Skip to content

Issues: sherlock-audit/2024-09-orderly-network-solana-contract-judging

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

170 Open 6 Closed
170 Open 6 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Albort - When a PDA (Program Derived Address) is required to perform signing operations but invoke_signed is not used, the transaction will fail Sponsor Disputed The sponsor disputed this issue's validity
#170 opened Oct 27, 2024 by sherlock-admin2
turvec - SolCOnnector.sol address passed to lzSend() will cause fees refunded to be stucked Sponsor Disputed The sponsor disputed this issue's validity
#169 opened Oct 27, 2024 by sherlock-admin2
sa9933 - The UUPS proxie standard is implemented incorrectly, making the protocol not upgradeable Sponsor Disputed The sponsor disputed this issue's validity
#168 opened Oct 27, 2024 by sherlock-admin2
sh1v - Missing Conditional Registration for New LayerZero Endpoint on OApp Reinitialization May Cause Call Failures Sponsor Disputed The sponsor disputed this issue's validity
#167 opened Oct 27, 2024 by sherlock-admin2
sh1v - [High] Missing deposit_token Validation in Orderly Vaults deposit Instruction Allows Unauthorized Cross-Chain Transfers Sponsor Confirmed The sponsor acknowledged this issue is valid
#166 opened Oct 27, 2024 by sherlock-admin2
steadyman - The lack of payable modifier makes the withdraw function unusable Sponsor Disputed The sponsor disputed this issue's validity
#165 opened Oct 27, 2024 by sherlock-admin2
0rpse - token accounts are not verified against token_hash Sponsor Confirmed The sponsor acknowledged this issue is valid
#164 opened Oct 27, 2024 by sherlock-admin2
Silvermist - Zero-amount deposits will cause an underflow on withdrawal Sponsor Disputed The sponsor disputed this issue's validity
#163 opened Oct 27, 2024 by sherlock-admin2
Anirruth - USDC could get stuck if address is blacklisted or block bridge. Sponsor Confirmed The sponsor acknowledged this issue is valid
#162 opened Oct 27, 2024 by sherlock-admin2
gerdusx - Can't re-initialize vault_authority once initialized Sponsor Disputed The sponsor disputed this issue's validity
#161 opened Oct 27, 2024 by sherlock-admin2
0rpse - reset instructions will not work Sponsor Disputed The sponsor disputed this issue's validity
#160 opened Oct 27, 2024 by sherlock-admin2
Anirruth - Gas could get stuck in the contract Sponsor Disputed The sponsor disputed this issue's validity
#159 opened Oct 27, 2024 by sherlock-admin2
0rpse - lz_receive can be called with any user account to steal from users Sponsor Confirmed The sponsor acknowledged this issue is valid
#158 opened Oct 27, 2024 by sherlock-admin3
dod4ufn - User will be able to use any deposit_token to bridge usdc Sponsor Confirmed The sponsor acknowledged this issue is valid
#157 opened Oct 27, 2024 by sherlock-admin2
dod4ufn - Actor can frontrun lz_receive and steal users’ withdrawal Sponsor Confirmed The sponsor acknowledged this issue is valid
#156 opened Oct 27, 2024 by sherlock-admin3
gerdusx - Protocol unable to reinitialize oapp_config Sponsor Disputed The sponsor disputed this issue's validity
#155 opened Oct 27, 2024 by sherlock-admin2
pwnforce - Tokens Permanently Locked in Vault Due to Absence of Revert or Retry Mechanism Sponsor Disputed The sponsor disputed this issue's validity
#154 opened Oct 27, 2024 by sherlock-admin3
davidkathoh - Missing Fee Validation in Token Withdrawal Sponsor Disputed The sponsor disputed this issue's validity
#153 opened Oct 27, 2024 by sherlock-admin3
S3v3ru5 - Attacker can steal funds by withdrawing a token different from the request withdrawal token Sponsor Disputed The sponsor disputed this issue's validity
#152 opened Oct 27, 2024 by sherlock-admin2
LZ_security - Due to missing checks on minimum gas and fee passed through LayerZero, executions can fail on the destination chain Sponsor Disputed The sponsor disputed this issue's validity
#151 opened Oct 27, 2024 by sherlock-admin2
LZ_security - During the deposit process, there is no instruction for the user to transfer the gas fee, nor is there a setting for the gas fee refund address. Sponsor Disputed The sponsor disputed this issue's validity
#150 opened Oct 27, 2024 by sherlock-admin2
LZ_security - The OAppLzReceive contract lacks underflow checks, which could allow an attacker to exploit this vulnerability to steal funds. Sponsor Disputed The sponsor disputed this issue's validity
#149 opened Oct 27, 2024 by sherlock-admin2
Anirruth - Fees refund sent to wrong address Sponsor Disputed The sponsor disputed this issue's validity
#148 opened Oct 27, 2024 by sherlock-admin4
0xSpearmint1 - Incorrect Use of init Constraint in ReinitOApp Instruction Sponsor Disputed The sponsor disputed this issue's validity
#147 opened Oct 27, 2024 by sherlock-admin4
0xNirix - Missing LayerZero Ordered Execution Option For Orderly Chain Messages Sponsor Disputed The sponsor disputed this issue's validity
#146 opened Oct 27, 2024 by sherlock-admin4
ProTip! no:milestone will show everything without a milestone.