# Fuel Network | Attackathon
## Reports by Severity
[Critical](#critical) | [High](#high) | [Medium](#medium) | [Low](#low) | [Insight](#insight)
Critical
* [Attackathon \_ Fuel Network 32965 - \[Blockchain\_DLT - Critical\] Messages to L included even on reverts allows theft from bridge](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32965-blockchain_dlt-critical-messages-to-l-included-even-on-reverts-allo)
* [Attackathon \_ Fuel Network 33351 - \[Smart Contract - Critical\] ABI supertraits methods are available externally](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33351-smart-contract-critical-abi-supertraits-methods-are-available-exter)
* [Attackathon \_ Fuel Network 33519 - \[Smart Contract - Critical\] Silent Stack overflow on variables between cross-contract calls](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33519-smart-contract-critical-silent-stack-overflow-on-variables-between)
High
* [Attackathon \_ Fuel Network 32269 - \[Smart Contract - High\] Incorrect fuel dce optimization register usage tracking](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32269-smart-contract-high-incorrect-fuel-dce-optimization-register-usage)
* [Attackathon \_ Fuel Network 32465 - \[Blockchain\_DLT - High\] Abuse of CCP instruction to do cheap memory clears](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32465-blockchain_dlt-high-abuse-of-ccp-instruction-to-do-cheap-memory-cle)
* [Attackathon \_ Fuel Network 32696 - \[Smart Contract - High\] incorrect setting of non\_negative value in ceil function in all IFP libs](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32696-smart-contract-high-incorrect-setting-of-non_negative-value-in-ceil)
* [Attackathon \_ Fuel Network 32700 - \[Smart Contract - High\] double increasing underlying value in ceil function can lead to sendunsend more amounts tofrom users when its called](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32700-smart-contract-high-double-increasing-underlying-value-in-ceil-func)
* [Attackathon \_ Fuel Network 32706 - \[Smart Contract - High\] the function subtract in signed libs like Isw did not handle the case when selfvalue is smaller than othervalue value correctly](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32706-smart-contract-high-the-function-subtract-in-signed-libs-like-isw-d)
* [Attackathon \_ Fuel Network 32825 - \[Blockchain\_DLT - High\] Consensus between -bit and -bit system can fail for LDC opcode](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32825-blockchain_dlt-high-consensus-between-bit-and-bit-system-can-fail-f)
* [Attackathon \_ Fuel Network 32872 - \[Smart Contract - High\] Incorrect load\_store\_to\_memcopy optimization](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32872-smart-contract-high-incorrect-load_store_to_memcopy-optimization)
* [Attackathon \_ Fuel Network 33039 - \[Smart Contract - High\] The subtraction function is not correctly implemented for signed integers which can lead to incorrect values being calculated](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33039-smart-contract-high-the-subtraction-function-is-not-correctly-imple)
* [Attackathon \_ Fuel Network 33168 - \[Smart Contract - High\] Incorrect Sign Determination In Multiply Divide Operations within IFP Implementations](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33168-smart-contract-high-incorrect-sign-determination-in-multiply-divide)
* [Attackathon \_ Fuel Network 33175 - \[Smart Contract - High\] Sway-lib Subtract i Logic Vulnerability](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33175-smart-contract-high-sway-lib-subtract-i-logic-vulnerability)
* [Attackathon \_ Fuel Network 33195 - \[Smart Contract - High\] Incorrect Calculations in Subtraction Functions for Signed Integers](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33195-smart-contract-high-incorrect-calculations-in-subtraction-functions)
* [Attackathon \_ Fuel Network 33227 - \[Smart Contract - High\] Lack of overflow protection in the pow functions for unsigned integers can lead to a loss of coins when calculating coin amounts](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33227-smart-contract-high-lack-of-overflow-protection-in-the-pow-function)
* [Attackathon \_ Fuel Network 33242 - \[Smart Contract - High\] Incorrect Implementation of IFP Multiply and Divide Functions](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33242-smart-contract-high-incorrect-implementation-of-ifp-multiply-and-di)
* [Attackathon \_ Fuel Network 33248 - \[Smart Contract - High\] Incorrect Implementation of IFP Floor and Ceil Functions](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33248-smart-contract-high-incorrect-implementation-of-ifp-floor-and-ceil)
* [Attackathon \_ Fuel Network 33267 - \[Smart Contract - High\] Bug in Multiply and Divide function](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33267-smart-contract-high-bug-in-multiply-and-divide-function)
* [Attackathon \_ Fuel Network 33331 - \[Smart Contract - High\] Overflow in Types Less Than u](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33331-smart-contract-high-overflow-in-types-less-than-u)
Medium
* [Attackathon \_ Fuel Network 32271 - \[Blockchain\_DLT - Medium\] Incorrect state range access helper](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32271-blockchain_dlt-medium-incorrect-state-range-access-helper)
* [Attackathon \_ Fuel Network 32275 - \[Smart Contract - Medium\] Various Sway Libs Bugs](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32275-smart-contract-medium-various-sway-libs-bugs)
* [Attackathon \_ Fuel Network 32486 - \[Blockchain\_DLT - Medium\] Public RPC node craches via GraphQL API](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32486-blockchain_dlt-medium-public-rpc-node-craches-via-graphql-api)
* [Attackathon \_ Fuel Network 32628 - \[Blockchain\_DLT - Medium\] A GraphQL query crashes core process](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32628-blockchain_dlt-medium-a-graphql-query-crashes-core-process)
* [Attackathon \_ Fuel Network 32768 - \[Blockchain\_DLT - Medium\] WDCM and WQCM doesnt respect the fuel-specs](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32768-blockchain_dlt-medium-wdcm-and-wqcm-doesnt-respect-the-fuel-specs)
* [Attackathon \_ Fuel Network 32884 - \[Smart Contract - Medium\] Compilerstd-lib storage collison between variables and StorageMap allows hidden backdoors likely loss of funds](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32884-smart-contract-medium-compilerstd-lib-storage-collison-between-vari)
* [Attackathon \_ Fuel Network 32886 - \[Smart Contract - Medium\] Incorrect function purity check](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32886-smart-contract-medium-incorrect-function-purity-check)
* [Attackathon \_ Fuel Network 32973 - \[Smart Contract - Medium\] Impl block dependency overwriting](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32973-smart-contract-medium-impl-block-dependency-overwriting)
* [Attackathon \_ Fuel Network 33170 - \[Smart Contract - Medium\] UFP Exp In Sway-lib Logic Vulnerability](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33170-smart-contract-medium-ufp-exp-in-sway-lib-logic-vulnerability)
* [Attackathon \_ Fuel Network 33186 - \[Smart Contract - Medium\] \_compute\_bytecode\_root goes to an infinite loop when bytecode is empty](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33186-smart-contract-medium-_compute_bytecode_root-goes-to-an-infinite-lo)
* [Attackathon \_ Fuel Network 33193 - \[Blockchain\_DLT - Medium\] Fuel SDKs ABI Decoder Behaves Differently Based On Architecture Of The Machine](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33193-blockchain_dlt-medium-fuel-sdks-abi-decoder-behaves-differently-bas)
* [Attackathon \_ Fuel Network 33233 - \[Smart Contract - Medium\] Incorrect Implementation of Unsigned -bit Fixed Point Fractional Function](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33233-smart-contract-medium-incorrect-implementation-of-unsigned-bit-fixe)
* [Attackathon \_ Fuel Network 33302 - \[Smart Contract - Medium\] Exp function does not work correctly](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33302-smart-contract-medium-exp-function-does-not-work-correctly)
* [Attackathon \_ Fuel Network 33303 - \[Smart Contract - Medium\] Incorrect sign change](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33303-smart-contract-medium-incorrect-sign-change)
* [Attackathon \_ Fuel Network 33360 - \[Blockchain\_DLT - Medium\] The typescript SDK has no awareness of to-be-spent transactions causing some transactions to fail or silently get pruned as they are funded with already used UTXOs](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33360-blockchain_dlt-medium-the-typescript-sdk-has-no-awareness-of-to-be)
* [Attackathon \_ Fuel Network 33451 - \[Smart Contract - Medium\] Incorrect code size estimation can bypass protocol security checks leading to loss of user funds](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33451-smart-contract-medium-incorrect-code-size-estimation-can-bypass-pro)
* [Attackathon \_ Fuel Network 33488 - \[Smart Contract - Medium\] Insecure implementation of StorageMap could lead to unintended storage overwrite](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33488-smart-contract-medium-insecure-implementation-of-storagemap-could-l)
Low
* [Attackathon \_ Fuel Network 32270 - \[Smart Contract - Low\] Inappropriate fuel dce on side affects](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32270-smart-contract-low-inappropriate-fuel-dce-on-side-affects)
* [Attackathon \_ Fuel Network 32302 - \[Smart Contract - Low\] Src ContractConfigurables hash collision](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32302-smart-contract-low-src-contractconfigurables-hash-collision)
* [Attackathon \_ Fuel Network 32327 - \[Websites and Applications - Low\] REVISED Malicious Downtime via missing Input Validation on Fuel Wallet Browser Extension Backend GraphQL server](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32327-websites-and-applications-low-revised-malicious-downtime-via-missin)
* [Attackathon \_ Fuel Network 32388 - \[Smart Contract - Low\] Buffer overflow in EncodeBufferAppend intrinsic](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32388-smart-contract-low-buffer-overflow-in-encodebufferappend-intrinsic)
* [Attackathon \_ Fuel Network 32390 - \[Smart Contract - Low\] Unchecked Virtual Immediate Construction Overflows Value Range](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32390-smart-contract-low-unchecked-virtual-immediate-construction-overflo)
* [Attackathon \_ Fuel Network 32438 - \[Smart Contract - Low\] Unhandled Bailout During AbstractInstructionSet Constant Folding Pass](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32438-smart-contract-low-unhandled-bailout-during-abstractinstructionset)
* [Attackathon \_ Fuel Network 32439 - \[Smart Contract - Low\] Missing Alignment Check During AbstractInstructionSet Constant Folding Pass](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32439-smart-contract-low-missing-alignment-check-during-abstractinstructi)
* [Attackathon \_ Fuel Network 32453 - \[Smart Contract - Low\] Unhandled Side Effect During AbstractInstructionSet Constant Folding](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32453-smart-contract-low-unhandled-side-effect-during-abstractinstruction)
* [Attackathon \_ Fuel Network 32459 - \[Websites and Applications - Low\] URGENT WEB funds drained using URL path based manipulation and injection an attacker can spoof domains on any important web dapp API call as legitimate domains](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32459-websites-and-applications-low-urgent-web-funds-drained-using-url-pa)
* [Attackathon \_ Fuel Network 32491 - \[Smart Contract - Low\] Incorrect PushA PopA Mask Calculation](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32491-smart-contract-low-incorrect-pusha-popa-mask-calculation)
* [Attackathon \_ Fuel Network 32537 - \[Smart Contract - Low\] Different data types can be used when initializing an array which can lead to incorrect values in variables in smart contracts and the Rust SDK](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32537-smart-contract-low-different-data-types-can-be-used-when-initializi)
* [Attackathon \_ Fuel Network 32548 - \[Smart Contract - Low\] Uncaught Integer Overflow During AbstractInstructionSet Constant Folding](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32548-smart-contract-low-uncaught-integer-overflow-during-abstractinstruc)
* [Attackathon \_ Fuel Network 32612 - \[Smart Contract - Low\] Lack of slot hashing at adminsw can cause storage collision](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32612-smart-contract-low-lack-of-slot-hashing-at-adminsw-can-cause-storag)
* [Attackathon \_ Fuel Network 32673 - \[Smart Contract - Low\] Missing array length check for non constant evaluable index](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32673-smart-contract-low-missing-array-length-check-for-non-constant-eval)
* [Attackathon \_ Fuel Network 32703 - \[Smart Contract - Low\] Unexpected variable shadowing during ir generation](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32703-smart-contract-low-unexpected-variable-shadowing-during-ir-generati)
* [Attackathon \_ Fuel Network 32728 - \[Smart Contract - Low\] Incorrect literal type inference](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32728-smart-contract-low-incorrect-literal-type-inference)
* [Attackathon \_ Fuel Network 32730 - \[Smart Contract - Low\] The Sway compiler currently disallows read access to storage when the call is made within the fallback function](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32730-smart-contract-low-the-sway-compiler-currently-disallows-read-acces)
* [Attackathon \_ Fuel Network 32786 - \[Smart Contract - Low\] incorrect set of i bits to which it should be bits](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32786-smart-contract-low-incorrect-set-of-i-bits-to-which-it-should-be-bi)
* [Attackathon \_ Fuel Network 32812 - \[Smart Contract - Low\] Sway-libSRC- Buffer overflow in swap\_configurables allows for verifying arbitrary codeconfig loss of funds](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32812-smart-contract-low-sway-libsrc-buffer-overflow-in-swap_configurable)
* [Attackathon \_ Fuel Network 32849 - \[Smart Contract - Low\] Insufficient array construction element type check](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32849-smart-contract-low-insufficient-array-construction-element-type-che)
* [Attackathon \_ Fuel Network 32854 - \[Smart Contract - Low\] Sway-libstd-libcompiler Storage collision between admin lib storage map variables leads to admin takeover loss of funds](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32854-smart-contract-low-sway-libstd-libcompiler-storage-collision-betwee)
* [Attackathon \_ Fuel Network 32859 - \[Smart Contract - Low\] Incorrect argument pointer creation](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32859-smart-contract-low-incorrect-argument-pointer-creation)
* [Attackathon \_ Fuel Network 32979 - \[Smart Contract - Low\] operations with StorageVec incorrectly revert due to the type size](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32979-smart-contract-low-operations-with-storagevec-incorrectly-revert-du)
* [Attackathon \_ Fuel Network 33045 - \[Smart Contract - Low\] Compiler Dead Code Elimination inconsistently removes arithmetic checks leading to missing assertions likely loss of funds](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33045-smart-contract-low-compiler-dead-code-elimination-inconsistently-re)
* [Attackathon \_ Fuel Network 33239 - \[Smart Contract - Low\] Incorrect Implementation of IFP Min Functions](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33239-smart-contract-low-incorrect-implementation-of-ifp-min-functions)
* [Attackathon \_ Fuel Network 33295 - \[Smart Contract - Low\] Bug in array decoding can lead to critical security vulnerabilities in protocols built on Fuel](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33295-smart-contract-low-bug-in-array-decoding-can-lead-to-critical-secur)
* [Attackathon \_ Fuel Network 33346 - \[Blockchain\_DLT - Low\] Incorrect error handling when executing block can cause network shutdown by hanging the poa service of network nodes halting block production](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33346-blockchain_dlt-low-incorrect-error-handling-when-executing-block-ca)
* [Attackathon \_ Fuel Network 33433 - \[Smart Contract - Low\] Self-append in Bytes data structure causes memory corruption leading to potential DOS attacks](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33433-smart-contract-low-self-append-in-bytes-data-structure-causes-memor)
Insight
* [Attackathon \_ Fuel Network 32276 - \[Smart Contract - Insight\] wrong implementation in gt and lt functions in IFP libs](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32276-smart-contract-insight-wrong-implementation-in-gt-and-lt-functions)
* [Attackathon \_ Fuel Network 32291 - \[Blockchain\_DLT - Insight\] Profiling is incorrect for dependent gas costs](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32291-blockchain_dlt-insight-profiling-is-incorrect-for-dependent-gas-cos)
* [Attackathon \_ Fuel Network 32314 - \[Smart Contract - Insight\] Missing \_disableInitializers in FuelERCGatewayV contract](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32314-smart-contract-insight-missing-_disableinitializers-in-fuelercgatew)
* [Attackathon \_ Fuel Network 32378 - \[Smart Contract - Insight\] Missing Zero-Check for Recipient Address in withdraw Function](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32378-smart-contract-insight-missing-zero-check-for-recipient-address-in)
* [Attackathon \_ Fuel Network 32412 - \[Smart Contract - Insight\] the IFP divide functions does not have check to](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32412-smart-contract-insight-the-ifp-divide-functions-does-not-have-check)
* [Attackathon \_ Fuel Network 32536 - \[Smart Contract - Insight\] The control flow graph is incorrectly constructed for the return path analysis which leads to an incorrect return path analysis](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32536-smart-contract-insight-the-control-flow-graph-is-incorrectly-constr)
* [Attackathon \_ Fuel Network 32695 - \[Blockchain\_DLT - Insight\] increasing processing for public nodes with rpc](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32695-blockchain_dlt-insight-increasing-processing-for-public-nodes-with)
* [Attackathon \_ Fuel Network 32835 - \[Smart Contract - Insight\] sway compiler doesnt prevent function selector collisions](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32835-smart-contract-insight-sway-compiler-doesnt-prevent-function-select)
* [Attackathon \_ Fuel Network 32860 - \[Blockchain\_DLT - Insight\] Resource Abuse CCP instruction is loading the contract into memory before charging GAS](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32860-blockchain_dlt-insight-resource-abuse-ccp-instruction-is-loading-th)
* [Attackathon \_ Fuel Network 32924 - \[Smart Contract - Insight\] sways legacy storage namespacing is broken and leads to collisions](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32924-smart-contract-insight-sways-legacy-storage-namespacing-is-broken-a)
* [Attackathon \_ Fuel Network 32935 - \[Smart Contract - Insight\] Insufficient trait duplication check](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32935-smart-contract-insight-insufficient-trait-duplication-check)
* [Attackathon \_ Fuel Network 32937 - \[Smart Contract - Insight\] Fallback function can be directly called with arguments as a named function](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32937-smart-contract-insight-fallback-function-can-be-directly-called-wit)
* [Attackathon \_ Fuel Network 32938 - \[Smart Contract - Insight\] Insufficient declaration shadowing check](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32938-smart-contract-insight-insufficient-declaration-shadowing-check)
* [Attackathon \_ Fuel Network 32978 - \[Blockchain\_DLT - Insight\] isolating the node from the networkcausing OOM by resource exhaust](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32978-blockchain_dlt-insight-isolating-the-node-from-the-networkcausing-o)
* [Attackathon \_ Fuel Network 32987 - \[Blockchain\_DLT - Insight\] Sending a message with ETH and data to the FuelMessagePortal does not increase the balance on the L and users can not move the funds](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32987-blockchain_dlt-insight-sending-a-message-with-eth-and-data-to-the-f)
* [Attackathon \_ Fuel Network 33101 - \[Smart Contract - Insight\] Associated functions that were implemented for tuples or arrays cannot be called](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33101-smart-contract-insight-associated-functions-that-were-implemented-f)
* [Attackathon \_ Fuel Network 33139 - \[Smart Contract - Insight\] Unreachable panic in sway compiler when parsing malicious cfg in contract](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33139-smart-contract-insight-unreachable-panic-in-sway-compiler-when-pars)
* [Attackathon \_ Fuel Network 33140 - \[Smart Contract - Insight\] Sway compiler crash when compile malicious contract with error const](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33140-smart-contract-insight-sway-compiler-crash-when-compile-malicious-c)
* [Attackathon \_ Fuel Network 33171 - \[Smart Contract - Insight\] panic on unwrapping in decl\_to\_type\_info](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33171-smart-contract-insight-panic-on-unwrapping-in-decl_to_type_info)
* [Attackathon \_ Fuel Network 33172 - \[Smart Contract - Insight\] OOB in type\_check\_analyze of ImplTrait](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33172-smart-contract-insight-oob-in-type_check_analyze-of-impltrait)
* [Attackathon \_ Fuel Network 33181 - \[Smart Contract - Insight\] users messages might encode incorrect data when they call deposit function on L erc bridge before the assetIssuerID is set](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33181-smart-contract-insight-users-messages-might-encode-incorrect-data-w)
* [Attackathon \_ Fuel Network 33191 - \[Smart Contract - Insight\] Sway Formatting Behaves Differently Based On Architecture Of The Machine](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33191-smart-contract-insight-sway-formatting-behaves-differently-based-on)
* [Attackathon \_ Fuel Network 33203 - \[Smart Contract - Insight\] function inlining doesnt consider asm blocks instr count which leads to bloating contract size](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33203-smart-contract-insight-function-inlining-doesnt-consider-asm-blocks)
* [Attackathon \_ Fuel Network 33207 - \[Smart Contract - Insight\] users created message when withdrawing from L-L is not possible to execute on L if the assetIssuerID got changed](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33207-smart-contract-insight-users-created-message-when-withdrawing-from)
* [Attackathon \_ Fuel Network 33240 - \[Smart Contract - Insight\] Incorrect Bitness in IFP Types](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33240-smart-contract-insight-incorrect-bitness-in-ifp-types)
* [Attackathon \_ Fuel Network 33286 - \[Smart Contract - Insight\] panic on unwrapping in type\_check\_trait\_implementation](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33286-smart-contract-insight-panic-on-unwrapping-in-type_check_trait_impl)
* [Attackathon \_ Fuel Network 33401 - \[Smart Contract - Insight\] insight compiler crash - trait dummy method was not properly replaced](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33401-smart-contract-insight-insight-compiler-crash-trait-dummy-method-wa)
* [Attackathon \_ Fuel Network 33407 - \[Smart Contract - Insight\] Missing Zero-Check for to Address in withdraw Function](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33407-smart-contract-insight-missing-zero-check-for-to-address-in-withdra)
* [Attackathon \_ Fuel Network 33444 - \[Smart Contract - Insight\] Sway compiler crash for access out-of-bound memory in intrinsic function arguments check during semantic analysis](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33444-smart-contract-insight-sway-compiler-crash-for-access-out-of-bound)
* [Attackathon \_ Fuel Network 33450 - \[Blockchain\_DLT - Insight\] fuel\_gas\_price\_algorithm AlgorithmV may panic](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33450-blockchain_dlt-insight-fuel_gas_price_algorithm-algorithmv-may-pani)
* [Attackathon \_ Fuel Network 33487 - \[Smart Contract - Insight\] Flags Do Not Affect Types Less Than u](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33487-smart-contract-insight-flags-do-not-affect-types-less-than-u)
## Reports by Type
[Smart Contract](#smart-contract) | [Blockchain/DLT](#blockchain-dlt) | [Websites and Applications](#websites-and-applications)
Smart Contract
* [Attackathon \_ Fuel Network 32269 - \[Smart Contract - High\] Incorrect fuel dce optimization register usage tracking](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32269-smart-contract-high-incorrect-fuel-dce-optimization-register-usage)
* [Attackathon \_ Fuel Network 32270 - \[Smart Contract - Low\] Inappropriate fuel dce on side affects](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32270-smart-contract-low-inappropriate-fuel-dce-on-side-affects)
* [Attackathon \_ Fuel Network 32275 - \[Smart Contract - Medium\] Various Sway Libs Bugs](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32275-smart-contract-medium-various-sway-libs-bugs)
* [Attackathon \_ Fuel Network 32276 - \[Smart Contract - Insight\] wrong implementation in gt and lt functions in IFP libs](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32276-smart-contract-insight-wrong-implementation-in-gt-and-lt-functions)
* [Attackathon \_ Fuel Network 32302 - \[Smart Contract - Low\] Src ContractConfigurables hash collision](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32302-smart-contract-low-src-contractconfigurables-hash-collision)
* [Attackathon \_ Fuel Network 32314 - \[Smart Contract - Insight\] Missing \_disableInitializers in FuelERCGatewayV contract](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32314-smart-contract-insight-missing-_disableinitializers-in-fuelercgatew)
* [Attackathon \_ Fuel Network 32378 - \[Smart Contract - Insight\] Missing Zero-Check for Recipient Address in withdraw Function](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32378-smart-contract-insight-missing-zero-check-for-recipient-address-in)
* [Attackathon \_ Fuel Network 32388 - \[Smart Contract - Low\] Buffer overflow in EncodeBufferAppend intrinsic](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32388-smart-contract-low-buffer-overflow-in-encodebufferappend-intrinsic)
* [Attackathon \_ Fuel Network 32390 - \[Smart Contract - Low\] Unchecked Virtual Immediate Construction Overflows Value Range](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32390-smart-contract-low-unchecked-virtual-immediate-construction-overflo)
* [Attackathon \_ Fuel Network 32412 - \[Smart Contract - Insight\] the IFP divide functions does not have check to](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32412-smart-contract-insight-the-ifp-divide-functions-does-not-have-check)
* [Attackathon \_ Fuel Network 32438 - \[Smart Contract - Low\] Unhandled Bailout During AbstractInstructionSet Constant Folding Pass](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32438-smart-contract-low-unhandled-bailout-during-abstractinstructionset)
* [Attackathon \_ Fuel Network 32439 - \[Smart Contract - Low\] Missing Alignment Check During AbstractInstructionSet Constant Folding Pass](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32439-smart-contract-low-missing-alignment-check-during-abstractinstructi)
* [Attackathon \_ Fuel Network 32453 - \[Smart Contract - Low\] Unhandled Side Effect During AbstractInstructionSet Constant Folding](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32453-smart-contract-low-unhandled-side-effect-during-abstractinstruction)
* [Attackathon \_ Fuel Network 32491 - \[Smart Contract - Low\] Incorrect PushA PopA Mask Calculation](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32491-smart-contract-low-incorrect-pusha-popa-mask-calculation)
* [Attackathon \_ Fuel Network 32536 - \[Smart Contract - Insight\] The control flow graph is incorrectly constructed for the return path analysis which leads to an incorrect return path analysis](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32536-smart-contract-insight-the-control-flow-graph-is-incorrectly-constr)
* [Attackathon \_ Fuel Network 32537 - \[Smart Contract - Low\] Different data types can be used when initializing an array which can lead to incorrect values in variables in smart contracts and the Rust SDK](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32537-smart-contract-low-different-data-types-can-be-used-when-initializi)
* [Attackathon \_ Fuel Network 32548 - \[Smart Contract - Low\] Uncaught Integer Overflow During AbstractInstructionSet Constant Folding](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32548-smart-contract-low-uncaught-integer-overflow-during-abstractinstruc)
* [Attackathon \_ Fuel Network 32612 - \[Smart Contract - Low\] Lack of slot hashing at adminsw can cause storage collision](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32612-smart-contract-low-lack-of-slot-hashing-at-adminsw-can-cause-storag)
* [Attackathon \_ Fuel Network 32673 - \[Smart Contract - Low\] Missing array length check for non constant evaluable index](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32673-smart-contract-low-missing-array-length-check-for-non-constant-eval)
* [Attackathon \_ Fuel Network 32696 - \[Smart Contract - High\] incorrect setting of non\_negative value in ceil function in all IFP libs](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32696-smart-contract-high-incorrect-setting-of-non_negative-value-in-ceil)
* [Attackathon \_ Fuel Network 32700 - \[Smart Contract - High\] double increasing underlying value in ceil function can lead to sendunsend more amounts tofrom users when its called](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32700-smart-contract-high-double-increasing-underlying-value-in-ceil-func)
* [Attackathon \_ Fuel Network 32703 - \[Smart Contract - Low\] Unexpected variable shadowing during ir generation](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32703-smart-contract-low-unexpected-variable-shadowing-during-ir-generati)
* [Attackathon \_ Fuel Network 32706 - \[Smart Contract - High\] the function subtract in signed libs like Isw did not handle the case when selfvalue is smaller than othervalue value correctly](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32706-smart-contract-high-the-function-subtract-in-signed-libs-like-isw-d)
* [Attackathon \_ Fuel Network 32728 - \[Smart Contract - Low\] Incorrect literal type inference](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32728-smart-contract-low-incorrect-literal-type-inference)
* [Attackathon \_ Fuel Network 32730 - \[Smart Contract - Low\] The Sway compiler currently disallows read access to storage when the call is made within the fallback function](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32730-smart-contract-low-the-sway-compiler-currently-disallows-read-acces)
* [Attackathon \_ Fuel Network 32786 - \[Smart Contract - Low\] incorrect set of i bits to which it should be bits](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32786-smart-contract-low-incorrect-set-of-i-bits-to-which-it-should-be-bi)
* [Attackathon \_ Fuel Network 32812 - \[Smart Contract - Low\] Sway-libSRC- Buffer overflow in swap\_configurables allows for verifying arbitrary codeconfig loss of funds](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32812-smart-contract-low-sway-libsrc-buffer-overflow-in-swap_configurable)
* [Attackathon \_ Fuel Network 32835 - \[Smart Contract - Insight\] sway compiler doesnt prevent function selector collisions](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32835-smart-contract-insight-sway-compiler-doesnt-prevent-function-select)
* [Attackathon \_ Fuel Network 32849 - \[Smart Contract - Low\] Insufficient array construction element type check](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32849-smart-contract-low-insufficient-array-construction-element-type-che)
* [Attackathon \_ Fuel Network 32854 - \[Smart Contract - Low\] Sway-libstd-libcompiler Storage collision between admin lib storage map variables leads to admin takeover loss of funds](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32854-smart-contract-low-sway-libstd-libcompiler-storage-collision-betwee)
* [Attackathon \_ Fuel Network 32859 - \[Smart Contract - Low\] Incorrect argument pointer creation](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32859-smart-contract-low-incorrect-argument-pointer-creation)
* [Attackathon \_ Fuel Network 32872 - \[Smart Contract - High\] Incorrect load\_store\_to\_memcopy optimization](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32872-smart-contract-high-incorrect-load_store_to_memcopy-optimization)
* [Attackathon \_ Fuel Network 32884 - \[Smart Contract - Medium\] Compilerstd-lib storage collison between variables and StorageMap allows hidden backdoors likely loss of funds](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32884-smart-contract-medium-compilerstd-lib-storage-collison-between-vari)
* [Attackathon \_ Fuel Network 32886 - \[Smart Contract - Medium\] Incorrect function purity check](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32886-smart-contract-medium-incorrect-function-purity-check)
* [Attackathon \_ Fuel Network 32924 - \[Smart Contract - Insight\] sways legacy storage namespacing is broken and leads to collisions](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32924-smart-contract-insight-sways-legacy-storage-namespacing-is-broken-a)
* [Attackathon \_ Fuel Network 32935 - \[Smart Contract - Insight\] Insufficient trait duplication check](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32935-smart-contract-insight-insufficient-trait-duplication-check)
* [Attackathon \_ Fuel Network 32937 - \[Smart Contract - Insight\] Fallback function can be directly called with arguments as a named function](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32937-smart-contract-insight-fallback-function-can-be-directly-called-wit)
* [Attackathon \_ Fuel Network 32938 - \[Smart Contract - Insight\] Insufficient declaration shadowing check](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32938-smart-contract-insight-insufficient-declaration-shadowing-check)
* [Attackathon \_ Fuel Network 32973 - \[Smart Contract - Medium\] Impl block dependency overwriting](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32973-smart-contract-medium-impl-block-dependency-overwriting)
* [Attackathon \_ Fuel Network 32979 - \[Smart Contract - Low\] operations with StorageVec incorrectly revert due to the type size](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32979-smart-contract-low-operations-with-storagevec-incorrectly-revert-du)
* [Attackathon \_ Fuel Network 33039 - \[Smart Contract - High\] The subtraction function is not correctly implemented for signed integers which can lead to incorrect values being calculated](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33039-smart-contract-high-the-subtraction-function-is-not-correctly-imple)
* [Attackathon \_ Fuel Network 33045 - \[Smart Contract - Low\] Compiler Dead Code Elimination inconsistently removes arithmetic checks leading to missing assertions likely loss of funds](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33045-smart-contract-low-compiler-dead-code-elimination-inconsistently-re)
* [Attackathon \_ Fuel Network 33101 - \[Smart Contract - Insight\] Associated functions that were implemented for tuples or arrays cannot be called](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33101-smart-contract-insight-associated-functions-that-were-implemented-f)
* [Attackathon \_ Fuel Network 33139 - \[Smart Contract - Insight\] Unreachable panic in sway compiler when parsing malicious cfg in contract](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33139-smart-contract-insight-unreachable-panic-in-sway-compiler-when-pars)
* [Attackathon \_ Fuel Network 33140 - \[Smart Contract - Insight\] Sway compiler crash when compile malicious contract with error const](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33140-smart-contract-insight-sway-compiler-crash-when-compile-malicious-c)
* [Attackathon \_ Fuel Network 33168 - \[Smart Contract - High\] Incorrect Sign Determination In Multiply Divide Operations within IFP Implementations](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33168-smart-contract-high-incorrect-sign-determination-in-multiply-divide)
* [Attackathon \_ Fuel Network 33170 - \[Smart Contract - Medium\] UFP Exp In Sway-lib Logic Vulnerability](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33170-smart-contract-medium-ufp-exp-in-sway-lib-logic-vulnerability)
* [Attackathon \_ Fuel Network 33171 - \[Smart Contract - Insight\] panic on unwrapping in decl\_to\_type\_info](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33171-smart-contract-insight-panic-on-unwrapping-in-decl_to_type_info)
* [Attackathon \_ Fuel Network 33172 - \[Smart Contract - Insight\] OOB in type\_check\_analyze of ImplTrait](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33172-smart-contract-insight-oob-in-type_check_analyze-of-impltrait)
* [Attackathon \_ Fuel Network 33175 - \[Smart Contract - High\] Sway-lib Subtract i Logic Vulnerability](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33175-smart-contract-high-sway-lib-subtract-i-logic-vulnerability)
* [Attackathon \_ Fuel Network 33181 - \[Smart Contract - Insight\] users messages might encode incorrect data when they call deposit function on L erc bridge before the assetIssuerID is set](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33181-smart-contract-insight-users-messages-might-encode-incorrect-data-w)
* [Attackathon \_ Fuel Network 33186 - \[Smart Contract - Medium\] \_compute\_bytecode\_root goes to an infinite loop when bytecode is empty](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33186-smart-contract-medium-_compute_bytecode_root-goes-to-an-infinite-lo)
* [Attackathon \_ Fuel Network 33191 - \[Smart Contract - Insight\] Sway Formatting Behaves Differently Based On Architecture Of The Machine](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33191-smart-contract-insight-sway-formatting-behaves-differently-based-on)
* [Attackathon \_ Fuel Network 33195 - \[Smart Contract - High\] Incorrect Calculations in Subtraction Functions for Signed Integers](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33195-smart-contract-high-incorrect-calculations-in-subtraction-functions)
* [Attackathon \_ Fuel Network 33203 - \[Smart Contract - Insight\] function inlining doesnt consider asm blocks instr count which leads to bloating contract size](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33203-smart-contract-insight-function-inlining-doesnt-consider-asm-blocks)
* [Attackathon \_ Fuel Network 33207 - \[Smart Contract - Insight\] users created message when withdrawing from L-L is not possible to execute on L if the assetIssuerID got changed](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33207-smart-contract-insight-users-created-message-when-withdrawing-from)
* [Attackathon \_ Fuel Network 33227 - \[Smart Contract - High\] Lack of overflow protection in the pow functions for unsigned integers can lead to a loss of coins when calculating coin amounts](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33227-smart-contract-high-lack-of-overflow-protection-in-the-pow-function)
* [Attackathon \_ Fuel Network 33233 - \[Smart Contract - Medium\] Incorrect Implementation of Unsigned -bit Fixed Point Fractional Function](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33233-smart-contract-medium-incorrect-implementation-of-unsigned-bit-fixe)
* [Attackathon \_ Fuel Network 33239 - \[Smart Contract - Low\] Incorrect Implementation of IFP Min Functions](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33239-smart-contract-low-incorrect-implementation-of-ifp-min-functions)
* [Attackathon \_ Fuel Network 33240 - \[Smart Contract - Insight\] Incorrect Bitness in IFP Types](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33240-smart-contract-insight-incorrect-bitness-in-ifp-types)
* [Attackathon \_ Fuel Network 33242 - \[Smart Contract - High\] Incorrect Implementation of IFP Multiply and Divide Functions](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33242-smart-contract-high-incorrect-implementation-of-ifp-multiply-and-di)
* [Attackathon \_ Fuel Network 33248 - \[Smart Contract - High\] Incorrect Implementation of IFP Floor and Ceil Functions](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33248-smart-contract-high-incorrect-implementation-of-ifp-floor-and-ceil)
* [Attackathon \_ Fuel Network 33267 - \[Smart Contract - High\] Bug in Multiply and Divide function](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33267-smart-contract-high-bug-in-multiply-and-divide-function)
* [Attackathon \_ Fuel Network 33286 - \[Smart Contract - Insight\] panic on unwrapping in type\_check\_trait\_implementation](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33286-smart-contract-insight-panic-on-unwrapping-in-type_check_trait_impl)
* [Attackathon \_ Fuel Network 33295 - \[Smart Contract - Low\] Bug in array decoding can lead to critical security vulnerabilities in protocols built on Fuel](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33295-smart-contract-low-bug-in-array-decoding-can-lead-to-critical-secur)
* [Attackathon \_ Fuel Network 33302 - \[Smart Contract - Medium\] Exp function does not work correctly](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33302-smart-contract-medium-exp-function-does-not-work-correctly)
* [Attackathon \_ Fuel Network 33303 - \[Smart Contract - Medium\] Incorrect sign change](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33303-smart-contract-medium-incorrect-sign-change)
* [Attackathon \_ Fuel Network 33331 - \[Smart Contract - High\] Overflow in Types Less Than u](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33331-smart-contract-high-overflow-in-types-less-than-u)
* [Attackathon \_ Fuel Network 33351 - \[Smart Contract - Critical\] ABI supertraits methods are available externally](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33351-smart-contract-critical-abi-supertraits-methods-are-available-exter)
* [Attackathon \_ Fuel Network 33401 - \[Smart Contract - Insight\] insight compiler crash - trait dummy method was not properly replaced](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33401-smart-contract-insight-insight-compiler-crash-trait-dummy-method-wa)
* [Attackathon \_ Fuel Network 33407 - \[Smart Contract - Insight\] Missing Zero-Check for to Address in withdraw Function](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33407-smart-contract-insight-missing-zero-check-for-to-address-in-withdra)
* [Attackathon \_ Fuel Network 33433 - \[Smart Contract - Low\] Self-append in Bytes data structure causes memory corruption leading to potential DOS attacks](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33433-smart-contract-low-self-append-in-bytes-data-structure-causes-memor)
* [Attackathon \_ Fuel Network 33444 - \[Smart Contract - Insight\] Sway compiler crash for access out-of-bound memory in intrinsic function arguments check during semantic analysis](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33444-smart-contract-insight-sway-compiler-crash-for-access-out-of-bound)
* [Attackathon \_ Fuel Network 33451 - \[Smart Contract - Medium\] Incorrect code size estimation can bypass protocol security checks leading to loss of user funds](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33451-smart-contract-medium-incorrect-code-size-estimation-can-bypass-pro)
* [Attackathon \_ Fuel Network 33487 - \[Smart Contract - Insight\] Flags Do Not Affect Types Less Than u](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33487-smart-contract-insight-flags-do-not-affect-types-less-than-u)
* [Attackathon \_ Fuel Network 33488 - \[Smart Contract - Medium\] Insecure implementation of StorageMap could lead to unintended storage overwrite](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33488-smart-contract-medium-insecure-implementation-of-storagemap-could-l)
* [Attackathon \_ Fuel Network 33519 - \[Smart Contract - Critical\] Silent Stack overflow on variables between cross-contract calls](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33519-smart-contract-critical-silent-stack-overflow-on-variables-between)
Blockchain/DLT
* [Attackathon \_ Fuel Network 32271 - \[Blockchain\_DLT - Medium\] Incorrect state range access helper](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32271-blockchain_dlt-medium-incorrect-state-range-access-helper)
* [Attackathon \_ Fuel Network 32291 - \[Blockchain\_DLT - Insight\] Profiling is incorrect for dependent gas costs](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32291-blockchain_dlt-insight-profiling-is-incorrect-for-dependent-gas-cos)
* [Attackathon \_ Fuel Network 32465 - \[Blockchain\_DLT - High\] Abuse of CCP instruction to do cheap memory clears](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32465-blockchain_dlt-high-abuse-of-ccp-instruction-to-do-cheap-memory-cle)
* [Attackathon \_ Fuel Network 32486 - \[Blockchain\_DLT - Medium\] Public RPC node craches via GraphQL API](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32486-blockchain_dlt-medium-public-rpc-node-craches-via-graphql-api)
* [Attackathon \_ Fuel Network 32628 - \[Blockchain\_DLT - Medium\] A GraphQL query crashes core process](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32628-blockchain_dlt-medium-a-graphql-query-crashes-core-process)
* [Attackathon \_ Fuel Network 32695 - \[Blockchain\_DLT - Insight\] increasing processing for public nodes with rpc](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32695-blockchain_dlt-insight-increasing-processing-for-public-nodes-with)
* [Attackathon \_ Fuel Network 32768 - \[Blockchain\_DLT - Medium\] WDCM and WQCM doesnt respect the fuel-specs](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32768-blockchain_dlt-medium-wdcm-and-wqcm-doesnt-respect-the-fuel-specs)
* [Attackathon \_ Fuel Network 32825 - \[Blockchain\_DLT - High\] Consensus between -bit and -bit system can fail for LDC opcode](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32825-blockchain_dlt-high-consensus-between-bit-and-bit-system-can-fail-f)
* [Attackathon \_ Fuel Network 32860 - \[Blockchain\_DLT - Insight\] Resource Abuse CCP instruction is loading the contract into memory before charging GAS](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32860-blockchain_dlt-insight-resource-abuse-ccp-instruction-is-loading-th)
* [Attackathon \_ Fuel Network 32965 - \[Blockchain\_DLT - Critical\] Messages to L included even on reverts allows theft from bridge](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32965-blockchain_dlt-critical-messages-to-l-included-even-on-reverts-allo)
* [Attackathon \_ Fuel Network 32978 - \[Blockchain\_DLT - Insight\] isolating the node from the networkcausing OOM by resource exhaust](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32978-blockchain_dlt-insight-isolating-the-node-from-the-networkcausing-o)
* [Attackathon \_ Fuel Network 32987 - \[Blockchain\_DLT - Insight\] Sending a message with ETH and data to the FuelMessagePortal does not increase the balance on the L and users can not move the funds](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32987-blockchain_dlt-insight-sending-a-message-with-eth-and-data-to-the-f)
* [Attackathon \_ Fuel Network 33193 - \[Blockchain\_DLT - Medium\] Fuel SDKs ABI Decoder Behaves Differently Based On Architecture Of The Machine](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33193-blockchain_dlt-medium-fuel-sdks-abi-decoder-behaves-differently-bas)
* [Attackathon \_ Fuel Network 33346 - \[Blockchain\_DLT - Low\] Incorrect error handling when executing block can cause network shutdown by hanging the poa service of network nodes halting block production](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33346-blockchain_dlt-low-incorrect-error-handling-when-executing-block-ca)
* [Attackathon \_ Fuel Network 33360 - \[Blockchain\_DLT - Medium\] The typescript SDK has no awareness of to-be-spent transactions causing some transactions to fail or silently get pruned as they are funded with already used UTXOs](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33360-blockchain_dlt-medium-the-typescript-sdk-has-no-awareness-of-to-be)
* [Attackathon \_ Fuel Network 33450 - \[Blockchain\_DLT - Insight\] fuel\_gas\_price\_algorithm AlgorithmV may panic](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-33450-blockchain_dlt-insight-fuel_gas_price_algorithm-algorithmv-may-pani)
Websites and Applications
* [Attackathon \_ Fuel Network 32327 - \[Websites and Applications - Low\] REVISED Malicious Downtime via missing Input Validation on Fuel Wallet Browser Extension Backend GraphQL server](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32327-websites-and-applications-low-revised-malicious-downtime-via-missin)
* [Attackathon \_ Fuel Network 32459 - \[Websites and Applications - Low\] URGENT WEB funds drained using URL path based manipulation and injection an attacker can spoof domains on any important web dapp API call as legitimate domains](https://reports.immunefi.com/fuel-network-or-attackathon/attackathon-_-fuel-network-32459-websites-and-applications-low-urgent-web-funds-drained-using-url-pa)