Immunefi Audit Competitions

Ctrlk

Powered by GitBook

On this page

Shardeum Core

Reports by Severity

Critical | High | Medium | Low | Insight

Critical

32982 - [BC - Critical] Crashing all Validators Vulnerability in eth_g...
32993 - [BC - Critical] Crashing Validators by triggering an uncaught e...
33086 - [BC - Critical] Complete shutdown of the transaction processing...
33151 - [BC - Critical] Front running initial account data distribution
33222 - [BC - Critical] An attacker can control which nodes can and can...
33277 - [BC - Critical] Validators can be crashed via GET
33278 - [BC - Critical] Improper input validation leads to DOS and tota...
33424 - [BC - Critical] Improper input validation in safeJsonParse lead...
33428 - [BC - Critical] Validators can be crashed via pp
33483 - [BC - Critical] shardeum validator bypass loop breaking increme...
33632 - [BC - Critical] Signature forgery on behalf of other nodes lead...
33637 - [BC - Critical] In get_tx_timestamp a prototype pollution bri...
33638 - [BC - Critical] In remove_timestamp_cache a prototype polluti...
33655 - [BC - Critical] Complete shutdown of the transaction processing...
33696 - [BC - Critical] Failure to validate golden ticket admin cert
33745 - [BC - Critical] A math quirk in Javascript allows anyone to tak...
33750 - [BC - Critical] Abusing setCertTime Transactions to drain node ...
33766 - [BC - Critical] Improper input validation in TransactionConsenu...
33872 - [BC - Critical] Infinite loop in shardeum
33922 - [BC - Critical] Steal Rewards and Take over Network by Faking A...
33925 - [BC - Critical] Improper input validation in fixDeserializedWra...
33941 - [BC - Critical] A missing check for the type of a variable allo...
33946 - [BC - Critical] Lack of voter deduplication in sync_trie_hashes...
33963 - [BC - Critical] Crashing the network by filling timestamp cache...
33972 - [BC - Critical] Inflating the votes of the hash for a malicious...
34012 - [BC - Critical] Improper input validation in repair_oos_account...
34019 - [BC - Critical] Lack of vote validation in sync_trie_hashes lea...
34020 - [BC - Critical] An alternative entry point with a separated but...
34053 - [BC - Critical] Malicious HTTP responses allow systemic applica...
34093 - [BC - Critical] lib-net can be used to force oom reap of shardu...
34201 - [BC - Critical] Prototype pollution vulnerability in remove_tim...
34252 - [BC - Critical] Bypass Certificate Signing Validation
34353 - [BC - Critical] Killing nodes by polluting tx timestamp cache o...
34456 - [BC - Critical] Lack of consensus validation in repair_oos_acco...
34476 - [BC - Critical] remove_timestamp_cache prototype pollution lead...
34481 - [BC - Critical] Bypassing sender verification in gossip-final-s...
34484 - [BC - Critical] Tricking legit node to signed maliciously contr...
34500 - [BC - Critical] Prototype pollution vulnerability in get_tx_tim...

High

33473 - [BC - High] Cross-chain replay attacks are possible due to ...
33576 - [BC - High] Lack of deduplication in joinarchiver requests ...
33848 - [BC - High] For the first cycles of the network a maliciou...
34349 - [BC - High] Archiver Join Limit Logic Error
34422 - [BC - High] Forcing the new POQo system to fail preventing ...

Medium

33044 - [BC - Medium] Preventing the network from loading by disconne...
33254 - [BC - Medium] The signature used to Gossip an UnjoinRequest h...

Low

32942 - [BC - Low] The ChainID and URL parameters that can modify ...

Insight

33395 - [BC - Insight] DoS attack on peer nodes through gossip-valid-j...
33520 - [BC - Insight] Inconsistent consensus issue for BlakeF precomp...
33735 - [BC - Insight] Network split due to the sync issue in PP modul...
33813 - [BC - Insight] Double slashing of validators
34364 - [BC - Insight] pp deserialization denial of service issue
34489 - [BC - Insight] ActivetsValidateRecordTypes do not check all th...

Reports by Type

Blockchain/DLT

32942 - [BC - Low] The ChainID and URL parameters that can modify ...
32982 - [BC - Critical] Crashing all Validators Vulnerability in eth_g...
32993 - [BC - Critical] Crashing Validators by triggering an uncaught e...
33044 - [BC - Medium] Preventing the network from loading by disconne...
33086 - [BC - Critical] Complete shutdown of the transaction processing...
33151 - [BC - Critical] Front running initial account data distribution
33222 - [BC - Critical] An attacker can control which nodes can and can...
33254 - [BC - Medium] The signature used to Gossip an UnjoinRequest h...
33277 - [BC - Critical] Validators can be crashed via GET
33278 - [BC - Critical] Improper input validation leads to DOS and tota...
33395 - [BC - Insight] DoS attack on peer nodes through gossip-valid-j...
33424 - [BC - Critical] Improper input validation in safeJsonParse lead...
33428 - [BC - Critical] Validators can be crashed via pp
33473 - [BC - High] Cross-chain replay attacks are possible due to ...
33483 - [BC - Critical] shardeum validator bypass loop breaking increme...
33520 - [BC - Insight] Inconsistent consensus issue for BlakeF precomp...
33576 - [BC - High] Lack of deduplication in joinarchiver requests ...
33632 - [BC - Critical] Signature forgery on behalf of other nodes lead...
33637 - [BC - Critical] In get_tx_timestamp a prototype pollution bri...
33638 - [BC - Critical] In remove_timestamp_cache a prototype polluti...
33655 - [BC - Critical] Complete shutdown of the transaction processing...
33696 - [BC - Critical] Failure to validate golden ticket admin cert
33735 - [BC - Insight] Network split due to the sync issue in PP modul...
33745 - [BC - Critical] A math quirk in Javascript allows anyone to tak...
33750 - [BC - Critical] Abusing setCertTime Transactions to drain node ...
33766 - [BC - Critical] Improper input validation in TransactionConsenu...
33813 - [BC - Insight] Double slashing of validators
33848 - [BC - High] For the first cycles of the network a maliciou...
33872 - [BC - Critical] Infinite loop in shardeum
33922 - [BC - Critical] Steal Rewards and Take over Network by Faking A...
33925 - [BC - Critical] Improper input validation in fixDeserializedWra...
33941 - [BC - Critical] A missing check for the type of a variable allo...
33946 - [BC - Critical] Lack of voter deduplication in sync_trie_hashes...
33963 - [BC - Critical] Crashing the network by filling timestamp cache...
33972 - [BC - Critical] Inflating the votes of the hash for a malicious...
34012 - [BC - Critical] Improper input validation in repair_oos_account...
34019 - [BC - Critical] Lack of vote validation in sync_trie_hashes lea...
34020 - [BC - Critical] An alternative entry point with a separated but...
34053 - [BC - Critical] Malicious HTTP responses allow systemic applica...
34093 - [BC - Critical] lib-net can be used to force oom reap of shardu...
34201 - [BC - Critical] Prototype pollution vulnerability in remove_tim...
34252 - [BC - Critical] Bypass Certificate Signing Validation
34349 - [BC - High] Archiver Join Limit Logic Error
34353 - [BC - Critical] Killing nodes by polluting tx timestamp cache o...
34364 - [BC - Insight] pp deserialization denial of service issue
34422 - [BC - High] Forcing the new POQo system to fail preventing ...
34456 - [BC - Critical] Lack of consensus validation in repair_oos_acco...
34476 - [BC - Critical] remove_timestamp_cache prototype pollution lead...
34481 - [BC - Critical] Bypassing sender verification in gossip-final-s...
34484 - [BC - Critical] Tricking legit node to signed maliciously contr...
34489 - [BC - Insight] ActivetsValidateRecordTypes do not check all th...
34500 - [BC - Critical] Prototype pollution vulnerability in get_tx_tim...

PreviousBoost _ Shardeum_ Ancillaries 34508 - [Websites and Applications - Critical] Malicious archiver can Next32942 - [BC - Low] The ChainID and URL parameters that can modify ...

Last updated 1 year ago

Was this helpful?

Reports by Severity
Reports by Type

Was this helpful?