4 matches found
tryCatchLimit can forward less than the specified gasLimit due to how CALL* opcode forward gas
Lines of code Vulnerability details Description To understand the issue I strongly recommend the lecture of this article. In particular, sections "Insufficient Gas Griefing Attack" and "Workaround Against “Insuficient Gas Griefing attack”". The problem relays on the fact that we cannot be sure th...
Attacker can force the failure of transactions that use tryCatch
Lines of code Vulnerability details Attacker can force the failure of transactions that use tryCatch An attacker or malicious relayer can force the failure of transactions that rely on tryCatch by carefully choosing the gas limit. Impact The tryCatch function present in the AmbireAccount contract...
Incorrect usage of EIP-150
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...
Malicious pausing the contract
Lines of code Vulnerability details Vulnerability details Description There is a function createAuction in Auction contract. It consist the following logic: /// @dev Creates an auction for the next token function createAuction private // Get the next token available for bidding try token.mint...