Lucene search
K

7 matches found

Code423n4
Code423n4
added 2022/05/09 12:0 a.m.14 views

The sendToCosmos function does not check for transfer-on-fee/deflationary tokens

Lines of code Gravity.solL595-L609 Vulnerability details Impact The documentation describes the use of tokens other than CUDOS in the Gravity.sol contract; so it is assumed that the CUDOS token will not be the only supported token. The documentation also states that validators on the Tendermint...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/05/09 12:0 a.m.9 views

Missing powerThreshold validation in function updateValset(in Gravity.sol) could cause the contract non-functional

Lines of code Vulnerability details Impact When the cumulative power of validators in newValset is less than or equal to statepowerThreshold, the checkValidatorSignatures function would fail. Eventually, submitBatch, submitLogicCall & updateValset would fail for the new set of validators. This wi...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/05/09 12:0 a.m.8 views

The Gravity.sol should have pause/unpause functionality

Lines of code Vulnerability details Impact In case a hack is occuring or an exploit is discovered, the team or validators in this case should be able to pause functionality until the necessary changes are made to the system. Additionally, the gravity.sol contract should be manged by proxy so that...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/09 12:0 a.m.7 views

Tokens with fee on transfer are not supported

Lines of code Vulnerability details There are ERC20 tokens that charge fee for every transfer or transferFrom. In the current implementation, sendToCosmos assumes that the received amount is the same as the transfer amount, and uses it to emit SendToCosmosEvent event. As a result, when bridging t...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/09/07 12:0 a.m.12 views

Freeze The Bridge Via Large ERC20 Names/Symbols/Denoms

Handle nascent Vulnerability details Ethereum Oracles watch for events on the Gravity.sol contract on the Ethereum blockchain. This is performed in the checkforevents function, ran in the ethoraclemainloop. In this function, there is the following code snippet: let erc20deployed = web3...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/09/07 12:0 a.m.7 views

The gravity.sol router should have pause/unpause functionality.

Handle tensors Vulnerability details In case a hack is occuring or an exploit is discovered, the team or validators in this case should be able to pause functionality until the necessary changes are made to the system. Additionally, the gravity.sol contract should be manged by proxy so that...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/09/07 12:0 a.m.6 views

Does the cosmos-sdk listen to only 1 gravity.sol contract address?

Handle tensors Vulnerability details Recently Thorchain which uses cosmos, was hacked because the Thorchain environment listened to emitted events from routers other than the intended one. This allowed a hacker to create a malicious router. Within the ethmainloop of the orchestrator, is the...

6.8AI score
Exploits0
Rows per page
Query Builder