare-804.json ├── imare-809.json ├── invitedtea-473.json ├── invitedtea-480.json ├── invitedtea-481.json ├── invitedtea-482.json ├── invitedtea-483.json ├── invitedtea-484.json ├── invitedtea-485.json ├── invitedtea-486.json ├── invitedtea-Analysis.md ├── invitedtea-G.md ├── its_basu-675.json ├── its_basu-715.json ├── its_basu-Q.md ├── jamshed-753.json ├── jamshed-G.md ├── jaraxxus-869.json ├── jaraxxus-873.json ├── jaraxxus-896.json ├── jasonxiale-341.json ├── jasonxiale-361.json ├── jasonxiale-362.json ├── jasonxiale-367.json ├── jasonxiale-372.json ├── jasonxiale-373.json ├── jasonxiale-393.json ├── jasonxiale-394.json ├── jasonxiale-736.json ├── jasonxiale-Q.md ├── jauvany-718.json ├── jauvany-Analysis.md ├── joaovwfreire-565.json ├── joaovwfreire-566.json ├── jonny_web3-38.json ├── jonny_web3-Q.md ├── josephdara-795.json ├── josephdara-815.json ├── josephdara-832.json ├── josephdara-851.json ├── josephdara-865.json ├── jovemjeune-562.json ├── kaveyjoe-10.json ├── kaveyjoe-12.json ├── klau5-450.json ├── klau5-816.json ├── klau5-863.json ├── klau5-Analysis.md ├── kodyvim-264.json ├── kodyvim-308.json ├── kodyvim-342.json ├── kodyvim-397.json ├── kodyvim-494.json ├── kodyvim-536.json ├── kodyvim-Analysis.md ├── kodyvim-Q.md ├── koxuan-299.json ├── koxuan-G.md ├── ladboy233-410.json ├── ladboy233-415.json ├── ladboy233-419.json ├── ladboy233-672.json ├── ladboy233-684.json ├── ladboy233-732.json ├── ladboy233-740.json ├── ladboy233-839.json ├── ladboy233-854.json ├── ladboy233-872.json ├── ladboy233-905.json ├── ladboy233-Q.md ├── lanrebayode77-145.json ├── lanrebayode77-9.json ├── lanrebayode77-Q.md ├── lsaudit-427.json ├── lsaudit-429.json ├── lsaudit-430.json ├── lsaudit-431.json ├── lsaudit-432.json ├── lsaudit-435.json ├── lsaudit-436.json ├── lsaudit-438.json ├── lsaudit-439.json ├── lsaudit-440.json ├── lsaudit-563.json ├── lsaudit-Analysis.md ├── lsaudit-G.md ├── lsaudit-Q.md ├── marqymarq10-376.json ├── marqymarq10-378.json ├── marqymarq10-379.json ├── marqymarq10-380.json ├── marqymarq10-G.md ├── matrix_0wl-752.json ├── matrix_0wl-756.json ├── mert_eren-602.json ├── mert_eren-638.json ├── minhtrng-880.json ├── minhtrng-882.json ├── minhtrng-887.json ├── minhtrng-888.json ├── minhtrng-898.json ├── mitko1111-169.json ├── n1punp-148.json ├── n1punp-152.json ├── n1punp-293.json ├── nadin-653.json ├── nadin-Q.md ├── naman1778-893.json ├── naman1778-G.md ├── neumo-883.json ├── newt-525.json ├── newt-560.json ├── newt-686.json ├── newt-849.json ├── newt-94.json ├── newt-Analysis.md ├── newt-G.md ├── newt-Q.md ├── niroh-495.json ├── niroh-Q.md ├── nmirchev8-712.json ├── nmirchev8-726.json ├── nobody2018-517.json ├── nobody2018-518.json ├── nobody2018-519.json ├── nobody2018-520.json ├── nobody2018-699.json ├── oada-365.json ├── oada-368.json ├── oada-Q.md ├── orion-130.json ├── orion-35.json ├── orion-Q.md ├── oualidpro-59.json ├── oualidpro-61.json ├── oualidpro-G.md ├── oualidpro-Q.md ├── pavankv-261.json ├── pavankv-716.json ├── pavankv-Analysis.md ├── pavankv-G.md ├── peakbolt-334.json ├── peakbolt-345.json ├── peakbolt-347.json ├── peakbolt-357.json ├── peakbolt-358.json ├── peakbolt-359.json ├── peakbolt-369.json ├── peakbolt-422.json ├── peakbolt-425.json ├── peakbolt-491.json ├── peritoflores-687.json ├── perseverancesuccess-257.json ├── perseverancesuccess-27.json ├── perseverancesuccess-327.json ├── perseverancesuccess-90.json ├── perseverancesuccess-93.json ├── perseverancesuccess-95.json ├── perseverancesuccess-97.json ├── pfapostol-502.json ├── pfapostol-521.json ├── pfapostol-605.json ├── pfapostol-665.json ├── pfapostol-Analysis.md ├── pfapostol-G.md ├── pfapostol-Q.md ├── pontifex-847.json ├── ptsanev-109.json ├── ptsanev-15.json ├── ptsanev-34.json ├── ptsanev-Analysis.md ├── ptsanev-Q.md ├── putricio-681.json ├── radcet-648.json ├── rvierdiiev-139.json ├── rvierdiiev-140.json ├── rvierdiiev-142.json ├── rvierdiiev-177.json ├── rvierdiiev-179.json ├── rvierdiiev-181.json ├── rvierdiiev-184.json ├── rvierdiiev-187.json ├── rvierdiiev-189.json ├── rvierdiiev-190.json ├── rvierdiiev-191.json ├── saneryee-111.json ├── saneryee-113.json ├── saneryee-114.json ├── saneryee-116.json ├── saneryee-172.json ├── seerether-302.json ├── seerether-304.json ├── seerether-309.json ├── seerether-312.json ├── seerether-340.json ├── seerether-344.json ├── seerether-644.json ├── seerether-657.json ├── seerether-674.json ├── seerether-709.json ├── seerether-722.json ├── seerether-729.json ├── seerether-754.json ├── seerether-780.json ├── shaflow2-492.json ├── shaflow2-496.json ├── shaflow2-Q.md ├── shirochan-541.json ├── shirochan-545.json ├── shirochan-547.json ├── sivanesh_808-843.json ├── sivanesh_808-G.md ├── stuxy-316.json ├── tabriz-717.json ├── tabriz-G.md ├── tank-750.json ├── te_aut-807.json ├── te_aut-Q.md ├── terrancrypt-454.json ├── terrancrypt-498.json ├── terrancrypt-512.json ├── terrancrypt-523.json ├── terrancrypt-636.json ├── terrancrypt-705.json ├── terrancrypt-Q.md ├── twcctop-582.json ├── twcctop-604.json ├── twcctop-707.json ├── twcctop-Q.md ├── unkn0wn-4.json ├── unkn0wn-G.md ├── unsafesol-730.json ├── unsafesol-803.json ├── unsafesol-Q.md ├── ustas-185.json ├── ustas-186.json ├── ustas-226.json ├── ustas-227.json ├── ustas-Q.md ├── versiyonbir-101.json ├── versiyonbir-214.json ├── versiyonbir-313.json ├── versiyonbir-506.json ├── versiyonbir-507.json ├── versiyonbir-509.json ├── versiyonbir-510.json ├── versiyonbir-511.json ├── versiyonbir-60.json ├── versiyonbir-Analysis.md ├── versiyonbir-G.md ├── volodya-268.json ├── wahedtalash77-578.json ├── wahedtalash77-747.json ├── wahedtalash77-G.md ├── wahedtalash77-Q.md ├── wangxx2026-338.json ├── wangxx2026-404.json ├── web3skid-398.json ├── web3skid-768.json ├── willxxer7-682.json ├── willxxer7-703.json ├── willxxer7-714.json ├── willxxer7-725.json ├── willxxer7-733.json ├── windhustler-713.json ├── windhustler-720.json ├── windhustler-721.json ├── windhustler-724.json ├── windhustler-728.json ├── windhustler-738.json ├── windhustler-Q.md ├── wisdomn_-123.json ├── wisdomn_-127.json ├── wisdomn_-132.json ├── wisdomn_-171.json ├── wisdomn_-173.json ├── wisdomn_-178.json ├── wisdomn_-182.json ├── wisdomn_-188.json ├── wisdomn_-192.json ├── wisdomn_-370.json ├── xuwinnie-305.json ├── yongskiws-814.json ├── yongskiws-895.json ├── yongskiws-Analysis.md ├── yongskiws-Q.md ├── zabihullahazadzoi-884.json ├── zabihullahazadzoi-G.md ├── zambody-225.json ├── zhaojie-119.json ├── zhaojie-121.json ├── zhaojie-328.json ├── zhaojie-346.json ├── zhaojie-389.json ├── ziyou--220.json ├── ziyou--221.json ├── ziyou--246.json ├── ziyou--30.json ├── ziyou--42.json ├── ziyou--G.md ├── ziyou--Q.md └── zzzitron-643.json └── report.md /data/0x11singh99-827.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0x11singh99", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 827, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/827" 8 | } -------------------------------------------------------------------------------- /data/0x180db-446.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0x180db", 4 | "risk": "2", 5 | "title": "Insufficient Input Validation May Result in Blocked Funds", 6 | "issueId": 446, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/446" 8 | } -------------------------------------------------------------------------------- /data/0xAadi-886.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xAadi", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 886, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/886" 8 | } -------------------------------------------------------------------------------- /data/0xAnah-400.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xAnah", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 400, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/400" 8 | } -------------------------------------------------------------------------------- /data/0xDemon-335.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xDemon", 4 | "risk": "2", 5 | "title": "Calls inside the loop may address DoS", 6 | "issueId": 335, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/335" 8 | } -------------------------------------------------------------------------------- /data/0xDemon-336.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xDemon", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 336, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/336" 8 | } -------------------------------------------------------------------------------- /data/0xHelium-550.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xHelium", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 550, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/550" 8 | } -------------------------------------------------------------------------------- /data/0xRstStn-640.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xRstStn", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 640, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/640" 8 | } -------------------------------------------------------------------------------- /data/0xRstStn-868.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xRstStn", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 868, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/868" 8 | } -------------------------------------------------------------------------------- /data/0xSmartContract-384.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xSmartContract", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 384, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/384" 8 | } -------------------------------------------------------------------------------- /data/0xSmartContract-385.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xSmartContract", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 385, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/385" 8 | } -------------------------------------------------------------------------------- /data/0xStalin-332.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xStalin", 4 | "risk": "3", 5 | "title": "An attacker can steal all the assets deposited by the users in all the Branches", 6 | "issueId": 332, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/332" 8 | } -------------------------------------------------------------------------------- /data/0xStriker-866.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xStriker", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 866, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/866" 8 | } -------------------------------------------------------------------------------- /data/0xTheC0der-885.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xTheC0der", 4 | "risk": "3", 5 | "title": "All tokens can be stolen from `VirtualAccount` due to missing access modifier", 6 | "issueId": 885, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/885" 8 | } -------------------------------------------------------------------------------- /data/0xTiwa-755.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xTiwa", 4 | "risk": "3", 5 | "title": "No access control check in payableCall()", 6 | "issueId": 755, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/755" 8 | } -------------------------------------------------------------------------------- /data/0xWaitress-81.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xWaitress", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 81, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/81" 8 | } -------------------------------------------------------------------------------- /data/0xadrii-298.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xadrii", 4 | "risk": "3", 5 | "title": "DoS receiving cross-chain messages due to mistakenly validating `_srcAddress`", 6 | "issueId": 298, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/298" 8 | } -------------------------------------------------------------------------------- /data/0xblackskull-396.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xblackskull", 4 | "risk": "2", 5 | "title": "Owner can rug pull PrimeLiquidityProvider", 6 | "issueId": 396, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/396" 8 | } -------------------------------------------------------------------------------- /data/0xblackskull-650.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xblackskull", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 650, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/650" 8 | } -------------------------------------------------------------------------------- /data/0xblackskull-655.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xblackskull", 4 | "risk": "2", 5 | "title": " `payableCall()` may be used to steal the funds because no AccessControl", 6 | "issueId": 655, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/655" 8 | } -------------------------------------------------------------------------------- /data/0xblackskull-658.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xblackskull", 4 | "risk": "2", 5 | "title": " `payableCall()` may be used to DOS the contact", 6 | "issueId": 658, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/658" 8 | } -------------------------------------------------------------------------------- /data/0xbrett8571-149.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xbrett8571", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 149, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/149" 8 | } -------------------------------------------------------------------------------- /data/0xbrett8571-155.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xbrett8571", 4 | "risk": "3", 5 | "title": "Locked User Funds due to Reverted External Call.", 6 | "issueId": 155, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/155" 8 | } -------------------------------------------------------------------------------- /data/0xbrett8571-156.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xbrett8571", 4 | "risk": "3", 5 | "title": "Lack of Input Validation in `lzReceiveNonBlocking` Function.", 6 | "issueId": 156, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/156" 8 | } -------------------------------------------------------------------------------- /data/0xbrett8571-158.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xbrett8571", 4 | "risk": "3", 5 | "title": "Consider `pull` over `push` strategy for external calls.", 6 | "issueId": 158, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/158" 8 | } -------------------------------------------------------------------------------- /data/0xbrett8571-159.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xbrett8571", 4 | "risk": "2", 5 | "title": "Lack of Input Validation for `_globalAddress` in ArbitrumBranchPort.", 6 | "issueId": 159, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/159" 8 | } -------------------------------------------------------------------------------- /data/0xbrett8571-163.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xbrett8571", 4 | "risk": "2", 5 | "title": "Unchecked Address Validity in `managePortStrategy` Function.", 6 | "issueId": 163, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/163" 8 | } -------------------------------------------------------------------------------- /data/0xfuje-401.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xfuje", 4 | "risk": "3", 5 | "title": "Malicious Router can steal all funds of Virtual Account on signed transcations", 6 | "issueId": 401, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/401" 8 | } -------------------------------------------------------------------------------- /data/0xfuje-402.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xfuje", 4 | "risk": "3", 5 | "title": "`VirtualAccount` - anyone can transfer `ERC20`, `ERC721` funds out from any user", 6 | "issueId": 402, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/402" 8 | } -------------------------------------------------------------------------------- /data/0xfuje-403.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xfuje", 4 | "risk": "2", 5 | "title": "DoS attack on settlementNonce and depositNonce", 6 | "issueId": 403, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/403" 8 | } -------------------------------------------------------------------------------- /data/0xfuje-405.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xfuje", 4 | "risk": "3", 5 | "title": "Failed settlements can be claimed by malicious actor on RootBridgeAgent", 6 | "issueId": 405, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/405" 8 | } -------------------------------------------------------------------------------- /data/0xfuje-418.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xfuje", 4 | "risk": "2", 5 | "title": "Issues with gas payments to LayerZero, gas refunds can be lost", 6 | "issueId": 418, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/418" 8 | } -------------------------------------------------------------------------------- /data/0xnev-574.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xnev", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 574, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/574" 8 | } -------------------------------------------------------------------------------- /data/0xsagetony-767.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xsagetony", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 767, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/767" 8 | } -------------------------------------------------------------------------------- /data/0xsagetony-770.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xsagetony", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 770, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/770" 8 | } -------------------------------------------------------------------------------- /data/0xsurena-16.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xsurena", 4 | "risk": "3", 5 | "title": "The way to get token addresses from mappings is wrong", 6 | "issueId": 16, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/16" 8 | } -------------------------------------------------------------------------------- /data/0xsurena-266.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xsurena", 4 | "risk": "2", 5 | "title": "invalid validation in the coreRootRouter.sol._addLocalToken function", 6 | "issueId": 266, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/266" 8 | } -------------------------------------------------------------------------------- /data/0xsurena-301.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xsurena", 4 | "risk": "3", 5 | "title": "The Endpoint Addresses for Layerzero is hardcoded to address 0", 6 | "issueId": 301, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/301" 8 | } -------------------------------------------------------------------------------- /data/0xsurena-343.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xsurena", 4 | "risk": "3", 5 | "title": "duplicated depositNonce value is using in the callOutAndBridge function", 6 | "issueId": 343, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/343" 8 | } -------------------------------------------------------------------------------- /data/0xsurena-36.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xsurena", 4 | "risk": "2", 5 | "title": "Missing check for recognize state of token", 6 | "issueId": 36, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/36" 8 | } -------------------------------------------------------------------------------- /data/0xsurena-371.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xsurena", 4 | "risk": "2", 5 | "title": "Status of deposit is not set to STATUS_READY in the retrieveDeposit", 6 | "issueId": 371, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/371" 8 | } -------------------------------------------------------------------------------- /data/0xsurena-96.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xsurena", 4 | "risk": "3", 5 | "title": "The withdrawFromPort function is implemented wrongly", 6 | "issueId": 96, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/96" 8 | } -------------------------------------------------------------------------------- /data/0xta-841.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "0xta", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 841, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/841" 8 | } -------------------------------------------------------------------------------- /data/33BYTEZZZ-408.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "33BYTEZZZ", 4 | "risk": "2", 5 | "title": "Lack of ERC1155 Token Withdrawal Functionality in VirtualAccount Contract", 6 | "issueId": 408, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/408" 8 | } -------------------------------------------------------------------------------- /data/33BYTEZZZ-409.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "33BYTEZZZ", 4 | "risk": "2", 5 | "title": "Missing try-catch for on `lzReceive`", 6 | "issueId": 409, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/409" 8 | } -------------------------------------------------------------------------------- /data/33BYTEZZZ-412.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "33BYTEZZZ", 4 | "risk": "2", 5 | "title": "Do not hardcode the chain ID", 6 | "issueId": 412, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/412" 8 | } -------------------------------------------------------------------------------- /data/33BYTEZZZ-414.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "33BYTEZZZ", 4 | "risk": "2", 5 | "title": "Do not hardcode address zero (`address(0)`) as ``zroPaymentAddress`", 6 | "issueId": 414, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/414" 8 | } -------------------------------------------------------------------------------- /data/33BYTEZZZ-416.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "33BYTEZZZ", 4 | "risk": "2", 5 | "title": "Perform address size sanity checks", 6 | "issueId": 416, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/416" 8 | } -------------------------------------------------------------------------------- /data/33BYTEZZZ-417.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "33BYTEZZZ", 4 | "risk": "3", 5 | "title": "`forceResume` must be implemented to unblock cross-chain communication", 6 | "issueId": 417, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/417" 8 | } -------------------------------------------------------------------------------- /data/33BYTEZZZ-442.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "33BYTEZZZ", 4 | "risk": "2", 5 | "title": "Denial Of Service(Dos) due to ChainID Overflow Vulnerability", 6 | "issueId": 442, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/442" 8 | } -------------------------------------------------------------------------------- /data/33BYTEZZZ-474.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "33BYTEZZZ", 4 | "risk": "3", 5 | "title": "'addGlobalToken' allows anyone to add a globalToken", 6 | "issueId": 474, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/474" 8 | } -------------------------------------------------------------------------------- /data/33BYTEZZZ-476.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "33BYTEZZZ", 4 | "risk": "2", 5 | "title": "Do not hardcode useZRO to false when estimating fees", 6 | "issueId": 476, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/476" 8 | } -------------------------------------------------------------------------------- /data/33BYTEZZZ-479.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "33BYTEZZZ", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 479, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/479" 8 | } -------------------------------------------------------------------------------- /data/33BYTEZZZ-775.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "33BYTEZZZ", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 775, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/775" 8 | } -------------------------------------------------------------------------------- /data/3docSec-349.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "3docSec", 4 | "risk": "3", 5 | "title": "Permissionless VirtualAccount.payableCall enables direct theft of assets", 6 | "issueId": 349, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/349" 8 | } -------------------------------------------------------------------------------- /data/3docSec-355.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "3docSec", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 355, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/355" 8 | } -------------------------------------------------------------------------------- /data/7ashraf-599.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "7ashraf", 4 | "risk": "2", 5 | "title": "Toggle function overwrites the create function with potential DOS risks ", 6 | "issueId": 599, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/599" 8 | } -------------------------------------------------------------------------------- /data/7ashraf-600.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "7ashraf", 4 | "risk": "2", 5 | "title": "Funds can be lost on external low level call", 6 | "issueId": 600, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/600" 8 | } -------------------------------------------------------------------------------- /data/7ashraf-723.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "7ashraf", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 723, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/723" 8 | } -------------------------------------------------------------------------------- /data/ABA-421.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ABA", 4 | "risk": "2", 5 | "title": "Port strategy token reserves managing mechanism can be abused in several ways", 6 | "issueId": 421, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/421" 8 | } -------------------------------------------------------------------------------- /data/ABAIKUNANBAEV-71.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ABAIKUNANBAEV", 4 | "risk": "3", 5 | "title": "VirtualAccount allows depositing ERC1155 but not withdrawing it ", 6 | "issueId": 71, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/71" 8 | } -------------------------------------------------------------------------------- /data/AISec-256.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "AISec", 4 | "risk": "3", 5 | "title": "Avoid Relying On Contract Balance", 6 | "issueId": 256, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/256" 8 | } -------------------------------------------------------------------------------- /data/AISec-3.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "AISec", 4 | "risk": "3", 5 | "title": "Unchecked return value for low level call", 6 | "issueId": 3, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/3" 8 | } -------------------------------------------------------------------------------- /data/AISec-455.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "AISec", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 455, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/455" 8 | } -------------------------------------------------------------------------------- /data/AISec-5.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "AISec", 4 | "risk": "2", 5 | "title": "privileged administrator function lacks access control", 6 | "issueId": 5, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/5" 8 | } -------------------------------------------------------------------------------- /data/Aamir-534.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Aamir", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 534, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/534" 8 | } -------------------------------------------------------------------------------- /data/Aamir-535.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Aamir", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 535, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/535" 8 | } -------------------------------------------------------------------------------- /data/Aamir-806.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Aamir", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 806, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/806" 8 | } -------------------------------------------------------------------------------- /data/Abdul-337.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Abdul", 4 | "risk": "2", 5 | "title": "Should check whether the address is zero or not", 6 | "issueId": 337, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/337" 8 | } -------------------------------------------------------------------------------- /data/Arz-867.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Arz", 4 | "risk": "2", 5 | "title": "Gas that was sent by LayerZero can get stuck in the contract in some cases", 6 | "issueId": 867, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/867" 8 | } -------------------------------------------------------------------------------- /data/Atree-330.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Atree", 4 | "risk": "3", 5 | "title": "Mix use of i=i+1 and i++ makes deposit nonce mismatch", 6 | "issueId": 330, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/330" 8 | } -------------------------------------------------------------------------------- /data/Audinarey-858.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Audinarey", 4 | "risk": "2", 5 | "title": "users may not be able to call retryDeposit(...) for failed deposits", 6 | "issueId": 858, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/858" 8 | } -------------------------------------------------------------------------------- /data/BLOS-331.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "BLOS", 4 | "risk": "3", 5 | "title": "Attacker can exploit nonce misplacement to drain the port", 6 | "issueId": 331, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/331" 8 | } -------------------------------------------------------------------------------- /data/BRONZEDISC-6.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "BRONZEDISC", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 6, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/6" 8 | } -------------------------------------------------------------------------------- /data/BRONZEDISC-829.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "BRONZEDISC", 4 | "risk": "3", 5 | "title": "Cross-Chain Token Cap Disparity", 6 | "issueId": 829, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/829" 8 | } -------------------------------------------------------------------------------- /data/Bauchibred-320.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Bauchibred", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 320, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/320" 8 | } -------------------------------------------------------------------------------- /data/Bauchibred-321.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Bauchibred", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 321, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/321" 8 | } -------------------------------------------------------------------------------- /data/Bauchibred-899.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Bauchibred", 4 | "risk": "2", 5 | "title": "Upgraded Q -> 2 from #320 [1697891982779]", 6 | "issueId": 899 7 | } -------------------------------------------------------------------------------- /data/Black_Box_DD-17.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Black_Box_DD", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 17, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/17" 8 | } -------------------------------------------------------------------------------- /data/Black_Box_DD-291.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Black_Box_DD", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 291, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/291" 8 | } -------------------------------------------------------------------------------- /data/Bryan_Conquer-56.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Bryan_Conquer", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 56, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/56" 8 | } -------------------------------------------------------------------------------- /data/Chom-67.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Chom", 4 | "risk": "2", 5 | "title": "Some bridge rate limiting problem", 6 | "issueId": 67, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/67" 8 | } -------------------------------------------------------------------------------- /data/Daniel526-120.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Daniel526", 4 | "risk": "2", 5 | "title": "Cross-Chain Interaction Decimals Oversight in `ArbitrumCoreBranchRouter`", 6 | "issueId": 120, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/120" 8 | } -------------------------------------------------------------------------------- /data/Daniel526-122.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Daniel526", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 122, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/122" 8 | } -------------------------------------------------------------------------------- /data/Daniel526-137.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Daniel526", 4 | "risk": "2", 5 | "title": "Incomplete Asset Clearing in `MulticallRootRouter` Contract", 6 | "issueId": 137, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/137" 8 | } -------------------------------------------------------------------------------- /data/Daniel526-180.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Daniel526", 4 | "risk": "2", 5 | "title": "Missing Exception Handling in Root Bridge Agent Executor Contract", 6 | "issueId": 180, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/180" 8 | } -------------------------------------------------------------------------------- /data/Daniel526-183.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Daniel526", 4 | "risk": "2", 5 | "title": "Multiple Active Port Strategies Without Coordination", 6 | "issueId": 183, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/183" 8 | } -------------------------------------------------------------------------------- /data/Daniel526-202.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Daniel526", 4 | "risk": "2", 5 | "title": "Denial of Service to Authorized Users.", 6 | "issueId": 202, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/202" 8 | } -------------------------------------------------------------------------------- /data/Daniel526-205.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Daniel526", 4 | "risk": "2", 5 | "title": "Cross-Chain Message Loss Due to Missing Fallback Function Handling", 6 | "issueId": 205, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/205" 8 | } -------------------------------------------------------------------------------- /data/Daniel526-217.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Daniel526", 4 | "risk": "2", 5 | "title": "Incorrect Balance Verification in replenishReserves Function", 6 | "issueId": 217, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/217" 8 | } -------------------------------------------------------------------------------- /data/Daniel526-292.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Daniel526", 4 | "risk": "3", 5 | "title": " Predictable Salt Generation in Contract Deployment", 6 | "issueId": 292, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/292" 8 | } -------------------------------------------------------------------------------- /data/Daniel526-296.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Daniel526", 4 | "risk": "3", 5 | "title": "Tokens sent to `CoreBranchRouter` might never get recovered", 6 | "issueId": 296, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/296" 8 | } -------------------------------------------------------------------------------- /data/DanielArmstrong-524.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "DanielArmstrong", 4 | "risk": "2", 5 | "title": "There is no way to change router in Arbitrum branch.", 6 | "issueId": 524, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/524" 8 | } -------------------------------------------------------------------------------- /data/DanielArmstrong-654.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "DanielArmstrong", 4 | "risk": "3", 5 | "title": "Invalid use of `localAddress` causes unexpected behavior.", 6 | "issueId": 654, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/654" 8 | } -------------------------------------------------------------------------------- /data/DanielArmstrong-656.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "DanielArmstrong", 4 | "risk": "2", 5 | "title": "None of validation check leads to invalidation of `BranchPort`", 6 | "issueId": 656, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/656" 8 | } -------------------------------------------------------------------------------- /data/DanielTan_MetaTrust-692.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "DanielTan_MetaTrust", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 692, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/692" 8 | } -------------------------------------------------------------------------------- /data/Dastan-326.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Dastan", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 326, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/326" 8 | } -------------------------------------------------------------------------------- /data/Dastan-366.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Dastan", 4 | "risk": "3", 5 | "title": "The order of operations and potential reentry by an attacker.", 6 | "issueId": 366, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/366" 8 | } -------------------------------------------------------------------------------- /data/DavidGiladi-413.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "DavidGiladi", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 413, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/413" 8 | } -------------------------------------------------------------------------------- /data/DavylVinyl-46.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "DavylVinyl", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 46, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/46" 8 | } -------------------------------------------------------------------------------- /data/DavylVinyl-54.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "DavylVinyl", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 54, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/54" 8 | } -------------------------------------------------------------------------------- /data/Defiesta-306.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Defiesta", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 306, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/306" 8 | } -------------------------------------------------------------------------------- /data/Defiesta-310.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Defiesta", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 310, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/310" 8 | } -------------------------------------------------------------------------------- /data/Defiesta-339.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Defiesta", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 339, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/339" 8 | } -------------------------------------------------------------------------------- /data/Defiesta-Q.md: -------------------------------------------------------------------------------- 1 | ILayerZeroEndpoint functions can be called by another contract using a 0.5.0 solidity version which could cause revert output to users calling the payable function. -------------------------------------------------------------------------------- /data/DevABDee-488.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "DevABDee", 4 | "risk": "2", 5 | "title": "Incorrect Access Control in the `callOutSigned` functions", 6 | "issueId": 488, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/488" 8 | } -------------------------------------------------------------------------------- /data/DevABDee-501.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "DevABDee", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 501, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/501" 8 | } -------------------------------------------------------------------------------- /data/DevABDee-504.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "DevABDee", 4 | "risk": "2", 5 | "title": "`forceResumeReceive()` not implemented", 6 | "issueId": 504, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/504" 8 | } -------------------------------------------------------------------------------- /data/Dinesh11G-209.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Dinesh11G", 4 | "risk": "2", 5 | "title": "Lack of Validation for `_mint` and `_burn` Functions", 6 | "issueId": 209, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/209" 8 | } -------------------------------------------------------------------------------- /data/Dinesh11G-211.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Dinesh11G", 4 | "risk": "2", 5 | "title": "Integer Underflow and Overflow Vulnerability in ERC20hTokenRoot Contract", 6 | "issueId": 211, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/211" 8 | } -------------------------------------------------------------------------------- /data/Dinesh11G-212.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Dinesh11G", 4 | "risk": "2", 5 | "title": "Unchecked Balance Manipulation Vulnerability in ERC20hTokenRoot Contract", 6 | "issueId": 212, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/212" 8 | } -------------------------------------------------------------------------------- /data/Dinesh11G-32.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Dinesh11G", 4 | "risk": "2", 5 | "title": "Renouncing Ownership (Line 67)", 6 | "issueId": 32, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/32" 8 | } -------------------------------------------------------------------------------- /data/Dinesh11G-33.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Dinesh11G", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 33, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/33" 8 | } -------------------------------------------------------------------------------- /data/Dinesh11G-84.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Dinesh11G", 4 | "risk": "2", 5 | "title": "Missing Return Value Checks in ERC20hTokenBranch Contract Functions", 6 | "issueId": 84, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/84" 8 | } -------------------------------------------------------------------------------- /data/DoNothing-8.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "DoNothing", 4 | "risk": "3", 5 | "title": "multiple verify smart contract", 6 | "issueId": 8, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/8" 8 | } -------------------------------------------------------------------------------- /data/Eurovickk-830.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Eurovickk", 4 | "risk": "2", 5 | "title": "FallBack Function might revert", 6 | "issueId": 830, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/830" 8 | } -------------------------------------------------------------------------------- /data/Eurovickk-857.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Eurovickk", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 857, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/857" 8 | } -------------------------------------------------------------------------------- /data/Eurovickk-859.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Eurovickk", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 859, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/859" 8 | } -------------------------------------------------------------------------------- /data/Franklin-490.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Franklin", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 490, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/490" 8 | } -------------------------------------------------------------------------------- /data/GKBG-852.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "GKBG", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 852, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/852" 8 | } -------------------------------------------------------------------------------- /data/GREY-HAWK-REACH-13.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "GREY-HAWK-REACH", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 13, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/13" 8 | } -------------------------------------------------------------------------------- /data/GREY-HAWK-REACH-625.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "GREY-HAWK-REACH", 4 | "risk": "2", 5 | "title": "Incompatibility with Rebase tokens", 6 | "issueId": 625, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/625" 8 | } -------------------------------------------------------------------------------- /data/GREY-HAWK-REACH-668.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "GREY-HAWK-REACH", 4 | "risk": "3", 5 | "title": "User deposits can be stolen", 6 | "issueId": 668, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/668" 8 | } -------------------------------------------------------------------------------- /data/HChang26-117.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "HChang26", 4 | "risk": "3", 5 | "title": "Missing `requiresApprovedCaller` modifier in `payableCall()`", 6 | "issueId": 117, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/117" 8 | } -------------------------------------------------------------------------------- /data/Hama-103.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Hama", 4 | "risk": "3", 5 | "title": "Unauthorized Withdrawal Vulnerability in Withdrawal Functions", 6 | "issueId": 103, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/103" 8 | } -------------------------------------------------------------------------------- /data/Hama-106.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Hama", 4 | "risk": "3", 5 | "title": "Arbitrary Code Execution Vulnerability in payableCall Functions", 6 | "issueId": 106, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/106" 8 | } -------------------------------------------------------------------------------- /data/Hama-112.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Hama", 4 | "risk": "3", 5 | "title": "Unauthorized Token Transfers and Debt Creation through Flash Loan", 6 | "issueId": 112, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/112" 8 | } -------------------------------------------------------------------------------- /data/Hama-129.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Hama", 4 | "risk": "3", 5 | "title": "function where a refund will get stuck when the _dstChainId is not correct", 6 | "issueId": 129, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/129" 8 | } -------------------------------------------------------------------------------- /data/Hama-559.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Hama", 4 | "risk": "3", 5 | "title": "Risk of Ether Getting Stuck in External Contract", 6 | "issueId": 559, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/559" 8 | } -------------------------------------------------------------------------------- /data/Hama-561.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Hama", 4 | "risk": "3", 5 | "title": "Smart Contract Balance Theft Due To Arbitrary Code Execution ", 6 | "issueId": 561, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/561" 8 | } -------------------------------------------------------------------------------- /data/Hama-64.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Hama", 4 | "risk": "3", 5 | "title": "Front-running Vulnerability Allows Unauthorized Contract Control", 6 | "issueId": 64, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/64" 8 | } -------------------------------------------------------------------------------- /data/IceBear-125.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "IceBear", 4 | "risk": "2", 5 | "title": "Unchecked return value of excessivelySafeCall", 6 | "issueId": 125, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/125" 8 | } -------------------------------------------------------------------------------- /data/IceBear-297.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "IceBear", 4 | "risk": "2", 5 | "title": "Create methods are suspicious of the reorg attack", 6 | "issueId": 297, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/297" 8 | } -------------------------------------------------------------------------------- /data/IceBear-353.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "IceBear", 4 | "risk": "2", 5 | "title": "Create methods are suspicious of the reorg attack", 6 | "issueId": 353, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/353" 8 | } -------------------------------------------------------------------------------- /data/IceBear-360.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "IceBear", 4 | "risk": "2", 5 | "title": "Potential frontrunning attack in addVirtualAccount()", 6 | "issueId": 360, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/360" 8 | } -------------------------------------------------------------------------------- /data/Inspecktor-629.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Inspecktor", 4 | "risk": "3", 5 | "title": "DOS when executing RootBridgeAgent.redeemSettlement() due to lack of gas", 6 | "issueId": 629, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/629" 8 | } -------------------------------------------------------------------------------- /data/Inspecktor-632.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Inspecktor", 4 | "risk": "3", 5 | "title": "Inability to complete a transaction due to lack of gas", 6 | "issueId": 632, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/632" 8 | } -------------------------------------------------------------------------------- /data/Inspecktor-635.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Inspecktor", 4 | "risk": "3", 5 | "title": "Failure to increase the nonce will result in incorrect functioning", 6 | "issueId": 635, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/635" 8 | } -------------------------------------------------------------------------------- /data/Inspecktor-641.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Inspecktor", 4 | "risk": "2", 5 | "title": "new methods are susceptible to reorg attack", 6 | "issueId": 641, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/641" 8 | } -------------------------------------------------------------------------------- /data/Inspecktor-647.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Inspecktor", 4 | "risk": "2", 5 | "title": "RootBridgeAgent.sol, BranchBridgeAgent.sol locks up Ether it receives", 6 | "issueId": 647, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/647" 8 | } -------------------------------------------------------------------------------- /data/Inspecktor-662.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Inspecktor", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 662, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/662" 8 | } -------------------------------------------------------------------------------- /data/Inspecktor-702.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Inspecktor", 4 | "risk": "2", 5 | "title": "BranchBridgeAgent.sol contract may send more funds than required", 6 | "issueId": 702, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/702" 8 | } -------------------------------------------------------------------------------- /data/Inspecktor-704.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Inspecktor", 4 | "risk": "2", 5 | "title": "Possibility of reentrancy attack in VirtualAccount.sol", 6 | "issueId": 704, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/704" 8 | } -------------------------------------------------------------------------------- /data/Inspecktor-741.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Inspecktor", 4 | "risk": "3", 5 | "title": "Incorrect logic for determining dailyLimit in BranchPort.manage()", 6 | "issueId": 741, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/741" 8 | } -------------------------------------------------------------------------------- /data/Inspecktor-766.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Inspecktor", 4 | "risk": "3", 5 | "title": "replenishReserves() will not work with tokens with transfer fees", 6 | "issueId": 766, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/766" 8 | } -------------------------------------------------------------------------------- /data/JCK-557.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "JCK", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 557, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/557" 8 | } -------------------------------------------------------------------------------- /data/JCK-876.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "JCK", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 876, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/876" 8 | } -------------------------------------------------------------------------------- /data/John-778.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "John", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 778, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/778" 8 | } -------------------------------------------------------------------------------- /data/John_Femi-579.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "John_Femi", 4 | "risk": "3", 5 | "title": "Attacker can drain user virtual account", 6 | "issueId": 579, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/579" 8 | } -------------------------------------------------------------------------------- /data/Jorgect-539.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Jorgect", 4 | "risk": "2", 5 | "title": "Mising requiresRouter modifier in BranchBridgeAgent.sol contract", 6 | "issueId": 539, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/539" 8 | } -------------------------------------------------------------------------------- /data/Jorgect-546.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Jorgect", 4 | "risk": "2", 5 | "title": "Return value not checked in _bridgeIn function in the BrancPort.sol", 6 | "issueId": 546, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/546" 8 | } -------------------------------------------------------------------------------- /data/Jorgect-549.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Jorgect", 4 | "risk": "3", 5 | "title": "missing modifier in payableCall function in virtualAccount.sol", 6 | "issueId": 549, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/549" 8 | } -------------------------------------------------------------------------------- /data/Jorgect-553.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Jorgect", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 553, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/553" 8 | } -------------------------------------------------------------------------------- /data/Joshuajee-451.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Joshuajee", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 451, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/451" 8 | } -------------------------------------------------------------------------------- /data/Joshuajee-452.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Joshuajee", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 452, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/452" 8 | } -------------------------------------------------------------------------------- /data/Joshuajee-453.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Joshuajee", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 453, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/453" 8 | } -------------------------------------------------------------------------------- /data/Joshuajee-Analysis.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | ### Time spent: 7 | 0 hours -------------------------------------------------------------------------------- /data/K42-175.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "K42", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 175, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/175" 8 | } -------------------------------------------------------------------------------- /data/K42-275.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "K42", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 275, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/275" 8 | } -------------------------------------------------------------------------------- /data/K42-276.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "K42", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 276, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/276" 8 | } -------------------------------------------------------------------------------- /data/Kek-467.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Kek", 4 | "risk": "3", 5 | "title": "VirtualAccount.sol implements ERC1155Receiver without a withdraw function", 6 | "issueId": 467, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/467" 8 | } -------------------------------------------------------------------------------- /data/Kek-469.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Kek", 4 | "risk": "2", 5 | "title": "VirtualAccount.sol, payableCall() can be called by anyone", 6 | "issueId": 469, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/469" 8 | } -------------------------------------------------------------------------------- /data/Kek-471.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Kek", 4 | "risk": "2", 5 | "title": "BranchPort ownership can be lost due to no two step ownership transfer", 6 | "issueId": 471, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/471" 8 | } -------------------------------------------------------------------------------- /data/Kek-472.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Kek", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 472, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/472" 8 | } -------------------------------------------------------------------------------- /data/KingNFT-734.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "KingNFT", 4 | "risk": "3", 5 | "title": "All cross-chain calls of the ````Ulysses```` protocol would fail", 6 | "issueId": 734, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/734" 8 | } -------------------------------------------------------------------------------- /data/Koolex-875.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Koolex", 4 | "risk": "2", 5 | "title": "Lack of force resume support for LZ which is crucially important to have", 6 | "issueId": 875, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/875" 8 | } -------------------------------------------------------------------------------- /data/Koolex-894.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Koolex", 4 | "risk": "2", 5 | "title": "ChainLink should be used as an Oracle instead of Google Cloud ", 6 | "issueId": 894, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/894" 8 | } -------------------------------------------------------------------------------- /data/Kow-244.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Kow", 4 | "risk": "3", 5 | "title": "Unrestricted access to `VirtualAccount`'s `payableCall`", 6 | "issueId": 244, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/244" 8 | } -------------------------------------------------------------------------------- /data/Kow-249.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Kow", 4 | "risk": "2", 5 | "title": "LayerZero messaging can be DOSed due to lack of minimum `gasLimit`", 6 | "issueId": 249, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/249" 8 | } -------------------------------------------------------------------------------- /data/Kow-258.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Kow", 4 | "risk": "2", 5 | "title": "Lack of excess airdropped gas refund on cross-chain message failure", 6 | "issueId": 258, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/258" 8 | } -------------------------------------------------------------------------------- /data/Kow-263.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Kow", 4 | "risk": "2", 5 | "title": "`callOutAndBridgeMultiple` cannot enable fallback", 6 | "issueId": 263, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/263" 8 | } -------------------------------------------------------------------------------- /data/Limbooo-788.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Limbooo", 4 | "risk": "3", 5 | "title": "Lack of Access Control in public function `VirtualAccount.payableCall`", 6 | "issueId": 788, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/788" 8 | } -------------------------------------------------------------------------------- /data/LinKenji-583.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "LinKenji", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 583, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/583" 8 | } -------------------------------------------------------------------------------- /data/LinKenji-598.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "LinKenji", 4 | "risk": "3", 5 | "title": "Authentication Bypass in lzReceive.", 6 | "issueId": 598, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/598" 8 | } -------------------------------------------------------------------------------- /data/Littlebeast-581.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Littlebeast", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 581, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/581" 8 | } -------------------------------------------------------------------------------- /data/LokiThe5th-399.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "LokiThe5th", 4 | "risk": "3", 5 | "title": "Message channels can be blocked resulting in DoS", 6 | "issueId": 399, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/399" 8 | } -------------------------------------------------------------------------------- /data/LokiThe5th-671.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "LokiThe5th", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 671, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/671" 8 | } -------------------------------------------------------------------------------- /data/LokiThe5th-745.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "LokiThe5th", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 745, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/745" 8 | } -------------------------------------------------------------------------------- /data/LokiThe5th-774.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "LokiThe5th", 4 | "risk": "2", 5 | "title": "Fee-on-transfer tokens are not accounted for correctly", 6 | "issueId": 774, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/774" 8 | } -------------------------------------------------------------------------------- /data/LokiThe5th-902.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "LokiThe5th", 4 | "risk": "2", 5 | "title": "Upgraded Q -> 2 from #671 [1697894602524]", 6 | "issueId": 902 7 | } -------------------------------------------------------------------------------- /data/LokiThe5th-903.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "LokiThe5th", 4 | "risk": "2", 5 | "title": "Upgraded Q -> 2 from #671 [1697894627037]", 6 | "issueId": 903 7 | } -------------------------------------------------------------------------------- /data/MIQUINHO-102.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "MIQUINHO", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 102, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/102" 8 | } -------------------------------------------------------------------------------- /data/MIQUINHO-104.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "MIQUINHO", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 104, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/104" 8 | } -------------------------------------------------------------------------------- /data/MIQUINHO-39.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "MIQUINHO", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 39, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/39" 8 | } -------------------------------------------------------------------------------- /data/MIQUINHO-40.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "MIQUINHO", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 40, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/40" 8 | } -------------------------------------------------------------------------------- /data/MIQUINHO-900.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "MIQUINHO", 4 | "risk": "3", 5 | "title": "Upgraded Q -> 3 from #102 [1697893134448]", 6 | "issueId": 900 7 | } -------------------------------------------------------------------------------- /data/MSK-794.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "MSK", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 794, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/794" 8 | } -------------------------------------------------------------------------------- /data/MSK-812.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "MSK", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 812, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/812" 8 | } -------------------------------------------------------------------------------- /data/MrPotatoMagic-386.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "MrPotatoMagic", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 386, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/386" 8 | } -------------------------------------------------------------------------------- /data/MrPotatoMagic-458.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "MrPotatoMagic", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 458, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/458" 8 | } -------------------------------------------------------------------------------- /data/MrPotatoMagic-526.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "MrPotatoMagic", 4 | "risk": "3", 5 | "title": "ERC1155 tokens are permanently locked in user's Virtual Account ", 6 | "issueId": 526, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/526" 8 | } -------------------------------------------------------------------------------- /data/MrPotatoMagic-864.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "MrPotatoMagic", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 864, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/864" 8 | } -------------------------------------------------------------------------------- /data/MrPotatoMagic-901.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "MrPotatoMagic", 4 | "risk": "2", 5 | "title": "Upgraded Q -> 2 from #458 [1697894539121]", 6 | "issueId": 901 7 | } -------------------------------------------------------------------------------- /data/Myd-612.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Myd", 4 | "risk": "2", 5 | "title": "Insecure Reentrancy Protection in RootBridgeAgent.", 6 | "issueId": 612, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/612" 8 | } -------------------------------------------------------------------------------- /data/Myd-614.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Myd", 4 | "risk": "3", 5 | "title": "Override Exploitation Risk in Virtual Bridging Functions.", 6 | "issueId": 614, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/614" 8 | } -------------------------------------------------------------------------------- /data/Myd-618.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Myd", 4 | "risk": "3", 5 | "title": "Failure to handle reverts in execute calls could lock deposited assets permanently.", 6 | "issueId": 618, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/618" 8 | } -------------------------------------------------------------------------------- /data/Myd-619.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Myd", 4 | "risk": "3", 5 | "title": "Arbitrary Bridge Agent Blacklisting.", 6 | "issueId": 619, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/619" 8 | } -------------------------------------------------------------------------------- /data/Myd-620.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Myd", 4 | "risk": "3", 5 | "title": "External token calls in RootPort can be exploited through reentrancy vulnerabilities.", 6 | "issueId": 620, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/620" 8 | } -------------------------------------------------------------------------------- /data/Myd-621.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Myd", 4 | "risk": "2", 5 | "title": "No validation for minimum capital when creating branch routers; insecurity risk.", 6 | "issueId": 621, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/621" 8 | } -------------------------------------------------------------------------------- /data/Myd-623.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Myd", 4 | "risk": "2", 5 | "title": "Lack of `_refundee` validation risks unauthorized gas refund to any address.", 6 | "issueId": 623, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/623" 8 | } -------------------------------------------------------------------------------- /data/Naresh-208.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Naresh", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 208, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/208" 8 | } -------------------------------------------------------------------------------- /data/Naresh-74.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Naresh", 4 | "risk": "2", 5 | "title": "Use safeTransferFrom() instead of transferFrom() for outgoing erc721 transfers", 6 | "issueId": 74, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/74" 8 | } -------------------------------------------------------------------------------- /data/Naresh-Q.md: -------------------------------------------------------------------------------- 1 | LayerZero is used to transport messages cross-chain. If a compromise of LayerZero take place, the worst case scenario may include forgeries of messages, causing havoc and possibly loss of funds. -------------------------------------------------------------------------------- /data/Neon2835-295.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Neon2835", 4 | "risk": "3", 5 | "title": "Maia DAO - Ulysses finding", 6 | "issueId": 295, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/295" 8 | } -------------------------------------------------------------------------------- /data/Nikki-99.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Nikki", 4 | "risk": "2", 5 | "title": "Testing", 6 | "issueId": 99, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/99" 8 | } -------------------------------------------------------------------------------- /data/NoTechBG-678.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "NoTechBG", 4 | "risk": "3", 5 | "title": "Attacker can steal any asset from VirtualAccount", 6 | "issueId": 678, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/678" 8 | } -------------------------------------------------------------------------------- /data/NoTechBG-688.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "NoTechBG", 4 | "risk": "2", 5 | "title": "Inconsistency when creating deposit will lead to loss of funds", 6 | "issueId": 688, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/688" 8 | } -------------------------------------------------------------------------------- /data/NoTechBG-689.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "NoTechBG", 4 | "risk": "2", 5 | "title": "`replenishReserves` is subject to be bricked for some conditions", 6 | "issueId": 689, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/689" 8 | } -------------------------------------------------------------------------------- /data/NoTechBG-690.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "NoTechBG", 4 | "risk": "2", 5 | "title": "`toggleStrategyToken` doesn't validate a possible debt when toggling off", 6 | "issueId": 690, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/690" 8 | } -------------------------------------------------------------------------------- /data/NoTechBG-691.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "NoTechBG", 4 | "risk": "2", 5 | "title": "`_checkTimeLimit` doesn't serve as the intended logic", 6 | "issueId": 691, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/691" 8 | } -------------------------------------------------------------------------------- /data/NoTechBG-693.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "NoTechBG", 4 | "risk": "2", 5 | "title": "Reorgs may create a double spending issue", 6 | "issueId": 693, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/693" 8 | } -------------------------------------------------------------------------------- /data/NoTechBG-694.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "NoTechBG", 4 | "risk": "2", 5 | "title": "`replenishReserves` doesn't refresh the strategy daily limit", 6 | "issueId": 694, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/694" 8 | } -------------------------------------------------------------------------------- /data/NoTechBG-737.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "NoTechBG", 4 | "risk": "2", 5 | "title": "Missing Access Control check in `BranchPort::ReplenishReserves`", 6 | "issueId": 737, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/737" 8 | } -------------------------------------------------------------------------------- /data/Noro-818.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Noro", 4 | "risk": "3", 5 | "title": "payableCall in VirtualAccount isn’t protected by requiresApprovedCaller modifier ", 6 | "issueId": 818, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/818" 8 | } -------------------------------------------------------------------------------- /data/Nyx-670.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Nyx", 4 | "risk": "2", 5 | "title": "Local chain calls may revert", 6 | "issueId": 670, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/670" 8 | } -------------------------------------------------------------------------------- /data/OMEN-197.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "OMEN", 4 | "risk": "2", 5 | "title": "when setting addresses , addreess could be duplicated", 6 | "issueId": 197, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/197" 8 | } -------------------------------------------------------------------------------- /data/OMEN-444.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "OMEN", 4 | "risk": "2", 5 | "title": "lack of payable could lead to lose the excess gas refund ", 6 | "issueId": 444, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/444" 8 | } -------------------------------------------------------------------------------- /data/OMEN-466.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "OMEN", 4 | "risk": "3", 5 | "title": "attacker can drain gas ", 6 | "issueId": 466, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/466" 8 | } -------------------------------------------------------------------------------- /data/OMEN-478.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "OMEN", 4 | "risk": "2", 5 | "title": "potential DOS on performFallback calls", 6 | "issueId": 478, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/478" 8 | } -------------------------------------------------------------------------------- /data/OMEN-489.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "OMEN", 4 | "risk": "3", 5 | "title": "AddBranchToBridgeAgent function won't work properly", 6 | "issueId": 489, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/489" 8 | } -------------------------------------------------------------------------------- /data/OMEN-568.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "OMEN", 4 | "risk": "3", 5 | "title": "user can't redeem deposit cause of deposited token is not global address ", 6 | "issueId": 568, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/568" 8 | } -------------------------------------------------------------------------------- /data/OMEN-575.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "OMEN", 4 | "risk": "2", 5 | "title": "overflow could happen in call in virtual accounts contract", 6 | "issueId": 575, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/575" 8 | } -------------------------------------------------------------------------------- /data/OMEN-577.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "OMEN", 4 | "risk": "2", 5 | "title": "there's lack of 0 address check at addNewChain ", 6 | "issueId": 577, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/577" 8 | } -------------------------------------------------------------------------------- /data/OMEN-580.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "OMEN", 4 | "risk": "2", 5 | "title": "potential duplicte addresses on getBranchBridgeAgent ", 6 | "issueId": 580, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/580" 8 | } -------------------------------------------------------------------------------- /data/OMEN-891.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "OMEN", 4 | "risk": "3", 5 | "title": "add sendBack function to origin when lzReceiveNonBlocking is not executed ", 6 | "issueId": 891, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/891" 8 | } -------------------------------------------------------------------------------- /data/Oxsadeeq-407.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Oxsadeeq", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 407, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/407" 8 | } -------------------------------------------------------------------------------- /data/Oxsadeeq-569.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Oxsadeeq", 4 | "risk": "2", 5 | "title": "Denial of Service due to wrong sequence of parameters", 6 | "issueId": 569, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/569" 8 | } -------------------------------------------------------------------------------- /data/PASCAL-493.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "PASCAL", 4 | "risk": "2", 5 | "title": "Manage function in branchport doesn't revert if it exceeds daily limit", 6 | "issueId": 493, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/493" 8 | } -------------------------------------------------------------------------------- /data/PASCAL-555.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "PASCAL", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 555, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/555" 8 | } -------------------------------------------------------------------------------- /data/PASCAL-Q.md: -------------------------------------------------------------------------------- 1 | There is no way to remove bridge agents, bridge agents factory or tokens after they are added or created. 2 | 3 | Create a remove function or a way to eliminate a current bridge agent or token. -------------------------------------------------------------------------------- /data/Peetza-356.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Peetza", 4 | "risk": "2", 5 | "title": "Will not increment if inputted values cause revert", 6 | "issueId": 356, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/356" 8 | } -------------------------------------------------------------------------------- /data/Pessimistic-382.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Pessimistic", 4 | "risk": "3", 5 | "title": "A malicious user is able to steal funds from any virtual account ", 6 | "issueId": 382, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/382" 8 | } -------------------------------------------------------------------------------- /data/Pessimistic-383.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Pessimistic", 4 | "risk": "2", 5 | "title": "Possible DoS due to issue in Layer Zero integration", 6 | "issueId": 383, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/383" 8 | } -------------------------------------------------------------------------------- /data/Polaris_tow-363.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Polaris_tow", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 363, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/363" 8 | } -------------------------------------------------------------------------------- /data/QiuhaoLi-683.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "QiuhaoLi", 4 | "risk": "2", 5 | "title": "RootBridgeAgentFactory:createBridgeAgent() is vulnerable to reorg attack", 6 | "issueId": 683, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/683" 8 | } -------------------------------------------------------------------------------- /data/QiuhaoLi-706.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "QiuhaoLi", 4 | "risk": "2", 5 | "title": "BranchBridgeAgent:lzReceive() should check if _srcChainId is rootChainId", 6 | "issueId": 706, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/706" 8 | } -------------------------------------------------------------------------------- /data/QiuhaoLi-731.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "QiuhaoLi", 4 | "risk": "2", 5 | "title": "lzReceive() is revertable and we lack forceResumeReceive implementation", 6 | "issueId": 731, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/731" 8 | } -------------------------------------------------------------------------------- /data/QiuhaoLi-828.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "QiuhaoLi", 4 | "risk": "3", 5 | "title": "VirtualAccount.sol:payableCall() lack requiresApprovedCaller modifier", 6 | "issueId": 828, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/828" 8 | } -------------------------------------------------------------------------------- /data/Raihan-666.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Raihan", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 666, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/666" 8 | } -------------------------------------------------------------------------------- /data/Rolezn-168.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Rolezn", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 168, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/168" 8 | } -------------------------------------------------------------------------------- /data/SAAJ-659.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "SAAJ", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 659, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/659" 8 | } -------------------------------------------------------------------------------- /data/SAAJ-819.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "SAAJ", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 819, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/819" 8 | } -------------------------------------------------------------------------------- /data/SAQ-892.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "SAQ", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 892, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/892" 8 | } -------------------------------------------------------------------------------- /data/SM3_SS-499.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "SM3_SS", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 499, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/499" 8 | } -------------------------------------------------------------------------------- /data/SY_S-878.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "SY_S", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 878, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/878" 8 | } -------------------------------------------------------------------------------- /data/SaeedAlipoor01988-14.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "SaeedAlipoor01988", 4 | "risk": "3", 5 | "title": "The way to get token addresses from mappings is wrong", 6 | "issueId": 14, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/14" 8 | } -------------------------------------------------------------------------------- /data/SanketKogekar-840.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "SanketKogekar", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 840, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/840" 8 | } -------------------------------------------------------------------------------- /data/Sathish9098-77.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Sathish9098", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 77, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/77" 8 | } -------------------------------------------------------------------------------- /data/Sathish9098-773.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Sathish9098", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 773, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/773" 8 | } -------------------------------------------------------------------------------- /data/Sathish9098-79.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Sathish9098", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 79, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/79" 8 | } -------------------------------------------------------------------------------- /data/Satyam_Sharma-55.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Satyam_Sharma", 4 | "risk": "3", 5 | "title": "k", 6 | "issueId": 55, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/55" 8 | } -------------------------------------------------------------------------------- /data/Sentry-456.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Sentry", 4 | "risk": "2", 5 | "title": "CallOutAndBridge could result in stuck funds on CoreRootRouter", 6 | "issueId": 456, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/456" 8 | } -------------------------------------------------------------------------------- /data/Sentry-457.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Sentry", 4 | "risk": "2", 5 | "title": "Denial of service of callOutAndBridge on default default protocol routers", 6 | "issueId": 457, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/457" 8 | } -------------------------------------------------------------------------------- /data/SovaSlava-223.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "SovaSlava", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 223, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/223" 8 | } -------------------------------------------------------------------------------- /data/SovaSlava-253.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "SovaSlava", 4 | "risk": "3", 5 | "title": "Anyone could spend tokens from virtual account", 6 | "issueId": 253, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/253" 8 | } -------------------------------------------------------------------------------- /data/SovaSlava-278.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "SovaSlava", 4 | "risk": "2", 5 | "title": "Incorrect processing of tokens with fees", 6 | "issueId": 278, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/278" 8 | } -------------------------------------------------------------------------------- /data/SpicyMeatball-73.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "SpicyMeatball", 4 | "risk": "3", 5 | "title": "Attaker can steal all funds from the VirtualAccount", 6 | "issueId": 73, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/73" 8 | } -------------------------------------------------------------------------------- /data/Stormreckson-245.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Stormreckson", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 245, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/245" 8 | } -------------------------------------------------------------------------------- /data/Stormreckson-324.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Stormreckson", 4 | "risk": "2", 5 | "title": "The same hToken can be mistakenly set to represent multiple chain", 6 | "issueId": 324, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/324" 8 | } -------------------------------------------------------------------------------- /data/Stormreckson-325.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Stormreckson", 4 | "risk": "2", 5 | "title": "_CheckLimit is redundant In strategy tokens management", 6 | "issueId": 325, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/325" 8 | } -------------------------------------------------------------------------------- /data/Stormreckson-381.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Stormreckson", 4 | "risk": "2", 5 | "title": "ArbitrumCoreBranchRouter lacks function to estimate fees ", 6 | "issueId": 381, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/381" 8 | } -------------------------------------------------------------------------------- /data/T1MOH-57.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "T1MOH", 4 | "risk": "3", 5 | "title": "RootBridgeAgent.sol incorrectly decodes `_srcAddress` to verify caller", 6 | "issueId": 57, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/57" 8 | } -------------------------------------------------------------------------------- /data/T1MOH-58.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "T1MOH", 4 | "risk": "3", 5 | "title": "VirtualAccount.sol misses access control in `payableCall()`", 6 | "issueId": 58, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/58" 8 | } -------------------------------------------------------------------------------- /data/TangYuanShen-216.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "TangYuanShen", 4 | "risk": "3", 5 | "title": "VirtualAccount assets can be stolen due to missing access control", 6 | "issueId": 216, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/216" 8 | } -------------------------------------------------------------------------------- /data/Tendency-695.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Tendency", 4 | "risk": "3", 5 | "title": "Incorrect Slicing can DoS Contract Completely", 6 | "issueId": 695, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/695" 8 | } -------------------------------------------------------------------------------- /data/Topmark-218.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Topmark", 4 | "risk": "2", 5 | "title": "Missing validation to prevent Mismatch Error Vulnerabilities", 6 | "issueId": 218, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/218" 8 | } -------------------------------------------------------------------------------- /data/Topmark-222.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Topmark", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 222, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/222" 8 | } -------------------------------------------------------------------------------- /data/Topmark-224.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Topmark", 4 | "risk": "2", 5 | "title": "Absence of Validation to ensure Mint is Succesful will allow lose of Fund", 6 | "issueId": 224, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/224" 8 | } -------------------------------------------------------------------------------- /data/Topmark-259.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Topmark", 4 | "risk": "2", 5 | "title": "Mismatch Errors due to Missing Validation", 6 | "issueId": 259, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/259" 8 | } -------------------------------------------------------------------------------- /data/Topmark-260.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Topmark", 4 | "risk": "2", 5 | "title": "DoS due to Missing validation and Proper Error Handling from underflow", 6 | "issueId": 260, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/260" 8 | } -------------------------------------------------------------------------------- /data/Udsen-846.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Udsen", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 846, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/846" 8 | } -------------------------------------------------------------------------------- /data/Udsen-853.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Udsen", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 853, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/853" 8 | } -------------------------------------------------------------------------------- /data/V1235816-133.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "V1235816", 4 | "risk": "3", 5 | "title": "Duplicate address in strategyTokens can be added", 6 | "issueId": 133, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/133" 8 | } -------------------------------------------------------------------------------- /data/V1235816-76.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "V1235816", 4 | "risk": "3", 5 | "title": "Duplicate address in bridgeAgents can be added", 6 | "issueId": 76, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/76" 8 | } -------------------------------------------------------------------------------- /data/V1235816-83.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "V1235816", 4 | "risk": "3", 5 | "title": "Duplicate address in bridgeAgentFactories, portStrategies can be added", 6 | "issueId": 83, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/83" 8 | } -------------------------------------------------------------------------------- /data/Viktor_Cortess-272.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Viktor_Cortess", 4 | "risk": "2", 5 | "title": "Incorrect encoding of ERC20hToken data adding global token", 6 | "issueId": 272, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/272" 8 | } -------------------------------------------------------------------------------- /data/Viktor_Cortess-277.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Viktor_Cortess", 4 | "risk": "2", 5 | "title": "Several mappings from the RootPort contract are set incorrectly", 6 | "issueId": 277, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/277" 8 | } -------------------------------------------------------------------------------- /data/Viktor_Cortess-303.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Viktor_Cortess", 4 | "risk": "3", 5 | "title": "Function payableCall from Virtual Account lacks modifier", 6 | "issueId": 303, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/303" 8 | } -------------------------------------------------------------------------------- /data/Viktor_Cortess-727.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Viktor_Cortess", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 727, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/727" 8 | } -------------------------------------------------------------------------------- /data/Viraz-544.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Viraz", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 544, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/544" 8 | } -------------------------------------------------------------------------------- /data/Viraz-551.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Viraz", 4 | "risk": "2", 5 | "title": "Value from the `getFeeEstimate` method is never used", 6 | "issueId": 551, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/551" 8 | } -------------------------------------------------------------------------------- /data/XDZIBECX-143.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "XDZIBECX", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 143, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/143" 8 | } -------------------------------------------------------------------------------- /data/XDZIBECX-147.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "XDZIBECX", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 147, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/147" 8 | } -------------------------------------------------------------------------------- /data/XDZIBECX-194.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "XDZIBECX", 4 | "risk": "2", 5 | "title": "incorrect asset transfers issue through Manipulated Payload", 6 | "issueId": 194, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/194" 8 | } -------------------------------------------------------------------------------- /data/XDZIBECX-21.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "XDZIBECX", 4 | "risk": "3", 5 | "title": "double spend assets and grief other users in depositToPort function issue ", 6 | "issueId": 21, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/21" 8 | } -------------------------------------------------------------------------------- /data/YakuzaKiawe-210.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "YakuzaKiawe", 4 | "risk": "2", 5 | "title": "Contract validation can be nullified in `isContract` function", 6 | "issueId": 210, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/210" 8 | } -------------------------------------------------------------------------------- /data/Yanchuan-531.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Yanchuan", 4 | "risk": "3", 5 | "title": "Tokens (ERC20, ERC721, ERC1155) in VirtualAccount can be stolen.", 6 | "issueId": 531, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/531" 8 | } -------------------------------------------------------------------------------- /data/Yanchuan-808.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Yanchuan", 4 | "risk": "3", 5 | "title": "The allowance granted to RootBranchAgent exceeds the necessary amount.", 6 | "issueId": 808, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/808" 8 | } -------------------------------------------------------------------------------- /data/Yanchuan-855.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Yanchuan", 4 | "risk": "2", 5 | "title": "BranchBridgeAgent is missing source chain checking.", 6 | "issueId": 855, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/855" 8 | } -------------------------------------------------------------------------------- /data/ZdravkoHr-165.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ZdravkoHr", 4 | "risk": "3", 5 | "title": "Cross-chain communication is not possible", 6 | "issueId": 165, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/165" 8 | } -------------------------------------------------------------------------------- /data/ZdravkoHr-443.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ZdravkoHr", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 443, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/443" 8 | } -------------------------------------------------------------------------------- /data/ZdravkoHr-660.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ZdravkoHr", 4 | "risk": "3", 5 | "title": "Malicious actor can steal all deposited assets", 6 | "issueId": 660, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/660" 8 | } -------------------------------------------------------------------------------- /data/ZdravkoHr-743.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ZdravkoHr", 4 | "risk": "3", 5 | "title": "Token registration does not work for MulticallRouter", 6 | "issueId": 743, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/743" 8 | } -------------------------------------------------------------------------------- /data/ZdravkoHr-746.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ZdravkoHr", 4 | "risk": "3", 5 | "title": "Settlements cannot be created when using CoreRootRouter", 6 | "issueId": 746, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/746" 8 | } -------------------------------------------------------------------------------- /data/ZdravkoHr-87.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ZdravkoHr", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 87, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/87" 8 | } -------------------------------------------------------------------------------- /data/Zims-176.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "Zims", 4 | "risk": "2", 5 | "title": "No input checks for updatePortStrategy()", 6 | "issueId": 176, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/176" 8 | } -------------------------------------------------------------------------------- /data/_eperezok-200.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "_eperezok", 4 | "risk": "3", 5 | "title": "Missing access control in `VirtualAccount.payableCall`", 6 | "issueId": 200, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/200" 8 | } -------------------------------------------------------------------------------- /data/abi-23.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "abi", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 23, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/23" 8 | } -------------------------------------------------------------------------------- /data/abi-25.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "abi", 4 | "risk": "3", 5 | "title": "Debt repayment logic has unchecked underflow risk", 6 | "issueId": 25, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/25" 8 | } -------------------------------------------------------------------------------- /data/albahaca-424.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "albahaca", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 424, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/424" 8 | } -------------------------------------------------------------------------------- /data/albahaca-667.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "albahaca", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 667, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/667" 8 | } -------------------------------------------------------------------------------- /data/albertwh1te-390.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "albertwh1te", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 390, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/390" 8 | } -------------------------------------------------------------------------------- /data/albertwh1te-391.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "albertwh1te", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 391, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/391" 8 | } -------------------------------------------------------------------------------- /data/alexweb3-782.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "alexweb3", 4 | "risk": "3", 5 | "title": "Lack of access control can lead to loss of funds for users", 6 | "issueId": 782, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/782" 8 | } -------------------------------------------------------------------------------- /data/alexweb3-787.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "alexweb3", 4 | "risk": "2", 5 | "title": "The addToken function might revert for some tokens", 6 | "issueId": 787, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/787" 8 | } -------------------------------------------------------------------------------- /data/alexxander-677.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "alexxander", 4 | "risk": "3", 5 | "title": "Virtual Account's `payableCall` lacks access modifier. ", 6 | "issueId": 677, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/677" 8 | } -------------------------------------------------------------------------------- /data/alexxander-848.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "alexxander", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 848, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/848" 8 | } -------------------------------------------------------------------------------- /data/ast3ros-758.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ast3ros", 4 | "risk": "3", 5 | "title": "Unrestricted Access to payableCall Function in VirtualAccount Contract", 6 | "issueId": 758, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/758" 8 | } -------------------------------------------------------------------------------- /data/ast3ros-759.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ast3ros", 4 | "risk": "2", 5 | "title": "Missing setCoreBranchRouter Functionality in ArbitrumCoreBranchRouter", 6 | "issueId": 759, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/759" 8 | } -------------------------------------------------------------------------------- /data/ast3ros-760.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ast3ros", 4 | "risk": "2", 5 | "title": "Incomplete Implementation of Non-Blocking Pattern in Maia Protocol's LayerZero", 6 | "issueId": 760, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/760" 8 | } -------------------------------------------------------------------------------- /data/ast3ros-761.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ast3ros", 4 | "risk": "2", 5 | "title": "Front-Running Attacks Leads to Loss of Yield and Increased Costs", 6 | "issueId": 761, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/761" 8 | } -------------------------------------------------------------------------------- /data/ast3ros-762.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ast3ros", 4 | "risk": "2", 5 | "title": "Incorrect Fallback Flag in _createSettlementMultiple Function", 6 | "issueId": 762, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/762" 8 | } -------------------------------------------------------------------------------- /data/ast3ros-763.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ast3ros", 4 | "risk": "2", 5 | "title": "Incorrect Recipient Address Causes Loss of Global HToken", 6 | "issueId": 763, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/763" 8 | } -------------------------------------------------------------------------------- /data/ast3ros-764.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ast3ros", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 764, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/764" 8 | } -------------------------------------------------------------------------------- /data/ast3ros-904.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ast3ros", 4 | "risk": "2", 5 | "title": "Upgraded Q -> 2 from #764 [1697894627614]", 6 | "issueId": 904 7 | } -------------------------------------------------------------------------------- /data/audityourcontracts-516.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "audityourcontracts", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 516, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/516" 8 | } -------------------------------------------------------------------------------- /data/ayden-395.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ayden", 4 | "risk": "3", 5 | "title": "user can bypass requiresEndpoint if message send from local chain", 6 | "issueId": 395, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/395" 8 | } -------------------------------------------------------------------------------- /data/ayo_dev-265.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ayo_dev", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 265, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/265" 8 | } -------------------------------------------------------------------------------- /data/backd00r104-890.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "backd00r104", 4 | "risk": "3", 5 | "title": "DoS in System Component lead to System Failure", 6 | "issueId": 890, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/890" 8 | } -------------------------------------------------------------------------------- /data/bareli-786.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "bareli", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 786, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/786" 8 | } -------------------------------------------------------------------------------- /data/bareli-791.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "bareli", 4 | "risk": "3", 5 | "title": "code written in MulticallRootRouter.sol is wrong .", 6 | "issueId": 791, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/791" 8 | } -------------------------------------------------------------------------------- /data/bareli-796.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "bareli", 4 | "risk": "2", 5 | "title": "Check for return of call whether its success or not", 6 | "issueId": 796, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/796" 8 | } -------------------------------------------------------------------------------- /data/bareli-802.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "bareli", 4 | "risk": "2", 5 | "title": "All hTokens are 18 decimals.", 6 | "issueId": 802, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/802" 8 | } -------------------------------------------------------------------------------- /data/bareli-811.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "bareli", 4 | "risk": "2", 5 | "title": "fund will struck", 6 | "issueId": 811, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/811" 8 | } -------------------------------------------------------------------------------- /data/bin2chen-606.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "bin2chen", 4 | "risk": "3", 5 | "title": "payableCall lack of access control", 6 | "issueId": 606, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/606" 8 | } -------------------------------------------------------------------------------- /data/bin2chen-607.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "bin2chen", 4 | "risk": "2", 5 | "title": "_createSettlementMultiple() _hasFallbackToggled not working properly", 6 | "issueId": 607, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/607" 8 | } -------------------------------------------------------------------------------- /data/bin2chen-610.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "bin2chen", 4 | "risk": "3", 5 | "title": "addGlobalToken() localAdress could be overwritten", 6 | "issueId": 610, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/610" 8 | } -------------------------------------------------------------------------------- /data/bin2chen-613.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "bin2chen", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 613, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/613" 8 | } -------------------------------------------------------------------------------- /data/blutorque-166.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "blutorque", 4 | "risk": "3", 5 | "title": "asdd", 6 | "issueId": 166, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/166" 8 | } -------------------------------------------------------------------------------- /data/blutorque-167.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "blutorque", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 167, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/167" 8 | } -------------------------------------------------------------------------------- /data/blutorque-449.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "blutorque", 4 | "risk": "3", 5 | "title": "VirtualAccount allows unauthorized fund withdrawals", 6 | "issueId": 449, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/449" 8 | } -------------------------------------------------------------------------------- /data/btk-711.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "btk", 4 | "risk": "2", 5 | "title": "Possible DoS in `callOutAndBridgeMultiple()`", 6 | "issueId": 711, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/711" 8 | } -------------------------------------------------------------------------------- /data/btk-824.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "btk", 4 | "risk": "3", 5 | "title": "VirtualAccount::payableCall is missing access control", 6 | "issueId": 824, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/824" 8 | } -------------------------------------------------------------------------------- /data/c0pp3rscr3w3r-781.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "c0pp3rscr3w3r", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 781, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/781" 8 | } -------------------------------------------------------------------------------- /data/c0pp3rscr3w3r-800.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "c0pp3rscr3w3r", 4 | "risk": "2", 5 | "title": "Stuck Ether in RootBridgeAgent", 6 | "issueId": 800, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/800" 8 | } -------------------------------------------------------------------------------- /data/c3phas-861.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "c3phas", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 861, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/861" 8 | } -------------------------------------------------------------------------------- /data/cartlex_-651.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "cartlex_", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 651, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/651" 8 | } -------------------------------------------------------------------------------- /data/cartlex_-652.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "cartlex_", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 652, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/652" 8 | } -------------------------------------------------------------------------------- /data/castle_chain-138.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "castle_chain", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 138, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/138" 8 | } -------------------------------------------------------------------------------- /data/catellatech-445.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "catellatech", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 445, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/445" 8 | } -------------------------------------------------------------------------------- /data/catellatech-447.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "catellatech", 4 | "risk": "2", 5 | "title": "Many create methods are suspicious of the reorg attack", 6 | "issueId": 447, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/447" 8 | } -------------------------------------------------------------------------------- /data/catwhiskeys-311.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "catwhiskeys", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 311, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/311" 8 | } -------------------------------------------------------------------------------- /data/chaduke-105.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "chaduke", 4 | "risk": "2", 5 | "title": "setAddresses() and setLocalAddress() might not set the addresses properly. ", 6 | "issueId": 105, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/105" 8 | } -------------------------------------------------------------------------------- /data/chaduke-174.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "chaduke", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 174, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/174" 8 | } -------------------------------------------------------------------------------- /data/chaduke-22.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "chaduke", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 22, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/22" 8 | } -------------------------------------------------------------------------------- /data/ciphermarco-533.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ciphermarco", 4 | "risk": "3", 5 | "title": "Lack of Access Control in `VirtualAccount`'s `payableCall` Function", 6 | "issueId": 533, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/533" 8 | } -------------------------------------------------------------------------------- /data/ciphermarco-567.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ciphermarco", 4 | "risk": "2", 5 | "title": "LayerZero's Remote Address is Incorrectly Validated", 6 | "issueId": 567, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/567" 8 | } -------------------------------------------------------------------------------- /data/clara-777.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "clara", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 777, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/777" 8 | } -------------------------------------------------------------------------------- /data/cyberinn-243.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "cyberinn", 4 | "risk": "2", 5 | "title": "Race Condition from Shared `settlementNonce` Can Lead to Bugs", 6 | "issueId": 243, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/243" 8 | } -------------------------------------------------------------------------------- /data/dd0x7e8-7.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "dd0x7e8", 4 | "risk": "2", 5 | "title": "Return value of low level `call` not checked.", 6 | "issueId": 7, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/7" 8 | } -------------------------------------------------------------------------------- /data/debo-100.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "3", 5 | "title": "[H-04] Arbitrary Send ERC20 in RootPort Contract", 6 | "issueId": 100, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/100" 8 | } -------------------------------------------------------------------------------- /data/debo-126.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "2", 5 | "title": "Unchecked return value from low-level external call in the RootBridgeAgent contract", 6 | "issueId": 126, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/126" 8 | } -------------------------------------------------------------------------------- /data/debo-134.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "2", 5 | "title": "[M-11] Dubious typecast in the BranchBridgeAgent contract", 6 | "issueId": 134, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/134" 8 | } -------------------------------------------------------------------------------- /data/debo-144.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "2", 5 | "title": "[M-12] Dubious Typecast in RootBridgeAgent contract", 6 | "issueId": 144, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/144" 8 | } -------------------------------------------------------------------------------- /data/debo-18.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 18, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/18" 8 | } -------------------------------------------------------------------------------- /data/debo-24.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "3", 5 | "title": "[H-01] Requirement Violation", 6 | "issueId": 24, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/24" 8 | } -------------------------------------------------------------------------------- /data/debo-26.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "2", 5 | "title": "[M-02] A call to a user-supplied address is executed", 6 | "issueId": 26, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/26" 8 | } -------------------------------------------------------------------------------- /data/debo-273.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "2", 5 | "title": "Public Burn in the RootPort contract", 6 | "issueId": 273, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/273" 8 | } -------------------------------------------------------------------------------- /data/debo-28.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "2", 5 | "title": "[M-03] Requirement violation", 6 | "issueId": 28, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/28" 8 | } -------------------------------------------------------------------------------- /data/debo-283.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "3", 5 | "title": "[H-05] Unchecked transfer in the VirtualAccount contract", 6 | "issueId": 283, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/283" 8 | } -------------------------------------------------------------------------------- /data/debo-284.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "3", 5 | "title": "[H-06] Reentrancy in the BranchPort contract", 6 | "issueId": 284, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/284" 8 | } -------------------------------------------------------------------------------- /data/debo-285.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "3", 5 | "title": "[H-07] Reentrancy in the ArbitrumBranchPort contract", 6 | "issueId": 285, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/285" 8 | } -------------------------------------------------------------------------------- /data/debo-29.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "2", 5 | "title": "[M-04] Requirement Violation", 6 | "issueId": 29, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/29" 8 | } -------------------------------------------------------------------------------- /data/debo-307.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 307, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/307" 8 | } -------------------------------------------------------------------------------- /data/debo-31.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 31, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/31" 8 | } -------------------------------------------------------------------------------- /data/debo-500.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "3", 5 | "title": "[H-08] CONTROLLED LOW-LEVEL CALL in the MulticallRootRouter contract", 6 | "issueId": 500, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/500" 8 | } -------------------------------------------------------------------------------- /data/debo-503.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "3", 5 | "title": "[H-09] Incorrect Access Control in the MulticallRootRouter contract", 6 | "issueId": 503, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/503" 8 | } -------------------------------------------------------------------------------- /data/debo-505.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "3", 5 | "title": "[H-10] Incorrect Access Control in the BranchPort contract", 6 | "issueId": 505, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/505" 8 | } -------------------------------------------------------------------------------- /data/debo-513.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "3", 5 | "title": "[H-11] Incorrect Access Control within the BaseBranchRouter contract", 6 | "issueId": 513, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/513" 8 | } -------------------------------------------------------------------------------- /data/debo-515.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "3", 5 | "title": "[H-12] Incorrect Access Control on the ERC20hTokenBranchFactory contract", 6 | "issueId": 515, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/515" 8 | } -------------------------------------------------------------------------------- /data/debo-532.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "3", 5 | "title": "[H-13] Reentrancy in the CoreBranchRouter contract", 6 | "issueId": 532, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/532" 8 | } -------------------------------------------------------------------------------- /data/debo-558.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "3", 5 | "title": "[H-14] Reentrancy in the MulticallRootRouter contract", 6 | "issueId": 558, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/558" 8 | } -------------------------------------------------------------------------------- /data/debo-62.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "2", 5 | "title": "[M-05] Unchecked Return Value From Low Level External Call in RootBridgeAgent Contract", 6 | "issueId": 62, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/62" 8 | } -------------------------------------------------------------------------------- /data/debo-66.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "2", 5 | "title": "[M-07] Requirement Violation in the RootBridgeAgentExecutor contract", 6 | "issueId": 66, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/66" 8 | } -------------------------------------------------------------------------------- /data/debo-68.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "3", 5 | "title": "[H-01] Encode packed collision in BranchBridgeAgent contract", 6 | "issueId": 68, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/68" 8 | } -------------------------------------------------------------------------------- /data/debo-69.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "2", 5 | "title": "[M-08] Use of dangerous strict equality in the BranchPort contract", 6 | "issueId": 69, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/69" 8 | } -------------------------------------------------------------------------------- /data/debo-70.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "3", 5 | "title": "[H-02] Encode packed collision in the RootBridgeAgent contract", 6 | "issueId": 70, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/70" 8 | } -------------------------------------------------------------------------------- /data/debo-85.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "3", 5 | "title": "[H-03] Arbitrary Send of Safe ERC20 token", 6 | "issueId": 85, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/85" 8 | } -------------------------------------------------------------------------------- /data/debo-856.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "2", 5 | "title": "[M-14] Reentrancy in the RootBridgeAgent contract", 6 | "issueId": 856, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/856" 8 | } -------------------------------------------------------------------------------- /data/debo-871.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "2", 5 | "title": "[M-15] Reentrancy in the BranchPort contract", 6 | "issueId": 871, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/871" 8 | } -------------------------------------------------------------------------------- /data/debo-879.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "2", 5 | "title": "[M-16] Reentrancy in the BaseBranchRouter contract", 6 | "issueId": 879, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/879" 8 | } -------------------------------------------------------------------------------- /data/debo-897.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "debo", 4 | "risk": "2", 5 | "title": "[M-17] Reentrancy in the BranchBridgeAgent contract", 6 | "issueId": 897, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/897" 8 | } -------------------------------------------------------------------------------- /data/dharma09-748.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "dharma09", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 748, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/748" 8 | } -------------------------------------------------------------------------------- /data/eeshenggoh-11.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "eeshenggoh", 4 | "risk": "3", 5 | "title": "Able to initialize root port more than once leading to r", 6 | "issueId": 11, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/11" 8 | } -------------------------------------------------------------------------------- /data/eeshenggoh-37.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "eeshenggoh", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 37, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/37" 8 | } -------------------------------------------------------------------------------- /data/emerald7017-170.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "emerald7017", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 170, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/170" 8 | } -------------------------------------------------------------------------------- /data/emerald7017-228.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "emerald7017", 4 | "risk": "3", 5 | "title": "Authorization Bypass in `replenishReserves` Function.", 6 | "issueId": 228, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/228" 8 | } -------------------------------------------------------------------------------- /data/emerald7017-235.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "emerald7017", 4 | "risk": "2", 5 | "title": "Inadequate Check in **_performRetrySettlementCall** Function.", 6 | "issueId": 235, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/235" 8 | } -------------------------------------------------------------------------------- /data/emerald7017-237.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "emerald7017", 4 | "risk": "3", 5 | "title": "Missing Balance Check in `_updateStateOnBridgeOut`.", 6 | "issueId": 237, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/237" 8 | } -------------------------------------------------------------------------------- /data/emerald7017-238.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "emerald7017", 4 | "risk": "2", 5 | "title": "Address Conversion Assumption in `requiresEndpoint` Modifier.", 6 | "issueId": 238, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/238" 8 | } -------------------------------------------------------------------------------- /data/emerald7017-239.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "emerald7017", 4 | "risk": "2", 5 | "title": "Nonce Reuse Vulnerability in `callOutAndBridge` Function.", 6 | "issueId": 239, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/239" 8 | } -------------------------------------------------------------------------------- /data/ether_sky-645.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ether_sky", 4 | "risk": "2", 5 | "title": "Once users retrieve their deposits, they cannot retry the deposit process.", 6 | "issueId": 645, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/645" 8 | } -------------------------------------------------------------------------------- /data/fatherOfBlocks-537.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "fatherOfBlocks", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 537, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/537" 8 | } -------------------------------------------------------------------------------- /data/fatherOfBlocks-538.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "fatherOfBlocks", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 538, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/538" 8 | } -------------------------------------------------------------------------------- /data/grearlake-290.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "grearlake", 4 | "risk": "2", 5 | "title": "Did Not Approve To Zero First", 6 | "issueId": 290, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/290" 8 | } -------------------------------------------------------------------------------- /data/gumgumzum-823.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "gumgumzum", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 823, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/823" 8 | } -------------------------------------------------------------------------------- /data/gumgumzum-98.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "gumgumzum", 4 | "risk": "3", 5 | "title": "VirtualAccount@payableCall does not require the caller to be approved", 6 | "issueId": 98, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/98" 8 | } -------------------------------------------------------------------------------- /data/gztttt-642.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "gztttt", 4 | "risk": "3", 5 | "title": "Lack of access control for `payableCall()` of VirtualAccount.sol", 6 | "issueId": 642, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/642" 8 | } -------------------------------------------------------------------------------- /data/hals-428.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "hals", 4 | "risk": "2", 5 | "title": "The protocol doesn't support deflationary/rebasing & fee-on-transfer tokens", 6 | "issueId": 428, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/428" 8 | } -------------------------------------------------------------------------------- /data/hals-434.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "hals", 4 | "risk": "3", 5 | "title": "`VirtualAccount.payableCall` function is missing access modifier", 6 | "issueId": 434, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/434" 8 | } -------------------------------------------------------------------------------- /data/hals-437.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "hals", 4 | "risk": "2", 5 | "title": "`BranchBridgeAgent` : nonces are not unique", 6 | "issueId": 437, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/437" 8 | } -------------------------------------------------------------------------------- /data/hihen-779.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "hihen", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 779, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/779" 8 | } -------------------------------------------------------------------------------- /data/hunter_w3b-835.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "hunter_w3b", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 835, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/835" 8 | } -------------------------------------------------------------------------------- /data/hunter_w3b-870.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "hunter_w3b", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 870, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/870" 8 | } -------------------------------------------------------------------------------- /data/ihtishamsudo-497.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ihtishamsudo", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 497, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/497" 8 | } -------------------------------------------------------------------------------- /data/ihtishamsudo-833.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ihtishamsudo", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 833, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/833" 8 | } -------------------------------------------------------------------------------- /data/imare-797.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "imare", 4 | "risk": "2", 5 | "title": "`VirtualAccount` as a wallet can be called by anyone", 6 | "issueId": 797, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/797" 8 | } -------------------------------------------------------------------------------- /data/imare-799.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "imare", 4 | "risk": "2", 5 | "title": "`_retryDeposit` dos not work correctly", 6 | "issueId": 799, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/799" 8 | } -------------------------------------------------------------------------------- /data/imare-801.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "imare", 4 | "risk": "2", 5 | "title": "USDT token transfer will not work with the current implementation", 6 | "issueId": 801, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/801" 8 | } -------------------------------------------------------------------------------- /data/imare-804.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "imare", 4 | "risk": "2", 5 | "title": "token that uses bytes32 for the name or symbol cannot be added to the protocol", 6 | "issueId": 804, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/804" 8 | } -------------------------------------------------------------------------------- /data/imare-809.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "imare", 4 | "risk": "2", 5 | "title": "some chain will not work with this protocol", 6 | "issueId": 809, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/809" 8 | } -------------------------------------------------------------------------------- /data/invitedtea-473.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "invitedtea", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 473, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/473" 8 | } -------------------------------------------------------------------------------- /data/invitedtea-481.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "invitedtea", 4 | "risk": "3", 5 | "title": "`payableCall` functions are not protected against reentrancy attacks", 6 | "issueId": 481, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/481" 8 | } -------------------------------------------------------------------------------- /data/invitedtea-485.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "invitedtea", 4 | "risk": "2", 5 | "title": "Handling Possible Reverts from External Calls", 6 | "issueId": 485, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/485" 8 | } -------------------------------------------------------------------------------- /data/invitedtea-486.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "invitedtea", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 486, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/486" 8 | } -------------------------------------------------------------------------------- /data/its_basu-715.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "its_basu", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 715, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/715" 8 | } -------------------------------------------------------------------------------- /data/jamshed-753.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "jamshed", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 753, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/753" 8 | } -------------------------------------------------------------------------------- /data/jaraxxus-873.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "jaraxxus", 4 | "risk": "2", 5 | "title": "_bridgeOut in BranchPort.sol calculates the _amount and _deposit incorrectly", 6 | "issueId": 873, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/873" 8 | } -------------------------------------------------------------------------------- /data/jaraxxus-896.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "jaraxxus", 4 | "risk": "2", 5 | "title": "USDT tokens should approve to zero first", 6 | "issueId": 896, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/896" 8 | } -------------------------------------------------------------------------------- /data/jasonxiale-361.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "jasonxiale", 4 | "risk": "2", 5 | "title": "protocol won't work with tokens with a fee-on-transfer", 6 | "issueId": 361, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/361" 8 | } -------------------------------------------------------------------------------- /data/jasonxiale-372.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "jasonxiale", 4 | "risk": "2", 5 | "title": "protocol is suspicious of the reorg attack", 6 | "issueId": 372, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/372" 8 | } -------------------------------------------------------------------------------- /data/jasonxiale-373.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "jasonxiale", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 373, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/373" 8 | } -------------------------------------------------------------------------------- /data/jauvany-718.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "jauvany", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 718, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/718" 8 | } -------------------------------------------------------------------------------- /data/joaovwfreire-565.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "joaovwfreire", 4 | "risk": "3", 5 | "title": "No access control for VirtualAccount payableCall function", 6 | "issueId": 565, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/565" 8 | } -------------------------------------------------------------------------------- /data/jonny_web3-38.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "jonny_web3", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 38, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/38" 8 | } -------------------------------------------------------------------------------- /data/jonny_web3-Q.md: -------------------------------------------------------------------------------- 1 | 2023-09-maia/src/interfaces/BridgeAgentConstants.sol 2 | line 19 3 | // Settlement / Deposit Redeeem Status 4 | The 19th line should be changed from 'Redeeem' to 'Redeem'." -------------------------------------------------------------------------------- /data/josephdara-795.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "josephdara", 4 | "risk": "3", 5 | "title": "Unprotected ``payableCall()`` exposes user funds to malicious actors", 6 | "issueId": 795, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/795" 8 | } -------------------------------------------------------------------------------- /data/josephdara-815.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "josephdara", 4 | "risk": "2", 5 | "title": "``updatePortStrategy`` does not update the strategy limit for that day.", 6 | "issueId": 815, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/815" 8 | } -------------------------------------------------------------------------------- /data/josephdara-832.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "josephdara", 4 | "risk": "2", 5 | "title": "Wrong arrangement for mapping types", 6 | "issueId": 832, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/832" 8 | } -------------------------------------------------------------------------------- /data/josephdara-851.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "josephdara", 4 | "risk": "2", 5 | "title": "Fees not integrated with LayerZero functions", 6 | "issueId": 851, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/851" 8 | } -------------------------------------------------------------------------------- /data/josephdara-865.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "josephdara", 4 | "risk": "2", 5 | "title": "Anyone can create multiple RootBridgeAgent", 6 | "issueId": 865, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/865" 8 | } -------------------------------------------------------------------------------- /data/kaveyjoe-10.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "kaveyjoe", 4 | "risk": "3", 5 | "title": " Uninitialized Minimum Token Reserve Ratio", 6 | "issueId": 10, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/10" 8 | } -------------------------------------------------------------------------------- /data/kaveyjoe-12.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "kaveyjoe", 4 | "risk": "2", 5 | "title": " Potential Underflow Issue in _bridgeOut Function", 6 | "issueId": 12, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/12" 8 | } -------------------------------------------------------------------------------- /data/klau5-450.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "klau5", 4 | "risk": "3", 5 | "title": "Anyone can call payableCall at VirtualAccount, and steal assets", 6 | "issueId": 450, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/450" 8 | } -------------------------------------------------------------------------------- /data/klau5-816.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "klau5", 4 | "risk": "2", 5 | "title": "callOut And Bridge feature always fail with core router", 6 | "issueId": 816, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/816" 8 | } -------------------------------------------------------------------------------- /data/klau5-863.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "klau5", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 863, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/863" 8 | } -------------------------------------------------------------------------------- /data/kodyvim-264.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "kodyvim", 4 | "risk": "3", 5 | "title": "Anyone can block LayerZero channel due to missing check for minimum gas passed", 6 | "issueId": 264, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/264" 8 | } -------------------------------------------------------------------------------- /data/kodyvim-342.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "kodyvim", 4 | "risk": "2", 5 | "title": "RootPort burn functions could fail silently", 6 | "issueId": 342, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/342" 8 | } -------------------------------------------------------------------------------- /data/kodyvim-494.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "kodyvim", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 494, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/494" 8 | } -------------------------------------------------------------------------------- /data/kodyvim-536.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "kodyvim", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 536, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/536" 8 | } -------------------------------------------------------------------------------- /data/koxuan-299.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "koxuan", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 299, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/299" 8 | } -------------------------------------------------------------------------------- /data/ladboy233-415.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ladboy233", 4 | "risk": "2", 5 | "title": "Should not hardcode chain id because chain id can change on layerzero side", 6 | "issueId": 415, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/415" 8 | } -------------------------------------------------------------------------------- /data/ladboy233-419.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ladboy233", 4 | "risk": "3", 5 | "title": "Does not validate the remote caller address when lzReceive is triggered", 6 | "issueId": 419, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/419" 8 | } -------------------------------------------------------------------------------- /data/ladboy233-672.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ladboy233", 4 | "risk": "3", 5 | "title": "User can redeem deposit too soon", 6 | "issueId": 672, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/672" 8 | } -------------------------------------------------------------------------------- /data/ladboy233-684.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ladboy233", 4 | "risk": "3", 5 | "title": "ArbitrumBranchBridgeAgent.sol lzReceive missing access control", 6 | "issueId": 684, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/684" 8 | } -------------------------------------------------------------------------------- /data/ladboy233-854.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ladboy233", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 854, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/854" 8 | } -------------------------------------------------------------------------------- /data/ladboy233-905.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ladboy233", 4 | "risk": "2", 5 | "title": "Upgraded Q -> 2 from #854 [1697894788598]", 6 | "issueId": 905 7 | } -------------------------------------------------------------------------------- /data/lanrebayode77-145.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "lanrebayode77", 4 | "risk": "2", 5 | "title": "Usage of Incorrect depositNonce", 6 | "issueId": 145, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/145" 8 | } -------------------------------------------------------------------------------- /data/lanrebayode77-9.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "lanrebayode77", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 9, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/9" 8 | } -------------------------------------------------------------------------------- /data/lsaudit-427.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "lsaudit", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 427, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/427" 8 | } -------------------------------------------------------------------------------- /data/lsaudit-429.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "lsaudit", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 429, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/429" 8 | } -------------------------------------------------------------------------------- /data/lsaudit-430.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "lsaudit", 4 | "risk": "2", 5 | "title": "Improper usage of `excessivelySafeCall` does not prevent high gas cost", 6 | "issueId": 430, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/430" 8 | } -------------------------------------------------------------------------------- /data/lsaudit-431.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "lsaudit", 4 | "risk": "2", 5 | "title": "Burn access control can be bypassed", 6 | "issueId": 431, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/431" 8 | } -------------------------------------------------------------------------------- /data/lsaudit-432.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "lsaudit", 4 | "risk": "2", 5 | "title": "Local Token can be added with address of Global Token", 6 | "issueId": 432, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/432" 8 | } -------------------------------------------------------------------------------- /data/lsaudit-435.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "lsaudit", 4 | "risk": "2", 5 | "title": "`_dstChainId` Type Confusion", 6 | "issueId": 435, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/435" 8 | } -------------------------------------------------------------------------------- /data/lsaudit-436.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "lsaudit", 4 | "risk": "2", 5 | "title": "Transferring tokens without verifying if they exist", 6 | "issueId": 436, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/436" 8 | } -------------------------------------------------------------------------------- /data/lsaudit-438.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "lsaudit", 4 | "risk": "2", 5 | "title": "getFeeEstimate() returns overpaid message costs", 6 | "issueId": 438, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/438" 8 | } -------------------------------------------------------------------------------- /data/lsaudit-439.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "lsaudit", 4 | "risk": "2", 5 | "title": "`requiresEndpoint` checks incorrect address", 6 | "issueId": 439, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/439" 8 | } -------------------------------------------------------------------------------- /data/lsaudit-563.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "lsaudit", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 563, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/563" 8 | } -------------------------------------------------------------------------------- /data/marqymarq10-376.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "marqymarq10", 4 | "risk": "3", 5 | "title": "VirtualAccount.payableCall() function does not have access control.", 6 | "issueId": 376, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/376" 8 | } -------------------------------------------------------------------------------- /data/marqymarq10-378.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "marqymarq10", 4 | "risk": "3", 5 | "title": "RootBridgeAgentExecutor.sol lacks a receive() function.", 6 | "issueId": 378, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/378" 8 | } -------------------------------------------------------------------------------- /data/marqymarq10-379.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "marqymarq10", 4 | "risk": "3", 5 | "title": "RootBridgeAgentFactory.createBridgeAgent() lacks access control.", 6 | "issueId": 379, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/379" 8 | } -------------------------------------------------------------------------------- /data/marqymarq10-380.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "marqymarq10", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 380, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/380" 8 | } -------------------------------------------------------------------------------- /data/matrix_0wl-752.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "matrix_0wl", 4 | "risk": "2", 5 | "title": "Insufficient Gas Griefing", 6 | "issueId": 752, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/752" 8 | } -------------------------------------------------------------------------------- /data/mert_eren-602.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "mert_eren", 4 | "risk": "3", 5 | "title": "VirtualAccount's payable function can be callable by anyone", 6 | "issueId": 602, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/602" 8 | } -------------------------------------------------------------------------------- /data/minhtrng-880.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "minhtrng", 4 | "risk": "3", 5 | "title": "Incorrect srcAddress check renders all layerzero messages unusable", 6 | "issueId": 880, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/880" 8 | } -------------------------------------------------------------------------------- /data/minhtrng-882.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "minhtrng", 4 | "risk": "2", 5 | "title": "Incorrect functionID will not trigger fallback", 6 | "issueId": 882, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/882" 8 | } -------------------------------------------------------------------------------- /data/minhtrng-887.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "minhtrng", 4 | "risk": "2", 5 | "title": "Airdropped Gas will remain in the Agent in case of failure", 6 | "issueId": 887, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/887" 8 | } -------------------------------------------------------------------------------- /data/minhtrng-888.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "minhtrng", 4 | "risk": "3", 5 | "title": "Virtual account lacks access control", 6 | "issueId": 888, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/888" 8 | } -------------------------------------------------------------------------------- /data/minhtrng-898.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "minhtrng", 4 | "risk": "2", 5 | "title": "Funds stuck in router if no additional payload send during callOutAndBridge", 6 | "issueId": 898, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/898" 8 | } -------------------------------------------------------------------------------- /data/n1punp-148.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "n1punp", 4 | "risk": "3", 5 | "title": "ERC1155 can be stuck in VirtualAccount forever", 6 | "issueId": 148, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/148" 8 | } -------------------------------------------------------------------------------- /data/n1punp-152.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "n1punp", 4 | "risk": "3", 5 | "title": "Some tokens may require approve(0) before actual approve(...)", 6 | "issueId": 152, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/152" 8 | } -------------------------------------------------------------------------------- /data/n1punp-293.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "n1punp", 4 | "risk": "3", 5 | "title": "VirtualAccount can get drained due to missing `requiresApprovedCaller` modifier", 6 | "issueId": 293, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/293" 8 | } -------------------------------------------------------------------------------- /data/nadin-653.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "nadin", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 653, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/653" 8 | } -------------------------------------------------------------------------------- /data/naman1778-893.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "naman1778", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 893, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/893" 8 | } -------------------------------------------------------------------------------- /data/neumo-883.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "neumo", 4 | "risk": "3", 5 | "title": "LayerZero endpoint can get blocked by a malicious user", 6 | "issueId": 883, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/883" 8 | } -------------------------------------------------------------------------------- /data/newt-525.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "newt", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 525, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/525" 8 | } -------------------------------------------------------------------------------- /data/newt-560.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "newt", 4 | "risk": "3", 5 | "title": "Missing access control to RootBridgeAgentFactory.createBridgeAgent()", 6 | "issueId": 560, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/560" 8 | } -------------------------------------------------------------------------------- /data/newt-686.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "newt", 4 | "risk": "3", 5 | "title": "Missing access control for IRootBridgeAgentFactory.sol ", 6 | "issueId": 686, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/686" 8 | } -------------------------------------------------------------------------------- /data/newt-849.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "newt", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 849, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/849" 8 | } -------------------------------------------------------------------------------- /data/newt-94.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "newt", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 94, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/94" 8 | } -------------------------------------------------------------------------------- /data/niroh-495.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "niroh", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 495, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/495" 8 | } -------------------------------------------------------------------------------- /data/nmirchev8-726.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "nmirchev8", 4 | "risk": "2", 5 | "title": "If number of settlements reach 2^32 the whole system will stop working", 6 | "issueId": 726, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/726" 8 | } -------------------------------------------------------------------------------- /data/nobody2018-517.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "nobody2018", 4 | "risk": "3", 5 | "title": "All tokens which all VirtualAccount are holding will be stolen", 6 | "issueId": 517, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/517" 8 | } -------------------------------------------------------------------------------- /data/nobody2018-520.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "nobody2018", 4 | "risk": "2", 5 | "title": "BaseBranchRouter._transferAndApproveToken may revert in some cases", 6 | "issueId": 520, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/520" 8 | } -------------------------------------------------------------------------------- /data/oada-365.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "oada", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 365, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/365" 8 | } -------------------------------------------------------------------------------- /data/oada-368.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "oada", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 368, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/368" 8 | } -------------------------------------------------------------------------------- /data/orion-130.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "orion", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 130, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/130" 8 | } -------------------------------------------------------------------------------- /data/oualidpro-59.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "oualidpro", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 59, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/59" 8 | } -------------------------------------------------------------------------------- /data/oualidpro-61.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "oualidpro", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 61, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/61" 8 | } -------------------------------------------------------------------------------- /data/pavankv-261.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "pavankv", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 261, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/261" 8 | } -------------------------------------------------------------------------------- /data/pavankv-716.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "pavankv", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 716, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/716" 8 | } -------------------------------------------------------------------------------- /data/peakbolt-357.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "peakbolt", 4 | "risk": "3", 5 | "title": "`VirtualAccount.payableCall()` is missing `requiresApprovedCaller` modifier", 6 | "issueId": 357, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/357" 8 | } -------------------------------------------------------------------------------- /data/peakbolt-359.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "peakbolt", 4 | "risk": "3", 5 | "title": "Unconsumed native tokens will be stuck in `RootBridgeAgentExecutor` contract", 6 | "issueId": 359, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/359" 8 | } -------------------------------------------------------------------------------- /data/peakbolt-422.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "peakbolt", 4 | "risk": "2", 5 | "title": "Fallback can be DoS by dApps that consumes all gas during multicall", 6 | "issueId": 422, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/422" 8 | } -------------------------------------------------------------------------------- /data/peritoflores-687.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "peritoflores", 4 | "risk": "3", 5 | "title": "## [H1] An overflow can be used to drain ETH in VirtualAccount ", 6 | "issueId": 687, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/687" 8 | } -------------------------------------------------------------------------------- /data/pfapostol-502.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "pfapostol", 4 | "risk": "3", 5 | "title": "Token/ETH theft via improper `VirtualAccount` access control.", 6 | "issueId": 502, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/502" 8 | } -------------------------------------------------------------------------------- /data/pfapostol-521.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "pfapostol", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 521, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/521" 8 | } -------------------------------------------------------------------------------- /data/pfapostol-605.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "pfapostol", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 605, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/605" 8 | } -------------------------------------------------------------------------------- /data/pfapostol-665.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "pfapostol", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 665, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/665" 8 | } -------------------------------------------------------------------------------- /data/pontifex-847.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "pontifex", 4 | "risk": "2", 5 | "title": "Tokens locking due to empty parameters to execute on the root chain router", 6 | "issueId": 847, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/847" 8 | } -------------------------------------------------------------------------------- /data/ptsanev-15.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ptsanev", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 15, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/15" 8 | } -------------------------------------------------------------------------------- /data/ptsanev-34.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ptsanev", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 34, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/34" 8 | } -------------------------------------------------------------------------------- /data/putricio-681.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "putricio", 4 | "risk": "3", 5 | "title": "UnderlyingToken can be modified ", 6 | "issueId": 681, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/681" 8 | } -------------------------------------------------------------------------------- /data/radcet-648.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "radcet", 4 | "risk": "2", 5 | "title": "Possible lost when not checking recipient address", 6 | "issueId": 648, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/648" 8 | } -------------------------------------------------------------------------------- /data/rvierdiiev-139.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "rvierdiiev", 4 | "risk": "3", 5 | "title": "VirtualAccount.payableCall can be called by anyone", 6 | "issueId": 139, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/139" 8 | } -------------------------------------------------------------------------------- /data/rvierdiiev-140.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "rvierdiiev", 4 | "risk": "2", 5 | "title": "VirtualAccount doesn't allow to send native tokens to eoa", 6 | "issueId": 140, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/140" 8 | } -------------------------------------------------------------------------------- /data/rvierdiiev-142.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "rvierdiiev", 4 | "risk": "2", 5 | "title": "BranchPort.updatePortStrategy should remove old limit", 6 | "issueId": 142, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/142" 8 | } -------------------------------------------------------------------------------- /data/rvierdiiev-177.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "rvierdiiev", 4 | "risk": "2", 5 | "title": "User can lose deposit in case if it will fail and _refundee is not eoa", 6 | "issueId": 177, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/177" 8 | } -------------------------------------------------------------------------------- /data/rvierdiiev-179.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "rvierdiiev", 4 | "risk": "2", 5 | "title": "User always overpay for fallback call", 6 | "issueId": 179, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/179" 8 | } -------------------------------------------------------------------------------- /data/rvierdiiev-187.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "rvierdiiev", 4 | "risk": "2", 5 | "title": "ArbitrumCoreBranchRouter.executeNoSettlement can't handle 0x07 function ", 6 | "issueId": 187, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/187" 8 | } -------------------------------------------------------------------------------- /data/rvierdiiev-189.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "rvierdiiev", 4 | "risk": "3", 5 | "title": "LZ authorization is implented incorrectly", 6 | "issueId": 189, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/189" 8 | } -------------------------------------------------------------------------------- /data/rvierdiiev-191.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "rvierdiiev", 4 | "risk": "2", 5 | "title": "RootPort.setCoreBranchRouter doesn't have enough validation", 6 | "issueId": 191, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/191" 8 | } -------------------------------------------------------------------------------- /data/saneryee-113.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "saneryee", 4 | "risk": "2", 5 | "title": "Function `callOut` lack of parameter validation", 6 | "issueId": 113, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/113" 8 | } -------------------------------------------------------------------------------- /data/saneryee-114.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "saneryee", 4 | "risk": "2", 5 | "title": "Lack of event emission after sensitive actions", 6 | "issueId": 114, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/114" 8 | } -------------------------------------------------------------------------------- /data/saneryee-172.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "saneryee", 4 | "risk": "2", 5 | "title": "Inconsistent State Management in retrySettlement Function", 6 | "issueId": 172, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/172" 8 | } -------------------------------------------------------------------------------- /data/seerether-302.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "seerether", 4 | "risk": "3", 5 | "title": "potential reentrancy vulnerability in the lzReceive function", 6 | "issueId": 302, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/302" 8 | } -------------------------------------------------------------------------------- /data/seerether-644.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "seerether", 4 | "risk": "3", 5 | "title": "Decoding addresses from bytes using inline assembly is error prone", 6 | "issueId": 644, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/644" 8 | } -------------------------------------------------------------------------------- /data/seerether-754.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "seerether", 4 | "risk": "3", 5 | "title": "Doesn't check for partial redemptions. Could allow duplicate redemptions", 6 | "issueId": 754, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/754" 8 | } -------------------------------------------------------------------------------- /data/shaflow2-492.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "shaflow2", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 492, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/492" 8 | } -------------------------------------------------------------------------------- /data/shaflow2-496.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "shaflow2", 4 | "risk": "2", 5 | "title": "redeemDeposit at Branch don't change the Root State.", 6 | "issueId": 496, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/496" 8 | } -------------------------------------------------------------------------------- /data/shirochan-541.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "shirochan", 4 | "risk": "3", 5 | "title": "BranchBridgeAgent.lzReceive can fail silently", 6 | "issueId": 541, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/541" 8 | } -------------------------------------------------------------------------------- /data/sivanesh_808-843.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "sivanesh_808", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 843, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/843" 8 | } -------------------------------------------------------------------------------- /data/stuxy-316.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "stuxy", 4 | "risk": "3", 5 | "title": "Missing access modifier in payableCall function of VirtualAccount.sol", 6 | "issueId": 316, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/316" 8 | } -------------------------------------------------------------------------------- /data/tabriz-717.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "tabriz", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 717, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/717" 8 | } -------------------------------------------------------------------------------- /data/te_aut-807.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "te_aut", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 807, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/807" 8 | } -------------------------------------------------------------------------------- /data/terrancrypt-705.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "terrancrypt", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 705, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/705" 8 | } -------------------------------------------------------------------------------- /data/twcctop-582.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "twcctop", 4 | "risk": "2", 5 | "title": "ArbitrumBranchBridgeAgent#retrySettlement may lock user asset ", 6 | "issueId": 582, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/582" 8 | } -------------------------------------------------------------------------------- /data/twcctop-604.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "twcctop", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 604, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/604" 8 | } -------------------------------------------------------------------------------- /data/twcctop-707.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "twcctop", 4 | "risk": "3", 5 | "title": "RootBridgeAgent#_performFallbackCall refund addresss may not correct . ", 6 | "issueId": 707, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/707" 8 | } -------------------------------------------------------------------------------- /data/unkn0wn-4.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "unkn0wn", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 4, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/4" 8 | } -------------------------------------------------------------------------------- /data/unsafesol-803.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "unsafesol", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 803, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/803" 8 | } -------------------------------------------------------------------------------- /data/ustas-185.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ustas", 4 | "risk": "3", 5 | "title": "Drain of funds due to the lack of access control on `VirtualAccount.payableCall()`", 6 | "issueId": 185, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/185" 8 | } -------------------------------------------------------------------------------- /data/ustas-226.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ustas", 4 | "risk": "3", 5 | "title": "Any ETH sent to `ArbitrumBranchBridgeAgent.callOut*()` functions will be lost", 6 | "issueId": 226, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/226" 8 | } -------------------------------------------------------------------------------- /data/ustas-227.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ustas", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 227, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/227" 8 | } -------------------------------------------------------------------------------- /data/versiyonbir-101.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "versiyonbir", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 101, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/101" 8 | } -------------------------------------------------------------------------------- /data/versiyonbir-214.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "versiyonbir", 4 | "risk": "2", 5 | "title": "Denial of Service", 6 | "issueId": 214, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/214" 8 | } -------------------------------------------------------------------------------- /data/versiyonbir-313.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "versiyonbir", 4 | "risk": "2", 5 | "title": "Reentrancy", 6 | "issueId": 313, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/313" 8 | } -------------------------------------------------------------------------------- /data/versiyonbir-506.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "versiyonbir", 4 | "risk": "2", 5 | "title": "LACK OF MESSAGE FEES ESTIMATION IN LAYERZERO", 6 | "issueId": 506, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/506" 8 | } -------------------------------------------------------------------------------- /data/versiyonbir-507.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "versiyonbir", 4 | "risk": "2", 5 | "title": "HASH COLLISIONS WITH MULTIPLE VARIABLE-LENGTH ARGUMENTS", 6 | "issueId": 507, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/507" 8 | } -------------------------------------------------------------------------------- /data/versiyonbir-509.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "versiyonbir", 4 | "risk": "2", 5 | "title": "USING EXTCODESIZE TO CHECK FOR EXTERNALLY OWNED ACCOUNTS", 6 | "issueId": 509, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/509" 8 | } -------------------------------------------------------------------------------- /data/versiyonbir-510.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "versiyonbir", 4 | "risk": "2", 5 | "title": "BALANCE EQUALITY", 6 | "issueId": 510, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/510" 8 | } -------------------------------------------------------------------------------- /data/versiyonbir-511.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "versiyonbir", 4 | "risk": "2", 5 | "title": "ACCOUNT EXISTENCE CHECK FOR LOW LEVEL CALLS", 6 | "issueId": 511, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/511" 8 | } -------------------------------------------------------------------------------- /data/versiyonbir-60.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "versiyonbir", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 60, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/60" 8 | } -------------------------------------------------------------------------------- /data/volodya-268.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "volodya", 4 | "risk": "2", 5 | "title": "ww", 6 | "issueId": 268, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/268" 8 | } -------------------------------------------------------------------------------- /data/wahedtalash77-578.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "wahedtalash77", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 578, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/578" 8 | } -------------------------------------------------------------------------------- /data/wahedtalash77-747.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "wahedtalash77", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 747, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/747" 8 | } -------------------------------------------------------------------------------- /data/wangxx2026-338.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "wangxx2026", 4 | "risk": "3", 5 | "title": "LayerZero authorized Caller is used incorrectly", 6 | "issueId": 338, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/338" 8 | } -------------------------------------------------------------------------------- /data/wangxx2026-404.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "wangxx2026", 4 | "risk": "3", 5 | "title": "Token are incorrectly minted to the router", 6 | "issueId": 404, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/404" 8 | } -------------------------------------------------------------------------------- /data/willxxer7-682.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "willxxer7", 4 | "risk": "3", 5 | "title": "Access Control Vulnerability", 6 | "issueId": 682, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/682" 8 | } -------------------------------------------------------------------------------- /data/willxxer7-703.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "willxxer7", 4 | "risk": "2", 5 | "title": "Pess-Dubious-Typecast/Integer Overflow", 6 | "issueId": 703, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/703" 8 | } -------------------------------------------------------------------------------- /data/willxxer7-714.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "willxxer7", 4 | "risk": "3", 5 | "title": "encode-packed-collision/Denial Of Service", 6 | "issueId": 714, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/714" 8 | } -------------------------------------------------------------------------------- /data/willxxer7-725.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "willxxer7", 4 | "risk": "2", 5 | "title": "pess-dubious-typecast", 6 | "issueId": 725, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/725" 8 | } -------------------------------------------------------------------------------- /data/willxxer7-733.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "willxxer7", 4 | "risk": "3", 5 | "title": "Arbitrary-send-erc20", 6 | "issueId": 733, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/733" 8 | } -------------------------------------------------------------------------------- /data/windhustler-720.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "windhustler", 4 | "risk": "2", 5 | "title": "Users are not able to withdraw funds if strategy incurs a loss", 6 | "issueId": 720, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/720" 8 | } -------------------------------------------------------------------------------- /data/windhustler-724.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "windhustler", 4 | "risk": "3", 5 | "title": "Missing modifier allows anyone to drain virtual account", 6 | "issueId": 724, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/724" 8 | } -------------------------------------------------------------------------------- /data/windhustler-728.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "windhustler", 4 | "risk": "2", 5 | "title": "Airdropped tokens are stuck in the Bridge Agent contracts", 6 | "issueId": 728, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/728" 8 | } -------------------------------------------------------------------------------- /data/windhustler-738.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "windhustler", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 738, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/738" 8 | } -------------------------------------------------------------------------------- /data/wisdomn_-123.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "wisdomn_", 4 | "risk": "3", 5 | "title": "Unchecked return value in function withdrawNative leads to loss of funds.", 6 | "issueId": 123, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/123" 8 | } -------------------------------------------------------------------------------- /data/wisdomn_-132.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "wisdomn_", 4 | "risk": "3", 5 | "title": "Unchecked return in function withdrawERC721 leads to loss of funds.", 6 | "issueId": 132, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/132" 8 | } -------------------------------------------------------------------------------- /data/wisdomn_-188.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "wisdomn_", 4 | "risk": "3", 5 | "title": "Token transfer error in function withdrawERC20 leads to loss of tokens", 6 | "issueId": 188, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/188" 8 | } -------------------------------------------------------------------------------- /data/xuwinnie-305.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "xuwinnie", 4 | "risk": "3", 5 | "title": "Nonce of `payload` and `getDeposit` does not match", 6 | "issueId": 305, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/305" 8 | } -------------------------------------------------------------------------------- /data/yongskiws-814.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "yongskiws", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 814, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/814" 8 | } -------------------------------------------------------------------------------- /data/yongskiws-895.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "yongskiws", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 895, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/895" 8 | } -------------------------------------------------------------------------------- /data/zabihullahazadzoi-884.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "zabihullahazadzoi", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 884, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/884" 8 | } -------------------------------------------------------------------------------- /data/zambody-225.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "zambody", 4 | "risk": "3", 5 | "title": "No access control for VirtualAccount's payableCall", 6 | "issueId": 225, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/225" 8 | } -------------------------------------------------------------------------------- /data/zhaojie-119.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "zhaojie", 4 | "risk": "3", 5 | "title": "uint32 is too small for depositNonce", 6 | "issueId": 119, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/119" 8 | } -------------------------------------------------------------------------------- /data/zhaojie-121.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "zhaojie", 4 | "risk": "3", 5 | "title": "BranchBridgeAgent.callOutAndBridge lack requiresRouter modifier", 6 | "issueId": 121, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/121" 8 | } -------------------------------------------------------------------------------- /data/zhaojie-328.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "zhaojie", 4 | "risk": "3", 5 | "title": "The source chain id was not verified in BranchBridgeAgent#lzReceive. ", 6 | "issueId": 328, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/328" 8 | } -------------------------------------------------------------------------------- /data/zhaojie-346.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "zhaojie", 4 | "risk": "2", 5 | "title": "Protocols cannot support non-EVM chains", 6 | "issueId": 346, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/346" 8 | } -------------------------------------------------------------------------------- /data/zhaojie-389.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "zhaojie", 4 | "risk": "2", 5 | "title": "The token is not verified during deposit.", 6 | "issueId": 389, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/389" 8 | } -------------------------------------------------------------------------------- /data/ziyou--220.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ziyou-", 4 | "risk": "2", 5 | "title": "The value of the '_depositNonce' parameter in the 'payload' is incorrect.", 6 | "issueId": 220, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/220" 8 | } -------------------------------------------------------------------------------- /data/ziyou--246.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ziyou-", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 246, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/246" 8 | } -------------------------------------------------------------------------------- /data/ziyou--30.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ziyou-", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 30, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/30" 8 | } -------------------------------------------------------------------------------- /data/ziyou--42.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 287, 3 | "handle": "ziyou-", 4 | "risk": "2", 5 | "title": "The _globalToken parameter of the depositToPort function is incorrect.", 6 | "issueId": 42, 7 | "issueUrl": "https://github.com/code-423n4/2023-09-maia-findings/issues/42" 8 | } --------------------------------------------------------------------------------