-
Notifications
You must be signed in to change notification settings - Fork 1
Issues: sherlock-audit/2024-09-orderly-network-solana-contract-judging
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
Albort - When a PDA (Program Derived Address) is required to perform signing operations but invoke_signed is not used, the transaction will fail
Sponsor Disputed
The sponsor disputed this issue's validity
#170
opened Oct 27, 2024 by
sherlock-admin2
turvec - SolCOnnector.sol address passed to lzSend() will cause fees refunded to be stucked
Sponsor Disputed
The sponsor disputed this issue's validity
#169
opened Oct 27, 2024 by
sherlock-admin2
sa9933 - The UUPS proxie standard is implemented incorrectly, making the protocol not upgradeable
Sponsor Disputed
The sponsor disputed this issue's validity
#168
opened Oct 27, 2024 by
sherlock-admin2
sh1v - Missing Conditional Registration for New LayerZero Endpoint on OApp Reinitialization May Cause Call Failures
Sponsor Disputed
The sponsor disputed this issue's validity
#167
opened Oct 27, 2024 by
sherlock-admin2
sh1v - [High] Missing The sponsor acknowledged this issue is valid
deposit_token
Validation in Orderly Vaults deposit Instruction Allows Unauthorized Cross-Chain Transfers
Sponsor Confirmed
#166
opened Oct 27, 2024 by
sherlock-admin2
steadyman - The lack of payable modifier makes the withdraw function unusable
Sponsor Disputed
The sponsor disputed this issue's validity
#165
opened Oct 27, 2024 by
sherlock-admin2
0rpse - token accounts are not verified against token_hash
Sponsor Confirmed
The sponsor acknowledged this issue is valid
#164
opened Oct 27, 2024 by
sherlock-admin2
Silvermist - Zero-amount deposits will cause an underflow on withdrawal
Sponsor Disputed
The sponsor disputed this issue's validity
#163
opened Oct 27, 2024 by
sherlock-admin2
Anirruth - USDC could get stuck if address is blacklisted or block bridge.
Sponsor Confirmed
The sponsor acknowledged this issue is valid
#162
opened Oct 27, 2024 by
sherlock-admin2
gerdusx - Can't re-initialize The sponsor disputed this issue's validity
vault_authority
once initialized
Sponsor Disputed
#161
opened Oct 27, 2024 by
sherlock-admin2
0rpse - reset instructions will not work
Sponsor Disputed
The sponsor disputed this issue's validity
#160
opened Oct 27, 2024 by
sherlock-admin2
Anirruth - Gas could get stuck in the contract
Sponsor Disputed
The sponsor disputed this issue's validity
#159
opened Oct 27, 2024 by
sherlock-admin2
0rpse - lz_receive can be called with any user account to steal from users
Sponsor Confirmed
The sponsor acknowledged this issue is valid
#158
opened Oct 27, 2024 by
sherlock-admin3
dod4ufn - User will be able to use any deposit_token to bridge usdc
Sponsor Confirmed
The sponsor acknowledged this issue is valid
#157
opened Oct 27, 2024 by
sherlock-admin2
dod4ufn - Actor can frontrun lz_receive and steal users’ withdrawal
Sponsor Confirmed
The sponsor acknowledged this issue is valid
#156
opened Oct 27, 2024 by
sherlock-admin3
gerdusx - Protocol unable to reinitialize The sponsor disputed this issue's validity
oapp_config
Sponsor Disputed
#155
opened Oct 27, 2024 by
sherlock-admin2
pwnforce - Tokens Permanently Locked in Vault Due to Absence of Revert or Retry Mechanism
Sponsor Disputed
The sponsor disputed this issue's validity
#154
opened Oct 27, 2024 by
sherlock-admin3
davidkathoh - Missing Fee Validation in Token Withdrawal
Sponsor Disputed
The sponsor disputed this issue's validity
#153
opened Oct 27, 2024 by
sherlock-admin3
S3v3ru5 - Attacker can steal funds by withdrawing a token different from the request withdrawal token
Sponsor Disputed
The sponsor disputed this issue's validity
#152
opened Oct 27, 2024 by
sherlock-admin2
LZ_security - Due to missing checks on minimum gas and fee passed through LayerZero, executions can fail on the destination chain
Sponsor Disputed
The sponsor disputed this issue's validity
#151
opened Oct 27, 2024 by
sherlock-admin2
LZ_security - During the deposit process, there is no instruction for the user to transfer the gas fee, nor is there a setting for the gas fee refund address.
Sponsor Disputed
The sponsor disputed this issue's validity
#150
opened Oct 27, 2024 by
sherlock-admin2
LZ_security - The OAppLzReceive contract lacks underflow checks, which could allow an attacker to exploit this vulnerability to steal funds.
Sponsor Disputed
The sponsor disputed this issue's validity
#149
opened Oct 27, 2024 by
sherlock-admin2
Anirruth - Fees refund sent to wrong address
Sponsor Disputed
The sponsor disputed this issue's validity
#148
opened Oct 27, 2024 by
sherlock-admin4
0xSpearmint1 - Incorrect Use of init Constraint in ReinitOApp Instruction
Sponsor Disputed
The sponsor disputed this issue's validity
#147
opened Oct 27, 2024 by
sherlock-admin4
0xNirix - Missing LayerZero Ordered Execution Option For Orderly Chain Messages
Sponsor Disputed
The sponsor disputed this issue's validity
Won't Fix
The sponsor confirmed this issue will not be fixed
#146
opened Oct 27, 2024 by
sherlock-admin4
Previous Next
ProTip!
Type g i on any issue or pull request to go back to the issue listing page.