# Ethereum Protocol | Attackathon
## Reports by Severity
Medium
* \#37466 \[BC-Medium] Evil-client OOM crash (fast P2P crash)
* \#38292 \[SC-Medium] Incorrect Sqrt Calculation Result
* \#38682 \[SC-Medium] AugAssign evaluation order causing OOB write within the object
* \#38733 \[BC-Medium] nibmus-eth2 remote crash
* \#38920 \[BC-Medium] teku remote DoS
* \#38146 \[BC-Medium] nimbus-eth2 remote crash
Low
* \#38502 \[BC-Low] Pending pool subtraction overflow causes node halt/shutdown
* \#38505 \[SC-Low] IRNode Multi-Evaluation In For List Iter
* \#38530 \[SC-Low] Incorrectly Eliminated Code With Side Effect In Concat Args
* \#38554 \[BC-Low] Incorrect Transaction Fee Check in \`SendRawTransaction()\`
* \#37199 \[BC-Low] Potential Chain Fork Due to Shallow Copy of Byte Slice
* \#37245 \[BC-Low] lodestar snappy decompression issue
* \#38686 \[BC-Low] Nodes with trusted peers vulnerable to pending peer flooding and DoS
* \#37985 \[SC-Low] Incorrectly Eliminate Code With Side Effect In Slice Args
* \#38807 \[BC-Low] DoS any reth node via ban logic exploit
* \#37462 \[BC-Low] Invalid RLP decoding for single bytes
* \#38850 \[BC-Low] Remote P2P OOM Crash (GetBlockHeaders) / Reth
* \#38855 \[SC-Low] Evaluation order is not respected in \`log\` function
* \#38894 \[BC-Low] Missing expiration check for Pong and Neighbors packets and not refreshing the endpoint proof
* \#38275 \[BC-Low] Evil-client P2P headers-traversal leads to D/DoS and total peer removal
* \#37582 \[SC-Low] Incorrect HexString Parsing Leads To Compilation Error Or Type Confusion
* \#37583 \[SC-Low] Incorrect For Annotation Parsing
* \#38958 \[BC-Low] EELS cant handle overflow gas calculation in modexp precompile
* \#38828 \[BC-Low] Decode RLP of Legacy Transaction Allows Tailing Bytes
* \#37113 \[BC-Low] A potential out-of-range panic has been discovered in the Ethereum client Erigon ( ), though it does not seem to be exploitable at this moment du...
* \#38459 \[BC-Low] erigon remote DoS
* \#37246 \[BC-Low] lodestar snappy checksum issue
* \#37634 \[SC-Low] Incorrect Builtin ERC4626 Call Signature
* \#38427 \[BC-Low] Discrepancy in Intrinsic Gas Calculation between Txpool and EVM Execution
* \#38902 \[BC-Low] No check on the maximum size of the encoded ENR on ENR\_RESPONSE packet
* \#38948 \[BC-Low] lighthouse remote DoS
* \#38278 \[BC-Low] Potential DoS to Mempool Due to Missing Gas Limit Check
* \#38318 \[BC-Low] nimbus-eth2: Gossipsub misconfiguration allows malicious peers gossip malformed data without penalization
Insight
* \#37646 \[BC-Insight] No implementation of BLOB\_SIDECAR\_SUBNET\_COUNT with no issue and no PR in the GitHub
* \#37134 \[BC-Insight] Improper secp256k sanitization
* \#37695 \[BC-Insight] Executing transaction that has a wrong nonce might triggered a chain split due to mismatch stateroot
* \#37120 \[BC-Insight] Remote handshake-based TCP/30303 flooding leads to an out-of-memory crash
* \#37191 \[BC-Insight] Unvalidated Field Names in Tuple ABI Parsing Causes Runtime Panic via reflect.StructOf
* \#37593 \[BC-Insight] Inconsistent Address Collision Check Against Precompile Contracts During Contract Deployment
* \#38598 \[BC-Insight] GetReceiptsMsg abuse leads to the DoS and/or crash of every EL client in the Ethereum network
* \#37352 \[BC-Insight] Missing Liveness Check in \`collectTableNodes()\`
* \#37359 \[BC-Insight] Failure to Generate ABI Binding in Golang
* \#37351 \[BC-Insight] Resubscribe Deadlocks When Unsubscribing Within An Unblock Channel
* \#38766 \[BC-Insight] Nil Pointer Dereference Panics in encodePayload() of Blob Tx’s Encoding
* \#37442 \[BC-Insight] Potential Address Collision with Precompile Contract During Contract Deployment
* \#38169 \[SC-Insight] Deferred Evaluation Of \`Default\_Return\_Value\` May Skip Side Effect Execution
* \#37483 \[BC-Insight] There is a trace discrepancy for Nethermind when handling EOF from PUSH opcode
* \#37505 \[BC-Insight] Remotely spamming 1 byte leads to full peer removal and desync in both execution and consensus clients
* \#37568 \[BC-Insight] Missing Specification Logic
* \#37300 \[BC-Insight] Incorrect Encoding of Negative \*big.Int Values in MakeTopics
* \#38277 \[BC-Insight] Potential Out-of-Range Panic in \`UnmarshalJSON()\` of \`HexOrDecimal256\`
* \#38908 \[BC-Insight] Missing Failed Subcalls in Erigon Tracers When Encountering \`ErrInsufficientBalance\` Error
* \#39018 \[BC-Insight] Rate Limiting Under-Specification and Consequences
* \#37286 \[SC-Insight] Elimination of Security Checks in ForkCreator Class
* \#37148 \[BC-Insight] \`wantedPeerDials()\` branch will never be executed
* \#38557 \[BC-Insight] Function \`IsPush()\` Misses Opcode PUSH0
* \#37584 \[SC-Insight] Nonpayable Not Respected For Internal Function
* \#38581 \[SC-Insight] Incorrect unwrap on Bytes and String
* \#37210 \[BC-Insight] Missing Check of HTTP Batch Response Length
* \#37350 \[BC-Insight] \`null\` Is Not Unmarshalled Correctly Into json.RawMessage
* \#37104 \[BC-Insight] Reth RPC is vulnerable to DNS rebinding attacks
* \#38015 \[BC-Insight] Violation of EIP-2681 in Create Transaction
* \#37186 \[BC-Insight] Missing Validation for Fixed-Size bytes Types in ABI Parsing
* \#38319 \[BC-Insight] Edge case difference for GETH and NETHERMIND when calculating memory expansion gas
* \#37594 \[SC-Insight] Nimbus incorrectly rejects non-minimally encoded snappy data length's due to spec. ambiguity
* \#37153 \[BC-Insight] Malicious validator can bring down honest nodes
* \#37577 \[BC-Insight] \`tx.origin\` Usage in Group Management Contract Allows Phishing Attack for Unauthorized Actions
* \#38693 \[SC-Insight] BytesM to Bytes conversion does not match the reference implementation
## Reports by Type
Smart Contract
* \#38505 \[SC-Low] IRNode Multi-Evaluation In For List Iter
* \#38530 \[SC-Low] Incorrectly Eliminated Code With Side Effect In Concat Args
* \#37985 \[SC-Low] Incorrectly Eliminate Code With Side Effect In Slice Args
* \#38169 \[SC-Insight] Deferred Evaluation Of \`Default\_Return\_Value\` May Skip Side Effect Execution
* \#38855 \[SC-Low] Evaluation order is not respected in \`log\` function
* \#37582 \[SC-Low] Incorrect HexString Parsing Leads To Compilation Error Or Type Confusion
* \#37583 \[SC-Low] Incorrect For Annotation Parsing
* \#38292 \[SC-Medium] Incorrect Sqrt Calculation Result
* \#38682 \[SC-Medium] AugAssign evaluation order causing OOB write within the object
* \#37286 \[SC-Insight] Elimination of Security Checks in ForkCreator Class
* \#37634 \[SC-Low] Incorrect Builtin ERC4626 Call Signature
* \#37584 \[SC-Insight] Nonpayable Not Respected For Internal Function
* \#38581 \[SC-Insight] Incorrect unwrap on Bytes and String
* \#37594 \[SC-Insight] Nimbus incorrectly rejects non-minimally encoded snappy data length's due to spec. ambiguity
* \#38693 \[SC-Insight] BytesM to Bytes conversion does not match the reference implementation
Blockchain/DLT
* \#37646 \[BC-Insight] No implementation of BLOB\_SIDECAR\_SUBNET\_COUNT with no issue and no PR in the GitHub
* \#38502 \[BC-Low] Pending pool subtraction overflow causes node halt/shutdown
* \#38554 \[BC-Low] Incorrect Transaction Fee Check in \`SendRawTransaction()\`
* \#37134 \[BC-Insight] Improper secp256k sanitization
* \#37695 \[BC-Insight] Executing transaction that has a wrong nonce might triggered a chain split due to mismatch stateroot
* \#37120 \[BC-Insight] Remote handshake-based TCP/30303 flooding leads to an out-of-memory crash
* \#37191 \[BC-Insight] Unvalidated Field Names in Tuple ABI Parsing Causes Runtime Panic via reflect.StructOf
* \#37199 \[BC-Low] Potential Chain Fork Due to Shallow Copy of Byte Slice
* \#37245 \[BC-Low] lodestar snappy decompression issue
* \#38686 \[BC-Low] Nodes with trusted peers vulnerable to pending peer flooding and DoS
* \#37593 \[BC-Insight] Inconsistent Address Collision Check Against Precompile Contracts During Contract Deployment
* \#38598 \[BC-Insight] GetReceiptsMsg abuse leads to the DoS and/or crash of every EL client in the Ethereum network
* \#37466 \[BC-Medium] Evil-client OOM crash (fast P2P crash)
* \#37352 \[BC-Insight] Missing Liveness Check in \`collectTableNodes()\`
* \#37359 \[BC-Insight] Failure to Generate ABI Binding in Golang
* \#37351 \[BC-Insight] Resubscribe Deadlocks When Unsubscribing Within An Unblock Channel
* \#38766 \[BC-Insight] Nil Pointer Dereference Panics in encodePayload() of Blob Tx’s Encoding
* \#38807 \[BC-Low] DoS any reth node via ban logic exploit
* \#37442 \[BC-Insight] Potential Address Collision with Precompile Contract During Contract Deployment
* \#37462 \[BC-Low] Invalid RLP decoding for single bytes
* \#37483 \[BC-Insight] There is a trace discrepancy for Nethermind when handling EOF from PUSH opcode
* \#38850 \[BC-Low] Remote P2P OOM Crash (GetBlockHeaders) / Reth
* \#37505 \[BC-Insight] Remotely spamming 1 byte leads to full peer removal and desync in both execution and consensus clients
* \#37568 \[BC-Insight] Missing Specification Logic
* \#38894 \[BC-Low] Missing expiration check for Pong and Neighbors packets and not refreshing the endpoint proof
* \#38275 \[BC-Low] Evil-client P2P headers-traversal leads to D/DoS and total peer removal
* \#37300 \[BC-Insight] Incorrect Encoding of Negative \*big.Int Values in MakeTopics
* \#38277 \[BC-Insight] Potential Out-of-Range Panic in \`UnmarshalJSON()\` of \`HexOrDecimal256\`
* \#38908 \[BC-Insight] Missing Failed Subcalls in Erigon Tracers When Encountering \`ErrInsufficientBalance\` Error
* \#38958 \[BC-Low] EELS cant handle overflow gas calculation in modexp precompile
* \#38828 \[BC-Low] Decode RLP of Legacy Transaction Allows Tailing Bytes
* \#39018 \[BC-Insight] Rate Limiting Under-Specification and Consequences
* \#37113 \[BC-Low] A potential out-of-range panic has been discovered in the Ethereum client Erigon ( ), though it does not seem to be exploitable at this moment du...
* \#38459 \[BC-Low] erigon remote DoS
* \#37246 \[BC-Low] lodestar snappy checksum issue
* \#38733 \[BC-Medium] nibmus-eth2 remote crash
* \#38920 \[BC-Medium] teku remote DoS
* \#37148 \[BC-Insight] \`wantedPeerDials()\` branch will never be executed
* \#38557 \[BC-Insight] Function \`IsPush()\` Misses Opcode PUSH0
* \#38427 \[BC-Low] Discrepancy in Intrinsic Gas Calculation between Txpool and EVM Execution
* \#37210 \[BC-Insight] Missing Check of HTTP Batch Response Length
* \#38902 \[BC-Low] No check on the maximum size of the encoded ENR on ENR\_RESPONSE packet
* \#37350 \[BC-Insight] \`null\` Is Not Unmarshalled Correctly Into json.RawMessage
* \#37104 \[BC-Insight] Reth RPC is vulnerable to DNS rebinding attacks
* \#38948 \[BC-Low] lighthouse remote DoS
* \#38015 \[BC-Insight] Violation of EIP-2681 in Create Transaction
* \#37186 \[BC-Insight] Missing Validation for Fixed-Size bytes Types in ABI Parsing
* \#38319 \[BC-Insight] Edge case difference for GETH and NETHERMIND when calculating memory expansion gas
* \#37153 \[BC-Insight] Malicious validator can bring down honest nodes
* \#38278 \[BC-Low] Potential DoS to Mempool Due to Missing Gas Limit Check
* \#38318 \[BC-Low] nimbus-eth2: Gossipsub misconfiguration allows malicious peers gossip malformed data without penalization
* \#37577 \[BC-Insight] \`tx.origin\` Usage in Group Management Contract Allows Phishing Attack for Unauthorized Actions
* \#38146 \[BC-Medium] nimbus-eth2 remote crash
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://reports.immunefi.com/ethereum-protocol-or-attackathon.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.