Lucene search
K

4 matches found

Code423n4
Code423n4
added 2023/06/09 12:0 a.m.17 views

Lack of reentrancy protection in L1ERC721Bridge.sol

Lines of code Vulnerability details Summary Calling IERC721.transferFrom in the L1ERC721Bridge.initiateBridgeERC721 after writing the deposit makes a reentrancy attack possible if there is a callback before transfer in the localToken contract we will name such a contract ERC721Callback...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.40 views

Attacker can steal CrossDomainMessenger and OptimismPortal token balances or tokens of anyone give approval for those contracts

Lines of code Vulnerability details Impact Contracts CrossDomainMessenger and OptimismPortal are part of the bridge protocol and they are responsible for sending messages between two network. they both call arbitrary address with arbitrary data that user specified and it would give attacker to...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/06/08 12:0 a.m.14 views

Pausing Optimism Portal only pauses withdrawals, can result in locked or lost funds

Lines of code Vulnerability details The comment over OptimismPortal.pause indicates pause should affect both deposits and withdrawls. Currently, only finalizeWithdrawalTransaction and proveWithdrawlTransaction implement the whenNotPaused modifier. Both depositTransaction and donateETH do not...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/11/07 12:0 a.m.34 views

Aliasing L1 sender on L2

Lines of code Vulnerability details Impact If a contract on L1 has the same address as a contract on L2 but doesn't have the same code, we will have a critical issue, as funds will be lost. Proof of Concept Both Optimism and Arbitrum implements applyL1ToL2Alias / undoL1ToL2Alias logic to prevent ...

6.9AI score
Exploits0
Rows per page
Query Builder