Skip to content

Issues: code-423n4/2024-03-phala-network-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

24 Open 75 Closed
24 Open 75 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Analysis A-01 analysis-advanced grade-a sufficient quality report This report is of sufficient quality
#97 opened Mar 22, 2024 by c4-bot-4
3
Unchecked Resource Consumption issue in Storage of Wasm Code bug Warden finding disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) downgraded by judge Judge downgraded the risk level of this issue grade-b insufficient quality report This report is not of sufficient quality Q-01 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#96 opened Mar 22, 2024 by c4-bot-4
8
Analysis A-02 analysis-advanced grade-a selected for report This submission will be included/highlighted in the audit report sufficient quality report This report is of sufficient quality
#91 opened Mar 22, 2024 by c4-bot-4
3
Analysis A-03 analysis-advanced grade-b insufficient quality report This report is not of sufficient quality
#88 opened Mar 22, 2024 by c4-bot-3
2
Analysis A-04 analysis-advanced edited-by-warden grade-b sufficient quality report This report is of sufficient quality
#87 opened Mar 22, 2024 by c4-bot-3
2
Analysis A-05 analysis-advanced grade-b sufficient quality report This report is of sufficient quality
#71 opened Mar 22, 2024 by c4-bot-10
2
QA Report bug Warden finding grade-b Q-02 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#63 opened Mar 22, 2024 by c4-bot-5
3
Analysis A-06 analysis-advanced edited-by-warden grade-b insufficient quality report This report is not of sufficient quality
#51 opened Mar 21, 2024 by c4-bot-7
2
Limited availability of balance_of(...) method 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Warden finding edited-by-warden M-01 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#50 opened Mar 21, 2024 by c4-bot-8
6
An attacker can bloat the Pink runtime storage with zero costs 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Warden finding M-02 primary issue Highest quality submission among a set of duplicates 🤖_49_group AI based duplicate group recommendation selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#49 opened Mar 21, 2024 by c4-bot-10
5
Analysis A-07 analysis-advanced grade-b sufficient quality report This report is of sufficient quality
#48 opened Mar 21, 2024 by c4-bot-6
2
request.headers has no limit bug Warden finding disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) downgraded by judge Judge downgraded the risk level of this issue grade-b primary issue Highest quality submission among a set of duplicates Q-03 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_13_group AI based duplicate group recommendation sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#46 opened Mar 21, 2024 by c4-bot-1
9
A cache that times out can be recovered. 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Warden finding disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) downgraded by judge Judge downgraded the risk level of this issue M-03 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#44 opened Mar 21, 2024 by c4-bot-2
14
An attacker can crash the cluster system by sending an HTTP request with a huge timeout 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Warden finding disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) downgraded by judge Judge downgraded the risk level of this issue M-04 primary issue Highest quality submission among a set of duplicates 🤖_13_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#43 opened Mar 21, 2024 by c4-bot-8
12
Analysis A-08 analysis-advanced grade-b insufficient quality report This report is not of sufficient quality
#37 opened Mar 19, 2024 by c4-bot-5
2
QA Report bug Warden finding edited-by-warden grade-a Q-04 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#34 opened Mar 18, 2024 by c4-bot-9
3
Analysis A-09 analysis-advanced edited-by-warden grade-a high quality report This report is of especially high quality sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#26 opened Mar 17, 2024 by c4-bot-5
3
Unbounded Decoding In extension::get_side_effects can lead to stack overflow bug Warden finding downgraded by judge Judge downgraded the risk level of this issue grade-a insufficient quality report This report is not of sufficient quality QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#25 opened Mar 17, 2024 by c4-bot-5
5
Analysis A-10 analysis-advanced grade-a sufficient quality report This report is of sufficient quality
#23 opened Mar 17, 2024 by c4-bot-1
2
Analysis A-11 analysis-advanced grade-b sufficient quality report This report is of sufficient quality
#22 opened Mar 16, 2024 by c4-bot-10
2
QA Report bug Warden finding grade-b Q-05 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#18 opened Mar 15, 2024 by c4-bot-7
5
Lack of Rate Limiting for HTTP Requests bug Warden finding downgraded by judge Judge downgraded the risk level of this issue grade-b primary issue Highest quality submission among a set of duplicates Q-06 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_13_group AI based duplicate group recommendation sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sufficient quality report This report is of sufficient quality
#13 opened Mar 10, 2024 by c4-bot-7
9
QA Report bug Warden finding edited-by-warden grade-a high quality report This report is of especially high quality Q-07 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#11 opened Mar 9, 2024 by c4-bot-4
8
Agreements & Disclosures
#1 opened Feb 26, 2024 by code423n4
ProTip! Adding no:label will show everything without a label.