Ethereum Protocol Attackathon

#37466 [BC-Medium] Evil-client OOM crash (fast P2P crash)

#38292 [SC-Medium] Incorrect Sqrt Calculation Result

#38682 [SC-Medium] AugAssign evaluation order causing OOB write within the object

#38733 [BC-Medium] nibmus-eth2 remote crash

#38920 [BC-Medium] teku remote DoS

#38146 [BC-Medium] nimbus-eth2 remote crash

#38502 [BC-Low] Pending pool subtraction overflow causes node halt/shutdown

#38505 [SC-Low] IRNode Multi-Evaluation In For List Iter

#38530 [SC-Low] Incorrectly Eliminated Code With Side Effect In Concat Args

#38554 [BC-Low] Incorrect Transaction Fee Check in `SendRawTransaction()`

#37199 [BC-Low] Potential Chain Fork Due to Shallow Copy of Byte Slice

#37245 [BC-Low] lodestar snappy decompression issue

#38686 [BC-Low] Nodes with trusted peers vulnerable to pending peer flooding and DoS

#37985 [SC-Low] Incorrectly Eliminate Code With Side Effect In Slice Args

#38807 [BC-Low] DoS any reth node via ban logic exploit

#37462 [BC-Low] Invalid RLP decoding for single bytes

#38850 [BC-Low] Remote P2P OOM Crash (GetBlockHeaders) / Reth

#38855 [SC-Low] Evaluation order is not respected in `log` function

#38894 [BC-Low] Missing expiration check for Pong and Neighbors packets and not refreshing the endpoint proof

#38275 [BC-Low] Evil-client P2P headers-traversal leads to D/DoS and total peer removal

#37582 [SC-Low] Incorrect HexString Parsing Leads To Compilation Error Or Type Confusion

#37583 [SC-Low] Incorrect For Annotation Parsing

#38958 [BC-Low] EELS cant handle overflow gas calculation in modexp precompile

#38828 [BC-Low] Decode RLP of Legacy Transaction Allows Tailing Bytes

#37113 [BC-Low] A potential out-of-range panic has been discovered in the Ethereum client Erigon ( https://github.com/erigontech/erigon ), though it does not seem to be exploitable at this moment du...

#38459 [BC-Low] erigon remote DoS

#37246 [BC-Low] lodestar snappy checksum issue

#37634 [SC-Low] Incorrect Builtin ERC4626 Call Signature

#38427 [BC-Low] Discrepancy in Intrinsic Gas Calculation between Txpool and EVM Execution

#38902 [BC-Low] No check on the maximum size of the encoded ENR on ENR_RESPONSE packet

#38948 [BC-Low] lighthouse remote DoS

#38278 [BC-Low] Potential DoS to Mempool Due to Missing Gas Limit Check

#38318 [BC-Low] nimbus-eth2: Gossipsub misconfiguration allows malicious peers gossip malformed data without penalization

#37646 [BC-Insight] No implementation of BLOB_SIDECAR_SUBNET_COUNT with no issue and no PR in the GitHub

#37134 [BC-Insight] Improper secp256k sanitization

#37695 [BC-Insight] Executing transaction that has a wrong nonce might triggered a chain split due to mismatch stateroot

#37120 [BC-Insight] Remote handshake-based TCP/30303 flooding leads to an out-of-memory crash

#37191 [BC-Insight] Unvalidated Field Names in Tuple ABI Parsing Causes Runtime Panic via reflect.StructOf

#37593 [BC-Insight] Inconsistent Address Collision Check Against Precompile Contracts During Contract Deployment

#38598 [BC-Insight] GetReceiptsMsg abuse leads to the DoS and/or crash of every EL client in the Ethereum network

#37352 [BC-Insight] Missing Liveness Check in `collectTableNodes()`

#37359 [BC-Insight] Failure to Generate ABI Binding in Golang

#37351 [BC-Insight] Resubscribe Deadlocks When Unsubscribing Within An Unblock Channel

#38766 [BC-Insight] Nil Pointer Dereference Panics in encodePayload() of Blob Tx’s Encoding

#37442 [BC-Insight] Potential Address Collision with Precompile Contract During Contract Deployment

#38169 [SC-Insight] Deferred Evaluation Of `Default_Return_Value` May Skip Side Effect Execution

#37483 [BC-Insight] There is a trace discrepancy for Nethermind when handling EOF from PUSH opcode

#37505 [BC-Insight] Remotely spamming 1 byte leads to full peer removal and desync in both execution and consensus clients

#37568 [BC-Insight] Missing Specification Logic

#37300 [BC-Insight] Incorrect Encoding of Negative *big.Int Values in MakeTopics

#38277 [BC-Insight] Potential Out-of-Range Panic in `UnmarshalJSON()` of `HexOrDecimal256`

#38908 [BC-Insight] Missing Failed Subcalls in Erigon Tracers When Encountering `ErrInsufficientBalance` Error

#39018 [BC-Insight] Rate Limiting Under-Specification and Consequences

#37286 [SC-Insight] Elimination of Security Checks in ForkCreator Class

#37148 [BC-Insight] `wantedPeerDials()` branch will never be executed

#38557 [BC-Insight] Function `IsPush()` Misses Opcode PUSH0

#37584 [SC-Insight] Nonpayable Not Respected For Internal Function

#38581 [SC-Insight] Incorrect unwrap on Bytes and String

#37210 [BC-Insight] Missing Check of HTTP Batch Response Length

#37350 [BC-Insight] `null` Is Not Unmarshalled Correctly Into json.RawMessage

#37104 [BC-Insight] Reth RPC is vulnerable to DNS rebinding attacks

#38015 [BC-Insight] Violation of EIP-2681 in Create Transaction

#37186 [BC-Insight] Missing Validation for Fixed-Size bytes Types in ABI Parsing

#38319 [BC-Insight] Edge case difference for GETH and NETHERMIND when calculating memory expansion gas

#37594 [SC-Insight] Nimbus incorrectly rejects non-minimally encoded snappy data length's due to spec. ambiguity

#37153 [BC-Insight] Malicious validator can bring down honest nodes

#37577 [BC-Insight] `tx.origin` Usage in Group Management Contract Allows Phishing Attack for Unauthorized Actions

#38693 [SC-Insight] BytesM to Bytes conversion does not match the reference implementation

#38505 [SC-Low] IRNode Multi-Evaluation In For List Iter

#38530 [SC-Low] Incorrectly Eliminated Code With Side Effect In Concat Args

#37985 [SC-Low] Incorrectly Eliminate Code With Side Effect In Slice Args

#38169 [SC-Insight] Deferred Evaluation Of `Default_Return_Value` May Skip Side Effect Execution

#38855 [SC-Low] Evaluation order is not respected in `log` function

#37582 [SC-Low] Incorrect HexString Parsing Leads To Compilation Error Or Type Confusion

#37583 [SC-Low] Incorrect For Annotation Parsing

#38292 [SC-Medium] Incorrect Sqrt Calculation Result

#38682 [SC-Medium] AugAssign evaluation order causing OOB write within the object

#37286 [SC-Insight] Elimination of Security Checks in ForkCreator Class

#37634 [SC-Low] Incorrect Builtin ERC4626 Call Signature

#37584 [SC-Insight] Nonpayable Not Respected For Internal Function

#38581 [SC-Insight] Incorrect unwrap on Bytes and String

#37594 [SC-Insight] Nimbus incorrectly rejects non-minimally encoded snappy data length's due to spec. ambiguity

#38693 [SC-Insight] BytesM to Bytes conversion does not match the reference implementation

#37646 [BC-Insight] No implementation of BLOB_SIDECAR_SUBNET_COUNT with no issue and no PR in the GitHub

#38502 [BC-Low] Pending pool subtraction overflow causes node halt/shutdown

#38554 [BC-Low] Incorrect Transaction Fee Check in `SendRawTransaction()`

#37134 [BC-Insight] Improper secp256k sanitization

#37695 [BC-Insight] Executing transaction that has a wrong nonce might triggered a chain split due to mismatch stateroot

#37120 [BC-Insight] Remote handshake-based TCP/30303 flooding leads to an out-of-memory crash

#37191 [BC-Insight] Unvalidated Field Names in Tuple ABI Parsing Causes Runtime Panic via reflect.StructOf

#37199 [BC-Low] Potential Chain Fork Due to Shallow Copy of Byte Slice

#37245 [BC-Low] lodestar snappy decompression issue

#38686 [BC-Low] Nodes with trusted peers vulnerable to pending peer flooding and DoS

#37593 [BC-Insight] Inconsistent Address Collision Check Against Precompile Contracts During Contract Deployment

#38598 [BC-Insight] GetReceiptsMsg abuse leads to the DoS and/or crash of every EL client in the Ethereum network

#37466 [BC-Medium] Evil-client OOM crash (fast P2P crash)

#37352 [BC-Insight] Missing Liveness Check in `collectTableNodes()`

#37359 [BC-Insight] Failure to Generate ABI Binding in Golang

#37351 [BC-Insight] Resubscribe Deadlocks When Unsubscribing Within An Unblock Channel

#38766 [BC-Insight] Nil Pointer Dereference Panics in encodePayload() of Blob Tx’s Encoding

#38807 [BC-Low] DoS any reth node via ban logic exploit

#37442 [BC-Insight] Potential Address Collision with Precompile Contract During Contract Deployment

#37462 [BC-Low] Invalid RLP decoding for single bytes

#37483 [BC-Insight] There is a trace discrepancy for Nethermind when handling EOF from PUSH opcode

#38850 [BC-Low] Remote P2P OOM Crash (GetBlockHeaders) / Reth

#37505 [BC-Insight] Remotely spamming 1 byte leads to full peer removal and desync in both execution and consensus clients

#37568 [BC-Insight] Missing Specification Logic

#38894 [BC-Low] Missing expiration check for Pong and Neighbors packets and not refreshing the endpoint proof

#38275 [BC-Low] Evil-client P2P headers-traversal leads to D/DoS and total peer removal

#37300 [BC-Insight] Incorrect Encoding of Negative *big.Int Values in MakeTopics

#38277 [BC-Insight] Potential Out-of-Range Panic in `UnmarshalJSON()` of `HexOrDecimal256`

#38908 [BC-Insight] Missing Failed Subcalls in Erigon Tracers When Encountering `ErrInsufficientBalance` Error

#38958 [BC-Low] EELS cant handle overflow gas calculation in modexp precompile

#38828 [BC-Low] Decode RLP of Legacy Transaction Allows Tailing Bytes

#39018 [BC-Insight] Rate Limiting Under-Specification and Consequences

#37113 [BC-Low] A potential out-of-range panic has been discovered in the Ethereum client Erigon ( https://github.com/erigontech/erigon ), though it does not seem to be exploitable at this moment du...

#38459 [BC-Low] erigon remote DoS

#37246 [BC-Low] lodestar snappy checksum issue

#38733 [BC-Medium] nibmus-eth2 remote crash

#38920 [BC-Medium] teku remote DoS

#37148 [BC-Insight] `wantedPeerDials()` branch will never be executed

#38557 [BC-Insight] Function `IsPush()` Misses Opcode PUSH0

#38427 [BC-Low] Discrepancy in Intrinsic Gas Calculation between Txpool and EVM Execution

#37210 [BC-Insight] Missing Check of HTTP Batch Response Length

#38902 [BC-Low] No check on the maximum size of the encoded ENR on ENR_RESPONSE packet

#37350 [BC-Insight] `null` Is Not Unmarshalled Correctly Into json.RawMessage

#37104 [BC-Insight] Reth RPC is vulnerable to DNS rebinding attacks

#38948 [BC-Low] lighthouse remote DoS

#38015 [BC-Insight] Violation of EIP-2681 in Create Transaction

#37186 [BC-Insight] Missing Validation for Fixed-Size bytes Types in ABI Parsing

#38319 [BC-Insight] Edge case difference for GETH and NETHERMIND when calculating memory expansion gas

#37153 [BC-Insight] Malicious validator can bring down honest nodes

#38278 [BC-Low] Potential DoS to Mempool Due to Missing Gas Limit Check

#38318 [BC-Low] nimbus-eth2: Gossipsub misconfiguration allows malicious peers gossip malformed data without penalization

#37577 [BC-Insight] `tx.origin` Usage in Group Management Contract Allows Phishing Attack for Unauthorized Actions

#38146 [BC-Medium] nimbus-eth2 remote crash