Skip to content

Issues: code-423n4/2024-05-canto-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

18 Open 18 Closed
18 Open 18 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

QA Report bug Something isn't working grade-b Q-01 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_primary AI based primary recommendation sufficient quality report This report is of sufficient quality
#36 opened Jun 24, 2024 by howlbot-integration bot
1
QA Report 3rd place bug Something isn't working grade-b Q-02 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#35 opened Jun 24, 2024 by howlbot-integration bot
2
QA Report 2nd place bug Something isn't working edited-by-warden grade-a Q-03 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#34 opened Jun 24, 2024 by howlbot-integration bot
2
QA Report 1st place bug Something isn't working edited-by-warden grade-a Q-04 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax selected for report This submission will be included/highlighted in the audit report sufficient quality report This report is of sufficient quality
#33 opened Jun 24, 2024 by howlbot-integration bot
6
10
An attacker can DoS a coinswap pool 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue M-01 primary issue Highest quality submission among a set of duplicates 🤖_02_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sufficient quality report This report is of sufficient quality
#28 opened Jun 21, 2024 by howlbot-integration bot
3
MsgSwapOrder will never work for Canto nodes 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working edited-by-warden M-02 primary issue Highest quality submission among a set of duplicates 🤖_12_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#27 opened Jun 21, 2024 by howlbot-integration bot
1
7
Price manipulation in coinswap::pool bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-13 grade-b Q-05 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_02_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#26 opened Jun 21, 2024 by howlbot-integration bot
4
A malicious pool creator or first depositor can make depositing and removing liquidity unfavorable for other users. bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-13 edited-by-warden grade-a QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_02_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#25 opened Jun 21, 2024 by howlbot-integration bot
2
Malicious First depositor can DOSed the add liquidity function in coinswap module bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-13 edited-by-warden grade-b Q-06 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_02_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#24 opened Jun 21, 2024 by howlbot-integration bot
2
OnRecvPacket can lead to loss of funds when swapping and converting due to lack of rollback/poor error handling bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-b primary issue Highest quality submission among a set of duplicates Q-07 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_08_group AI based duplicate group recommendation sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#19 opened Jun 21, 2024 by howlbot-integration bot
9
Wrong address prefix for ethermint bech32 account leads to inability to authorize users bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-a primary issue Highest quality submission among a set of duplicates QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_primary AI based primary recommendation sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#17 opened Jun 21, 2024 by howlbot-integration bot
4
Oppornity to drain funds because of missing propId validaiton in govshuttle bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue edited-by-warden grade-b primary issue Highest quality submission among a set of duplicates Q-08 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_primary AI based primary recommendation sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#15 opened Jun 21, 2024 by howlbot-integration bot
6
coinswap liquidity pool susceptible to inflation attacks bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-b primary issue Highest quality submission among a set of duplicates Q-09 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_02_group AI based duplicate group recommendation sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue sufficient quality report This report is of sufficient quality
#13 opened Jun 20, 2024 by c4-bot-3
6
QA Report bug Something isn't working grade-b ineligible for award Q-10 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#12 opened Jun 18, 2024 by c4-bot-2
4
blockedAddrs can bypass bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-b insufficient quality report This report is not of sufficient quality Q-11 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_primary AI based primary recommendation sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#10 opened Jun 16, 2024 by c4-bot-6
4
Govshuttle module does not register its transaction MsgServer 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working edited-by-warden ineligible for award M-03 🤖_05_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#5 opened Jun 15, 2024 by c4-bot-5
5
Incorrect names provided in RegisterConcrete calls break LegacyAmino signing method 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working edited-by-warden ineligible for award M-04 🤖_primary AI based primary recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#2 opened Jun 13, 2024 by c4-bot-7
1
5
Agreements & Disclosures
#1 opened May 28, 2024 by code4rena-id bot
ProTip! Mix and match filters to narrow down what you’re looking for.