Skip to content

Issues: code-423n4/2024-10-kleidi-validation

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

17 Open 267 Closed
17 Open 267 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or ⇧ + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
πŸ‘ πŸ‘Ž πŸ˜„ πŸŽ‰ πŸ˜• ❀️ πŸš€ πŸ‘€

Issues list

The _updatePauseDuration function do not check if the contract is unpaused. And no check for if the contract was already paused, reset the pauseStartTime to 0 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working πŸ€–_07_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#284 opened Oct 25, 2024 by c4-bot-6
Unsupported opcode in Solidity v0.8.25 prevents Kleidi contracts from deploying on Arbitrum 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working edited-by-warden πŸ€–_primary AI based primary recommendation sufficient quality report This report is of sufficient quality
#214 opened Oct 25, 2024 by c4-bot-6
UpdateExpirattionPeriod() cannot be execute when the newExpirationPeriod is less than currentExpirationPeriod. 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working πŸ€–_primary AI based primary recommendation sufficient quality report This report is of sufficient quality
#182 opened Oct 24, 2024 by c4-bot-8
Hot Signer Can Pass Arbitrary Data to Partially Whitelisted Functions 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working πŸ€–_08_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#163 opened Oct 24, 2024 by c4-bot-9
Missing Validation to Ensure Hot Signers are Safe Owners 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working πŸ€–_primary AI based primary recommendation sufficient quality report This report is of sufficient quality
#161 opened Oct 24, 2024 by c4-bot-4
Lack of Validation for Recovery Spell Addresses in InstanceDeployer To Ensure They're actually Recovery Spell Contracts, This May Lead to Enabling Non-functional or Malicious Contract/EOA as Safe Modules 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working πŸ€–_01_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#154 opened Oct 24, 2024 by c4-bot-9
Recovery Failure Due to Ablity to Set Contracts as RecoverySpell Owners 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working πŸ€–_01_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#153 opened Oct 24, 2024 by c4-bot-6
Protection against malicious recovery spells is not sufficient in case of multiple recovery spells 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working πŸ€–_38_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#138 opened Oct 23, 2024 by c4-bot-9
Intended configuration of recoveryDelay < timelockDelay allows for malicious takeover by recovery spells 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working πŸ€–_38_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#126 opened Oct 23, 2024 by c4-bot-6
Recovery spells don't allow the addition or removal of owners, potentially leading to the compromisation of the wallet 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working πŸ€–_36_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#63 opened Oct 21, 2024 by c4-bot-8
Wrong handling of call data check indices, forcing it sometimes to revert 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working edited-by-warden πŸ€–_primary AI based primary recommendation sufficient quality report This report is of sufficient quality
#53 opened Oct 21, 2024 by c4-bot-6
1
RecoverySpellFactory::_paramChecks doesn't check if an owner is the same as the safe making it possible to create unusable recovery spells 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working πŸ€–_primary AI based primary recommendation πŸ€–_03_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#41 opened Oct 20, 2024 by c4-bot-4
RecoverySpellFactory::_paramChecks doesn't check for SENTINEL_OWNERS making it possible to create unusable recovery spells 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working edited-by-warden πŸ€–_03_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#40 opened Oct 20, 2024 by c4-bot-3
Even if the users use batch operations, removing calldata with indexes can cause unexpected behaviours 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working edited-by-warden πŸ€–_primary AI based primary recommendation sufficient quality report This report is of sufficient quality
#18 opened Oct 17, 2024 by c4-bot-8
Expired executions can be re-executable in certain conditions 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working edited-by-warden πŸ€–_11_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#15 opened Oct 17, 2024 by c4-bot-6
Contracts cannot be deployed on arbitrum and optimism 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working edited-by-warden πŸ€–_primary AI based primary recommendation πŸ€–_22_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#13 opened Oct 17, 2024 by c4-bot-9
Agreements & Disclosures
#1 opened Oct 9, 2024 by code4rena-id bot
ProTip! Updated in the last three days: updated:>2025-02-13.