Lucene search
+L

8 matches found

Code423n4
Code423n4
added 2023/10/06 12:0 a.m.13 views

RootBridgeAgent.retrieveSettlement doesn't check if settlement is in FAILED state

Lines of code Vulnerability details Impact The RootBridgeAgent.retrieveSettlement function is supposed to be used to retrieve a failed settlement to be able to redeem it but because the function doesn't actually check that the input settlement is in fact in FAILED state, the function can be used ...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.9 views

[M-14] Reentrancy in the RootBridgeAgent contract

Lines of code Vulnerability details Impact In a Re-entrancy attack, a malicious contract calls back into the calling contract before the first invocation of the function is finished. This may cause the different invocations of the function to interact in undesirable ways, especially in cases wher...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.12 views

A Malicious user can create a rootBridgeAgent with a malicious endpoint and execute calls directly with the rootBridgeAgent.

Lines of code Vulnerability details Impact A Malicious user can create a rootBridgeAgent with a malicious endpoint and execute calls directly with the rootBridgeAgent. Since anyone can create a rootBridgeAgent with desired values for port, endpoint and router address in anychain. The Attacker can...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.2 views

Anyone can create multiple RootBridgeAgent

Lines of code Vulnerability details Impact createBridgeAgent is used to create a new Root Bridge Agent. This new RootBridgeAgent is added to the array on the rootPort. This can be used to randomly spam the array with thousand of array addresses whereby the ones deployed by the protocol are harder...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.28 views

Lack of force resume support for LZ which is crucially important to have

Lines of code Vulnerability details Impact The User Application LZReceiver should implement the ILayerZeroUserApplicationConfig interface which includes the forceResumeReceive function. This is very important as in the worst case, it can allow the owner to unblock the queue of messages if somethi...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.12 views

USAGE OF abi.encodePacked TO ENCODE DATA COULD LEAD TO payload DATA COLLISION IN THE RootBridgeAgent._createSettlementMultiple FUNCTION

Lines of code Vulnerability details Impact The RootBridgeAgent.callOutAndBridgeMultiple function is used to settle multiple assets and perform a remote call to a branch chain. callOutAndBridgeMultiple function calls the RootBridgeAgent.createSettlementMultiple internal function to compute the...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.12 views

if the Virtual Account's owner is a Contract Account (multisig wallet), attackers can gain control of the Virtual Accounts by gaining control of the same owner's address in a different chain

Lines of code Vulnerability details Impact Attackers can gain control of User's Virtual Accounts and steal all the assets these accounts hold in the Root environment Proof of Concept When sending signed messages from a Branch to Root, the RootBridgeAgent contract calls the...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.14 views

FallBack Function might revert

Lines of code Vulnerability details The performFallbackCall function appears to be designed to send a message to the RootBridgeAgent using the lzReceive function. It includes the settlement nonce encoded as part of the message. Overall, the function seems fine for its intended purpose, but there...

7.3AI score
Exploits0
Rows per page
Query Builder