Active Boosts

Ethereum Protocol | Attackathon

Reports by Severity

Medium

  • #37466 [BC-Medium] Evil-client OOM crash (fast P2P crash)

  • #38292 [SC-Medium] Incorrect Sqrt Calculation Result

  • #38682 [SC-Medium] AugAssign evaluation order causing OOB write within the object

  • #38733 [BC-Medium] nibmus-eth2 remote crash

  • #38920 [BC-Medium] teku remote DoS

  • #38146 [BC-Medium] nimbus-eth2 remote crash

Low

  • #38502 [BC-Low] Pending pool subtraction overflow causes node halt/shutdown

  • #38505 [SC-Low] IRNode Multi-Evaluation In For List Iter

  • #38530 [SC-Low] Incorrectly Eliminated Code With Side Effect In Concat Args

  • #38554 [BC-Low] Incorrect Transaction Fee Check in `SendRawTransaction()`

  • #37199 [BC-Low] Potential Chain Fork Due to Shallow Copy of Byte Slice

  • #37245 [BC-Low] lodestar snappy decompression issue

  • #38686 [BC-Low] Nodes with trusted peers vulnerable to pending peer flooding and DoS

  • #37985 [SC-Low] Incorrectly Eliminate Code With Side Effect In Slice Args

  • #38807 [BC-Low] DoS any reth node via ban logic exploit

  • #37462 [BC-Low] Invalid RLP decoding for single bytes

  • #38850 [BC-Low] Remote P2P OOM Crash (GetBlockHeaders) / Reth

  • #38855 [SC-Low] Evaluation order is not respected in `log` function

  • #38894 [BC-Low] Missing expiration check for Pong and Neighbors packets and not refreshing the endpoint proof

  • #38275 [BC-Low] Evil-client P2P headers-traversal leads to D/DoS and total peer removal

  • #37582 [SC-Low] Incorrect HexString Parsing Leads To Compilation Error Or Type Confusion

  • #37583 [SC-Low] Incorrect For Annotation Parsing

  • #38958 [BC-Low] EELS cant handle overflow gas calculation in modexp precompile

  • #38828 [BC-Low] Decode RLP of Legacy Transaction Allows Tailing Bytes

  • #37113 [BC-Low] A potential out-of-range panic has been discovered in the Ethereum client Erigon ( https://github.com/erigontech/erigon ), though it does not seem to be exploitable at this moment du...

  • #38459 [BC-Low] erigon remote DoS

  • #37246 [BC-Low] lodestar snappy checksum issue

  • #37634 [SC-Low] Incorrect Builtin ERC4626 Call Signature

  • #38427 [BC-Low] Discrepancy in Intrinsic Gas Calculation between Txpool and EVM Execution

  • #38902 [BC-Low] No check on the maximum size of the encoded ENR on ENR_RESPONSE packet

  • #38948 [BC-Low] lighthouse remote DoS

  • #38278 [BC-Low] Potential DoS to Mempool Due to Missing Gas Limit Check

  • #38318 [BC-Low] nimbus-eth2: Gossipsub misconfiguration allows malicious peers gossip malformed data without penalization

Insight

  • #37646 [BC-Insight] No implementation of BLOB_SIDECAR_SUBNET_COUNT with no issue and no PR in the GitHub

  • #37134 [BC-Insight] Improper secp256k sanitization

  • #37695 [BC-Insight] Executing transaction that has a wrong nonce might triggered a chain split due to mismatch stateroot

  • #37120 [BC-Insight] Remote handshake-based TCP/30303 flooding leads to an out-of-memory crash

  • #37191 [BC-Insight] Unvalidated Field Names in Tuple ABI Parsing Causes Runtime Panic via reflect.StructOf

  • #37593 [BC-Insight] Inconsistent Address Collision Check Against Precompile Contracts During Contract Deployment

  • #38598 [BC-Insight] GetReceiptsMsg abuse leads to the DoS and/or crash of every EL client in the Ethereum network

  • #37352 [BC-Insight] Missing Liveness Check in `collectTableNodes()`

  • #37359 [BC-Insight] Failure to Generate ABI Binding in Golang

  • #37351 [BC-Insight] Resubscribe Deadlocks When Unsubscribing Within An Unblock Channel

  • #38766 [BC-Insight] Nil Pointer Dereference Panics in encodePayload() of Blob Tx’s Encoding

  • #37442 [BC-Insight] Potential Address Collision with Precompile Contract During Contract Deployment

  • #38169 [SC-Insight] Deferred Evaluation Of `Default_Return_Value` May Skip Side Effect Execution

  • #37483 [BC-Insight] There is a trace discrepancy for Nethermind when handling EOF from PUSH opcode

  • #37505 [BC-Insight] Remotely spamming 1 byte leads to full peer removal and desync in both execution and consensus clients

  • #37568 [BC-Insight] Missing Specification Logic

  • #37300 [BC-Insight] Incorrect Encoding of Negative *big.Int Values in MakeTopics

  • #38277 [BC-Insight] Potential Out-of-Range Panic in `UnmarshalJSON()` of `HexOrDecimal256`

  • #38908 [BC-Insight] Missing Failed Subcalls in Erigon Tracers When Encountering `ErrInsufficientBalance` Error

  • #39018 [BC-Insight] Rate Limiting Under-Specification and Consequences

  • #37286 [SC-Insight] Elimination of Security Checks in ForkCreator Class

  • #37148 [BC-Insight] `wantedPeerDials()` branch will never be executed

  • #38557 [BC-Insight] Function `IsPush()` Misses Opcode PUSH0

  • #37584 [SC-Insight] Nonpayable Not Respected For Internal Function

  • #38581 [SC-Insight] Incorrect unwrap on Bytes and String

  • #37210 [BC-Insight] Missing Check of HTTP Batch Response Length

  • #37350 [BC-Insight] `null` Is Not Unmarshalled Correctly Into json.RawMessage

  • #37104 [BC-Insight] Reth RPC is vulnerable to DNS rebinding attacks

  • #38015 [BC-Insight] Violation of EIP-2681 in Create Transaction

  • #37186 [BC-Insight] Missing Validation for Fixed-Size bytes Types in ABI Parsing

  • #38319 [BC-Insight] Edge case difference for GETH and NETHERMIND when calculating memory expansion gas

  • #37594 [SC-Insight] Nimbus incorrectly rejects non-minimally encoded snappy data length's due to spec. ambiguity

  • #37153 [BC-Insight] Malicious validator can bring down honest nodes

  • #37577 [BC-Insight] `tx.origin` Usage in Group Management Contract Allows Phishing Attack for Unauthorized Actions

  • #38693 [SC-Insight] BytesM to Bytes conversion does not match the reference implementation

Reports by Type

Smart Contract

  • #38505 [SC-Low] IRNode Multi-Evaluation In For List Iter

  • #38530 [SC-Low] Incorrectly Eliminated Code With Side Effect In Concat Args

  • #37985 [SC-Low] Incorrectly Eliminate Code With Side Effect In Slice Args

  • #38169 [SC-Insight] Deferred Evaluation Of `Default_Return_Value` May Skip Side Effect Execution

  • #38855 [SC-Low] Evaluation order is not respected in `log` function

  • #37582 [SC-Low] Incorrect HexString Parsing Leads To Compilation Error Or Type Confusion

  • #37583 [SC-Low] Incorrect For Annotation Parsing

  • #38292 [SC-Medium] Incorrect Sqrt Calculation Result

  • #38682 [SC-Medium] AugAssign evaluation order causing OOB write within the object

  • #37286 [SC-Insight] Elimination of Security Checks in ForkCreator Class

  • #37634 [SC-Low] Incorrect Builtin ERC4626 Call Signature

  • #37584 [SC-Insight] Nonpayable Not Respected For Internal Function

  • #38581 [SC-Insight] Incorrect unwrap on Bytes and String

  • #37594 [SC-Insight] Nimbus incorrectly rejects non-minimally encoded snappy data length's due to spec. ambiguity

  • #38693 [SC-Insight] BytesM to Bytes conversion does not match the reference implementation

Blockchain/DLT

  • #37646 [BC-Insight] No implementation of BLOB_SIDECAR_SUBNET_COUNT with no issue and no PR in the GitHub

  • #38502 [BC-Low] Pending pool subtraction overflow causes node halt/shutdown

  • #38554 [BC-Low] Incorrect Transaction Fee Check in `SendRawTransaction()`

  • #37134 [BC-Insight] Improper secp256k sanitization

  • #37695 [BC-Insight] Executing transaction that has a wrong nonce might triggered a chain split due to mismatch stateroot

  • #37120 [BC-Insight] Remote handshake-based TCP/30303 flooding leads to an out-of-memory crash

  • #37191 [BC-Insight] Unvalidated Field Names in Tuple ABI Parsing Causes Runtime Panic via reflect.StructOf

  • #37199 [BC-Low] Potential Chain Fork Due to Shallow Copy of Byte Slice

  • #37245 [BC-Low] lodestar snappy decompression issue

  • #38686 [BC-Low] Nodes with trusted peers vulnerable to pending peer flooding and DoS

  • #37593 [BC-Insight] Inconsistent Address Collision Check Against Precompile Contracts During Contract Deployment

  • #38598 [BC-Insight] GetReceiptsMsg abuse leads to the DoS and/or crash of every EL client in the Ethereum network

  • #37466 [BC-Medium] Evil-client OOM crash (fast P2P crash)

  • #37352 [BC-Insight] Missing Liveness Check in `collectTableNodes()`

  • #37359 [BC-Insight] Failure to Generate ABI Binding in Golang

  • #37351 [BC-Insight] Resubscribe Deadlocks When Unsubscribing Within An Unblock Channel

  • #38766 [BC-Insight] Nil Pointer Dereference Panics in encodePayload() of Blob Tx’s Encoding

  • #38807 [BC-Low] DoS any reth node via ban logic exploit

  • #37442 [BC-Insight] Potential Address Collision with Precompile Contract During Contract Deployment

  • #37462 [BC-Low] Invalid RLP decoding for single bytes

  • #37483 [BC-Insight] There is a trace discrepancy for Nethermind when handling EOF from PUSH opcode

  • #38850 [BC-Low] Remote P2P OOM Crash (GetBlockHeaders) / Reth

  • #37505 [BC-Insight] Remotely spamming 1 byte leads to full peer removal and desync in both execution and consensus clients

  • #37568 [BC-Insight] Missing Specification Logic

  • #38894 [BC-Low] Missing expiration check for Pong and Neighbors packets and not refreshing the endpoint proof

  • #38275 [BC-Low] Evil-client P2P headers-traversal leads to D/DoS and total peer removal

  • #37300 [BC-Insight] Incorrect Encoding of Negative *big.Int Values in MakeTopics

  • #38277 [BC-Insight] Potential Out-of-Range Panic in `UnmarshalJSON()` of `HexOrDecimal256`

  • #38908 [BC-Insight] Missing Failed Subcalls in Erigon Tracers When Encountering `ErrInsufficientBalance` Error

  • #38958 [BC-Low] EELS cant handle overflow gas calculation in modexp precompile

  • #38828 [BC-Low] Decode RLP of Legacy Transaction Allows Tailing Bytes

  • #39018 [BC-Insight] Rate Limiting Under-Specification and Consequences

  • #37113 [BC-Low] A potential out-of-range panic has been discovered in the Ethereum client Erigon ( https://github.com/erigontech/erigon ), though it does not seem to be exploitable at this moment du...

  • #38459 [BC-Low] erigon remote DoS

  • #37246 [BC-Low] lodestar snappy checksum issue

  • #38733 [BC-Medium] nibmus-eth2 remote crash

  • #38920 [BC-Medium] teku remote DoS

  • #37148 [BC-Insight] `wantedPeerDials()` branch will never be executed

  • #38557 [BC-Insight] Function `IsPush()` Misses Opcode PUSH0

  • #38427 [BC-Low] Discrepancy in Intrinsic Gas Calculation between Txpool and EVM Execution

  • #37210 [BC-Insight] Missing Check of HTTP Batch Response Length

  • #38902 [BC-Low] No check on the maximum size of the encoded ENR on ENR_RESPONSE packet

  • #37350 [BC-Insight] `null` Is Not Unmarshalled Correctly Into json.RawMessage

  • #37104 [BC-Insight] Reth RPC is vulnerable to DNS rebinding attacks

  • #38948 [BC-Low] lighthouse remote DoS

  • #38015 [BC-Insight] Violation of EIP-2681 in Create Transaction

  • #37186 [BC-Insight] Missing Validation for Fixed-Size bytes Types in ABI Parsing

  • #38319 [BC-Insight] Edge case difference for GETH and NETHERMIND when calculating memory expansion gas

  • #37153 [BC-Insight] Malicious validator can bring down honest nodes

  • #38278 [BC-Low] Potential DoS to Mempool Due to Missing Gas Limit Check

  • #38318 [BC-Low] nimbus-eth2: Gossipsub misconfiguration allows malicious peers gossip malformed data without penalization

  • #37577 [BC-Insight] `tx.origin` Usage in Group Management Contract Allows Phishing Attack for Unauthorized Actions

  • #38146 [BC-Medium] nimbus-eth2 remote crash

Previous#40007 [BC-Critical] Drain node staking account due to improper validation of SetCertTime internal transactionNext#38146 [BC-Medium] nimbus-eth2 remote crash

Was this helpful?