|
medium
|
detector |
Untrusted CALL target/value reachable |
0x821399fba58ca66f15e4440d54392b355d592dcb
|
$92.60 |
no
|
no
|
2 weeks ago
|
019b3831-b514-7227-be0b-6f9fb7c9d2fa
|
|
medium
|
detector |
ETH value transfer possible |
0x821399fba58ca66f15e4440d54392b355d592dcb
|
$92.60 |
no
|
no
|
2 weeks ago
|
019b3831-b514-7227-be0b-6f9fb7c9d2fa
|
|
medium
|
detector |
ETH value transfer possible |
0x79aeb9d06524ccd702b8e29d4d4e634967e8eb04
|
$3.10 |
no
|
no
|
2 weeks ago
|
019b3831-b4dd-73cd-a088-4f0361305b7e
|
|
medium
|
detector |
Untrusted CALL target/value reachable |
0x79aeb9d06524ccd702b8e29d4d4e634967e8eb04
|
$3.10 |
no
|
no
|
2 weeks ago
|
019b3831-b4dd-73cd-a088-4f0361305b7e
|
|
medium
|
detector |
ETH value transfer possible |
0x957ece82a7c88cda004bd9027050bbce9a84ab26
|
$0.53 |
no
|
no
|
2 weeks ago
|
019b3831-b4a3-70ee-a4a5-c0c4bad34a90
|
|
medium
|
detector |
Untrusted CALL target/value reachable |
0x957ece82a7c88cda004bd9027050bbce9a84ab26
|
$0.53 |
no
|
no
|
2 weeks ago
|
019b3831-b4a3-70ee-a4a5-c0c4bad34a90
|
|
high
|
detector |
Untrusted CALL target/value reachable |
0x4f0255319faa4a7915856300f5ff98a2fe86ae97
|
$0.00 |
yes
|
yes
|
2 weeks ago
|
019b3831-b4e0-71c5-8142-0d761b2b7ab8
|
|
high
|
detector |
ETH value transfer possible |
0x4f0255319faa4a7915856300f5ff98a2fe86ae97
|
$0.00 |
yes
|
yes
|
2 weeks ago
|
019b3831-b4e0-71c5-8142-0d761b2b7ab8
|
|
medium
|
detector |
Untrusted CALL target/value reachable |
0x7d6b9978def0be00165eab70945c919881f23575
|
$93.00 |
no
|
no
|
2 weeks ago
|
019b3831-b4c8-71c6-9572-b89f05b54890
|
|
medium
|
detector |
ETH value transfer possible |
0x7d6b9978def0be00165eab70945c919881f23575
|
$93.00 |
no
|
no
|
2 weeks ago
|
019b3831-b4c8-71c6-9572-b89f05b54890
|
|
medium
|
detector |
ETH value transfer possible |
0xbaa43006db572fbe2d49439ee32f72723b3d0e88
|
$0.00 |
no
|
no
|
2 weeks ago
|
019b3831-b4d5-734c-82d1-3a07c9753473
|
|
medium
|
detector |
Untrusted CALL target/value reachable |
0xbaa43006db572fbe2d49439ee32f72723b3d0e88
|
$0.00 |
no
|
no
|
2 weeks ago
|
019b3831-b4d5-734c-82d1-3a07c9753473
|
|
medium
|
detector |
Untrusted CALL target/value reachable |
0x22982da02f22d7f5f8eabda2143948600bb814f0
|
$963.49 |
no
|
no
|
2 weeks ago
|
019b3831-b4ec-70ee-9009-4117ac845622
|
|
medium
|
detector |
ETH value transfer possible |
0x22982da02f22d7f5f8eabda2143948600bb814f0
|
$963.49 |
no
|
no
|
2 weeks ago
|
019b3831-b4ec-70ee-9009-4117ac845622
|
|
medium
|
detector |
ETH value transfer possible |
0x79bae4ed57ee513f5ff6aa4357416063df5029f6
|
$0.00 |
no
|
no
|
2 weeks ago
|
019b3831-b4a7-731b-98b6-4963c50587ab
|
|
medium
|
detector |
Untrusted CALL target/value reachable |
0x79bae4ed57ee513f5ff6aa4357416063df5029f6
|
$0.00 |
no
|
no
|
2 weeks ago
|
019b3831-b4a7-731b-98b6-4963c50587ab
|
|
high
|
codex |
Deposits credit the requested amount instead of the amount actually received |
0xa8372d6ff00d48a25baa1af16d6a86c936708f4e
|
$0.00 |
no
|
—
|
2 weeks ago
|
019d5667-1339-71d8-a320-f4112d024afe
|
|
medium
|
codex |
Withdrawal signatures are replayable across predicate instances on the same chain |
0xa8372d6ff00d48a25baa1af16d6a86c936708f4e
|
$0.00 |
no
|
—
|
2 weeks ago
|
019d5667-1339-71d8-a320-f4112d024afe
|
|
high
|
slither |
StorageAccessible.simulateDelegatecallInternal(address,bytes) (lib/contracts/src/contracts/mixins/StorageAccessible.sol#87-95) uses delegatecall to a input-controlled function id |
0x00000000d681e85e5783588f87a9573cb97eda01
|
$0.00 |
no
|
—
|
2 weeks ago
|
019d5666-f542-7208-84bc-d2e3db83e367
|
|
high
|
slither |
GPv2Transfer.transferFromAccounts(IVault,GPv2Transfer.Data[],address) (lib/contracts/src/contracts/libraries/GPv2Transfer.sol#91-136) uses arbitrary from in transferFrom: transf... |
0x00000000d681e85e5783588f87a9573cb97eda01
|
$0.00 |
no
|
—
|
2 weeks ago
|
019d5666-f542-7208-84bc-d2e3db83e367
|
|
high
|
slither |
GPv2Transfer.fastTransferFromAccount(IVault,GPv2Transfer.Data,address) (lib/contracts/src/contracts/libraries/GPv2Transfer.sol#46-77) uses arbitrary from in transferFrom: transf... |
0x00000000d681e85e5783588f87a9573cb97eda01
|
$0.00 |
no
|
—
|
2 weeks ago
|
019d5666-f542-7208-84bc-d2e3db83e367
|
|
high
|
slither |
TransferLibrary.receiveAssets(address,address,uint256) (src/libraries/TransferLibrary.sol#40-48) uses arbitrary from in transferFrom: IERC20(asset).safeTransferFrom(from,address... |
0x00000000d681e85e5783588f87a9573cb97eda01
|
$0.00 |
no
|
—
|
2 weeks ago
|
019d5666-f542-7208-84bc-d2e3db83e367
|
|
high
|
codex |
Unchecked CowSwap feeAmount lets a limit order drain extra sellToken beyond params.amountIn |
0x00000000d681e85e5783588f87a9573cb97eda01
|
$0.00 |
no
|
—
|
2 weeks ago
|
019d5666-f542-7208-84bc-d2e3db83e367
|
|
high
|
slither |
Wallets.refundGasBySchain(bytes32,address,uint256,bool) (contracts/test/TestWallets.sol#53-68) sends eth to arbitrary user |
0x29353f77c6b0d3772d73e708cc8e1fca08c80c11
|
$0.00 |
no
|
—
|
2 weeks ago
|
019d5666-e916-7246-acfd-c2f7d6ef4d74
|
|
medium
|
slither |
Reentrancy in FallbackEthTester.receive() (contracts/test/FallbackEthTester.sol#55-62): |
0x29353f77c6b0d3772d73e708cc8e1fca08c80c11
|
$0.00 |
no
|
—
|
2 weeks ago
|
019d5666-e916-7246-acfd-c2f7d6ef4d74
|
|
high
|
codex |
ERC20 bridge accounting trusts the requested amount instead of the amount actually received |
0x29353f77c6b0d3772d73e708cc8e1fca08c80c11
|
$0.00 |
no
|
—
|
2 weeks ago
|
019d5666-e916-7246-acfd-c2f7d6ef4d74
|
|
medium
|
codex |
Delayed ERC20 withdrawals clear user claims before confirming token delivery |
0x29353f77c6b0d3772d73e708cc8e1fca08c80c11
|
$0.00 |
no
|
—
|
2 weeks ago
|
019d5666-e916-7246-acfd-c2f7d6ef4d74
|
|
low
|
codex |
`CommunityLocker.setGasPrice` accepts arbitrary caller-supplied oracle values |
0x29353f77c6b0d3772d73e708cc8e1fca08c80c11
|
$0.00 |
no
|
—
|
2 weeks ago
|
019d5666-e916-7246-acfd-c2f7d6ef4d74
|
|
high
|
codex |
Owner can de-whitelist an active collateral token and withdraw funds backing live positions |
0x6ac64c4760e0590f88233b2046810e87e0354324
|
$0.00 |
no
|
—
|
2 weeks ago
|
019d5666-ddb2-7138-a85b-4026ca2b3eec
|
|
high
|
codex |
Fee-on-transfer collateral tokens let users over-withdraw from pooled escrow |
0x6ac64c4760e0590f88233b2046810e87e0354324
|
$0.00 |
no
|
—
|
2 weeks ago
|
019d5666-ddb2-7138-a85b-4026ca2b3eec
|
|
high
|
codex |
Keeper-controlled pricePerShare can be stair-stepped away from real NAV and used to overmint/overwithdraw |
0x04393e5c6701237d7ee836d644f8dbdd122afebc
|
$0.00 |
no
|
—
|
2 weeks ago
|
019d5666-b2b6-72b3-991d-f09cf3f2b2ec
|
|
high
|
codex |
`claimAndStakeRewardsBySig` signatures are replayable across different gardens |
0x04393e5c6701237d7ee836d644f8dbdd122afebc
|
$0.00 |
no
|
—
|
2 weeks ago
|
019d5666-b2b6-72b3-991d-f09cf3f2b2ec
|
|
medium
|
codex |
First `setTimeLockRegistry` call is permissionless, enabling vesting-registry takeover |
0x04393e5c6701237d7ee836d644f8dbdd122afebc
|
$0.00 |
no
|
—
|
2 weeks ago
|
019d5666-b2b6-72b3-991d-f09cf3f2b2ec
|
|
high
|
codex |
Signed actions can be replayed across different GuruFund instances |
0xec8902afffb06d0b075ea2d6fb3a45ec8598c39b
|
$0.00 |
no
|
—
|
2 weeks ago
|
019d5666-7793-71fe-8365-fe0e83fcb95f
|
|
medium
|
codex |
Anyone can front-run and consume another user's signed payload nonce |
0xec8902afffb06d0b075ea2d6fb3a45ec8598c39b
|
$0.00 |
no
|
—
|
2 weeks ago
|
019d5666-7793-71fe-8365-fe0e83fcb95f
|
|
medium
|
codex |
Fee-on-transfer tokens break bridge accounting and can drain pooled liquidity |
0x63105ee97bfb22dfe23033b3b14a4f8fed121ee9
|
$41,127.55 |
no
|
—
|
2 weeks ago
|
019d5666-7238-704a-97b4-9ab40e4f0ac7
|
|
medium
|
codex |
Withdraw signatures can be replayed across bridge deployments on the same chain |
0x63105ee97bfb22dfe23033b3b14a4f8fed121ee9
|
$41,127.55 |
no
|
—
|
2 weeks ago
|
019d5666-7238-704a-97b4-9ab40e4f0ac7
|
|
critical
|
detector |
Untrusted DELEGATECALL target reachable |
0xa8372d6ff00d48a25baa1af16d6a86c936708f4e
|
$0.00 |
no
|
no
|
2 weeks ago
|
019d5667-1339-71d8-a320-f4112d024afe
|
|
high
|
detector |
Untrusted CALL target/value reachable |
0xa8372d6ff00d48a25baa1af16d6a86c936708f4e
|
$0.00 |
no
|
no
|
2 weeks ago
|
019d5667-1339-71d8-a320-f4112d024afe
|
|
high
|
detector |
ETH value transfer possible |
0xa8372d6ff00d48a25baa1af16d6a86c936708f4e
|
$0.00 |
no
|
no
|
2 weeks ago
|
019d5667-1339-71d8-a320-f4112d024afe
|
|
medium
|
cast |
DELEGATECALL present |
0xa8372d6ff00d48a25baa1af16d6a86c936708f4e
|
$0.00 |
no
|
—
|
2 weeks ago
|
019d5667-1339-71d8-a320-f4112d024afe
|
|
info
|
cast |
Heavy CALL-family usage |
0xa8372d6ff00d48a25baa1af16d6a86c936708f4e
|
$0.00 |
no
|
—
|
2 weeks ago
|
019d5667-1339-71d8-a320-f4112d024afe
|
|
critical
|
detector |
Untrusted DELEGATECALL target reachable |
0x4f8b564e25337f6a3e66f12553221f6c05a13085
|
$0.00 |
no
|
no
|
2 weeks ago
|
019d5667-0d9d-728c-b832-799ea2787070
|
|
high
|
detector |
Untrusted CALL target/value reachable |
0x4f8b564e25337f6a3e66f12553221f6c05a13085
|
$0.00 |
no
|
no
|
2 weeks ago
|
019d5667-0d9d-728c-b832-799ea2787070
|
|
high
|
detector |
ETH value transfer possible |
0x4f8b564e25337f6a3e66f12553221f6c05a13085
|
$0.00 |
no
|
no
|
2 weeks ago
|
019d5667-0d9d-728c-b832-799ea2787070
|
|
medium
|
cast |
DELEGATECALL present |
0x4f8b564e25337f6a3e66f12553221f6c05a13085
|
$0.00 |
no
|
—
|
2 weeks ago
|
019d5667-0d9d-728c-b832-799ea2787070
|
|
info
|
cast |
Heavy EXTCODE*/BALANCE usage |
0x4f8b564e25337f6a3e66f12553221f6c05a13085
|
$0.00 |
no
|
—
|
2 weeks ago
|
019d5667-0d9d-728c-b832-799ea2787070
|
|
info
|
cast |
Heavy CALL-family usage |
0x4f8b564e25337f6a3e66f12553221f6c05a13085
|
$0.00 |
no
|
—
|
2 weeks ago
|
019d5667-0d9d-728c-b832-799ea2787070
|
|
medium
|
codex |
Privileged owner can sweep custodial ETH and ERC20 balances |
0x96541c4926a32ea3a97fd8d335aff1f81e50ffe9
|
$41,190.88 |
no
|
—
|
2 weeks ago
|
019d5666-7222-713e-be7e-db522974661d
|
|
medium
|
codex |
Token deposits credit the requested amount, not the amount actually received |
0x96541c4926a32ea3a97fd8d335aff1f81e50ffe9
|
$41,190.88 |
no
|
—
|
2 weeks ago
|
019d5666-7222-713e-be7e-db522974661d
|