Fuel Network | Attackathon | Immunefi Boosts

Attackathon _ Fuel Network 32536 - [Smart Contract - Insight] The control flow graph is incorrectly constructed for the return path analysis which leads to an incorrect return path analysis

Attackathon _ Fuel Network 32537 - [Smart Contract - Low] Different data types can be used when initializing an array which can lead to incorrect values in variables in smart contracts and the Rust SDK

Attackathon _ Fuel Network 32548 - [Smart Contract - Low] Uncaught Integer Overflow During AbstractInstructionSet Constant Folding

Attackathon _ Fuel Network 32612 - [Smart Contract - Low] Lack of slot hashing at adminsw can cause storage collision

Attackathon _ Fuel Network 32673 - [Smart Contract - Low] Missing array length check for non constant evaluable index

Attackathon _ Fuel Network 32696 - [Smart Contract - High] incorrect setting of non_negative value in ceil function in all IFP libs

Attackathon _ Fuel Network 32700 - [Smart Contract - High] double increasing underlying value in ceil function can lead to sendunsend more amounts tofrom users when its called

Attackathon _ Fuel Network 32703 - [Smart Contract - Low] Unexpected variable shadowing during ir generation

Attackathon _ Fuel Network 32706 - [Smart Contract - High] the function subtract in signed libs like Isw did not handle the case when selfvalue is smaller than othervalue value correctly

Attackathon _ Fuel Network 32728 - [Smart Contract - Low] Incorrect literal type inference

Attackathon _ Fuel Network 32730 - [Smart Contract - Low] The Sway compiler currently disallows read access to storage when the call is made within the fallback function

Attackathon _ Fuel Network 32786 - [Smart Contract - Low] incorrect set of i bits to which it should be bits

Attackathon _ Fuel Network 32812 - [Smart Contract - Low] Sway-libSRC- Buffer overflow in swap_configurables allows for verifying arbitrary codeconfig loss of funds

Attackathon _ Fuel Network 32835 - [Smart Contract - Insight] sway compiler doesnt prevent function selector collisions

Attackathon _ Fuel Network 32849 - [Smart Contract - Low] Insufficient array construction element type check

Attackathon _ Fuel Network 32854 - [Smart Contract - Low] Sway-libstd-libcompiler Storage collision between admin lib storage map variables leads to admin takeover loss of funds

Attackathon _ Fuel Network 32859 - [Smart Contract - Low] Incorrect argument pointer creation

Attackathon _ Fuel Network 32872 - [Smart Contract - High] Incorrect load_store_to_memcopy optimization

Attackathon _ Fuel Network 32884 - [Smart Contract - Medium] Compilerstd-lib storage collison between variables and StorageMap allows hidden backdoors likely loss of funds

Attackathon _ Fuel Network 32886 - [Smart Contract - Medium] Incorrect function purity check

Attackathon _ Fuel Network 32924 - [Smart Contract - Insight] sways legacy storage namespacing is broken and leads to collisions

Attackathon _ Fuel Network 32935 - [Smart Contract - Insight] Insufficient trait duplication check

Attackathon _ Fuel Network 32937 - [Smart Contract - Insight] Fallback function can be directly called with arguments as a named function

Attackathon _ Fuel Network 32938 - [Smart Contract - Insight] Insufficient declaration shadowing check

Attackathon _ Fuel Network 32973 - [Smart Contract - Medium] Impl block dependency overwriting

Attackathon _ Fuel Network 32979 - [Smart Contract - Low] operations with StorageVec incorrectly revert due to the type size

Attackathon _ Fuel Network 33039 - [Smart Contract - High] The subtraction function is not correctly implemented for signed integers which can lead to incorrect values being calculated

Attackathon _ Fuel Network 33045 - [Smart Contract - Low] Compiler Dead Code Elimination inconsistently removes arithmetic checks leading to missing assertions likely loss of funds

Attackathon _ Fuel Network 33101 - [Smart Contract - Insight] Associated functions that were implemented for tuples or arrays cannot be called

Attackathon _ Fuel Network 33139 - [Smart Contract - Insight] Unreachable panic in sway compiler when parsing malicious cfg in contract

Attackathon _ Fuel Network 33140 - [Smart Contract - Insight] Sway compiler crash when compile malicious contract with error const

Attackathon _ Fuel Network 33168 - [Smart Contract - High] Incorrect Sign Determination In Multiply Divide Operations within IFP Implementations

Attackathon _ Fuel Network 33170 - [Smart Contract - Medium] UFP Exp In Sway-lib Logic Vulnerability

Attackathon _ Fuel Network 33171 - [Smart Contract - Insight] panic on unwrapping in decl_to_type_info

Attackathon _ Fuel Network 33172 - [Smart Contract - Insight] OOB in type_check_analyze of ImplTrait

Attackathon _ Fuel Network 33175 - [Smart Contract - High] Sway-lib Subtract i Logic Vulnerability

Attackathon _ Fuel Network 33181 - [Smart Contract - Insight] users messages might encode incorrect data when they call deposit function on L erc bridge before the assetIssuerID is set

Attackathon _ Fuel Network 33186 - [Smart Contract - Medium] _compute_bytecode_root goes to an infinite loop when bytecode is empty

Attackathon _ Fuel Network 33191 - [Smart Contract - Insight] Sway Formatting Behaves Differently Based On Architecture Of The Machine

Attackathon _ Fuel Network 33195 - [Smart Contract - High] Incorrect Calculations in Subtraction Functions for Signed Integers

Attackathon _ Fuel Network 33203 - [Smart Contract - Insight] function inlining doesnt consider asm blocks instr count which leads to bloating contract size

Attackathon _ Fuel Network 33207 - [Smart Contract - Insight] users created message when withdrawing from L-L is not possible to execute on L if the assetIssuerID got changed

Attackathon _ Fuel Network 33227 - [Smart Contract - High] Lack of overflow protection in the pow functions for unsigned integers can lead to a loss of coins when calculating coin amounts

Attackathon _ Fuel Network 33233 - [Smart Contract - Medium] Incorrect Implementation of Unsigned -bit Fixed Point Fractional Function

Attackathon _ Fuel Network 33239 - [Smart Contract - Low] Incorrect Implementation of IFP Min Functions

Attackathon _ Fuel Network 33240 - [Smart Contract - Insight] Incorrect Bitness in IFP Types

Attackathon _ Fuel Network 33242 - [Smart Contract - High] Incorrect Implementation of IFP Multiply and Divide Functions

Attackathon _ Fuel Network 33248 - [Smart Contract - High] Incorrect Implementation of IFP Floor and Ceil Functions

Attackathon _ Fuel Network 33267 - [Smart Contract - High] Bug in Multiply and Divide function

Attackathon _ Fuel Network 33286 - [Smart Contract - Insight] panic on unwrapping in type_check_trait_implementation

Attackathon _ Fuel Network 33295 - [Smart Contract - Low] Bug in array decoding can lead to critical security vulnerabilities in protocols built on Fuel

Attackathon _ Fuel Network 33302 - [Smart Contract - Medium] Exp function does not work correctly

Attackathon _ Fuel Network 33303 - [Smart Contract - Medium] Incorrect sign change

Attackathon _ Fuel Network 33331 - [Smart Contract - High] Overflow in Types Less Than u

Attackathon _ Fuel Network 33351 - [Smart Contract - Critical] ABI supertraits methods are available externally

Attackathon _ Fuel Network 33401 - [Smart Contract - Insight] insight compiler crash - trait dummy method was not properly replaced

Attackathon _ Fuel Network 33407 - [Smart Contract - Insight] Missing Zero-Check for to Address in withdraw Function

Attackathon _ Fuel Network 33433 - [Smart Contract - Low] Self-append in Bytes data structure causes memory corruption leading to potential DOS attacks

Attackathon _ Fuel Network 33444 - [Smart Contract - Insight] Sway compiler crash for access out-of-bound memory in intrinsic function arguments check during semantic analysis

Attackathon _ Fuel Network 33451 - [Smart Contract - Medium] Incorrect code size estimation can bypass protocol security checks leading to loss of user funds

Attackathon _ Fuel Network 33487 - [Smart Contract - Insight] Flags Do Not Affect Types Less Than u

Attackathon _ Fuel Network 33488 - [Smart Contract - Medium] Insecure implementation of StorageMap could lead to unintended storage overwrite

Attackathon _ Fuel Network 33519 - [Smart Contract - Critical] Silent Stack overflow on variables between cross-contract calls

Fuel Network | Attackathon

Reports by Severity

Reports by Type