Active Boosts

VeChain Hayabusa Upgrade | Attackathon

Reports by Severity

Critical

  • #55632 [BC-Critical] Delegation submitted in the same period before a validator exit will be permanently frozen

Medium

  • #55957 [SC-Medium] checkStake does not check for uint64 overflow

  • #56611 [BC-Medium] Remote P2P Crash During Sync (Thor default configuration)

  • #57055 [BC-Medium] DOS via P2P during block header validation using bad proof

Low

  • #57136 [BC-Low] TxPool priority cache lets base-fee swings reduce proposers tips

Insight

  • #57021 [BC-Insight] Lack of Panic Recovery in housekeeping Goroutine Creates Potential for Denial of Service

  • #57412 [SC-Insight] Gas Optimization Insight: Improve Gas Cost Efficiency by the Use of Custom Errors in Staker.sol Contract

  • #55711 [SC-Insight] Redundant Gas Charge in native_addValidation Function Leads to Unnecessary Gas Costs

  • #56626 [BC-Insight] Trivial renewalList Bloat Attack Exploits Unmetered Database Writes to Increase Block Processing Time, Risking BFT Disruption

  • #56629 [BC-Insight] There is an issue in Mapping Gas Undercharge and is Enables ≥30% Extra Node Work Per Unit Gas

  • #55806 [BC-Insight] Critical: Missing Input Validation in Governance Parameter Allows Malicious Underflow, Leading to Permanent Freeze of All DPoS Rewards

  • #56454 [BC-Insight] Gas Undercharging threatens HAYABUSA network upgrade

  • #57468 [BC-Insight] There is an issue about Zero VTHO Generation During Hayabusa Transition Period

  • #56362 [BC-Insight] During addValidation if PoS not active, Authority.Native(env.State()).Get() should consume double the gas

  • #55524 [BC-Insight] Null body transaction submission crashes RPC handler

  • #55926 [BC-Insight] totalSupply() overstates circulating VTHO

  • #56256 [BC-Insight] Redundant SLOAD for Global Endorsement Parameter

  • #56513 [BC-Insight] During the call to native_issuance, there's a missing gas charge before call to CalculateRewards

  • #56367 [SC-Insight] Staker Gas Optimization: Public to External Visibility

  • #56187 [BC-Insight] Brittle, Hardcoded Gas Metering Model

  • #56403 [BC-Insight] There is a problem in the DPoS Threshold Switch Undercounts Votes at Hayabusa Activation

  • #56045 [BC-Insight] Block Packing Starvation via Oversized Priority Transactions

  • #57179 [BC-Insight] During the call to native_totalSupply, there's missing gas charges

  • #55925 [BC-Insight] Underpriced supply queries enable cheap CPU DoS

  • #56345 [BC-Insight] There is an issue related to strict threshold Breaks Exact 2/3, and is Causing Finality Freeze

  • #56761 [BC-Insight] The check for integer overflow in the function staker.go#checkStake() is incorrect

  • #56657 [BC-Insight] Inactive Validator Scheduling Bypass in VeChain Thor PoS Consensus Mechanism

  • #56946 [BC-Insight] The code comparing two big.In pointers for equality, not their numeric values

Reports by Type

Smart Contract

  • #57412 [SC-Insight] Gas Optimization Insight: Improve Gas Cost Efficiency by the Use of Custom Errors in Staker.sol Contract

  • #55711 [SC-Insight] Redundant Gas Charge in native_addValidation Function Leads to Unnecessary Gas Costs

  • #55957 [SC-Medium] checkStake does not check for uint64 overflow

  • #56367 [SC-Insight] Staker Gas Optimization: Public to External Visibility

Blockchain/DLT

  • #57021 [BC-Insight] Lack of Panic Recovery in housekeeping Goroutine Creates Potential for Denial of Service

  • #56626 [BC-Insight] Trivial renewalList Bloat Attack Exploits Unmetered Database Writes to Increase Block Processing Time, Risking BFT Disruption

  • #56629 [BC-Insight] There is an issue in Mapping Gas Undercharge and is Enables ≥30% Extra Node Work Per Unit Gas

  • #55806 [BC-Insight] Critical: Missing Input Validation in Governance Parameter Allows Malicious Underflow, Leading to Permanent Freeze of All DPoS Rewards

  • #56454 [BC-Insight] Gas Undercharging threatens HAYABUSA network upgrade

  • #57468 [BC-Insight] There is an issue about Zero VTHO Generation During Hayabusa Transition Period

  • #56362 [BC-Insight] During addValidation if PoS not active, Authority.Native(env.State()).Get() should consume double the gas

  • #55524 [BC-Insight] Null body transaction submission crashes RPC handler

  • #55926 [BC-Insight] totalSupply() overstates circulating VTHO

  • #56256 [BC-Insight] Redundant SLOAD for Global Endorsement Parameter

  • #56513 [BC-Insight] During the call to native_issuance, there's a missing gas charge before call to CalculateRewards

  • #56187 [BC-Insight] Brittle, Hardcoded Gas Metering Model

  • #56611 [BC-Medium] Remote P2P Crash During Sync (Thor default configuration)

  • #56403 [BC-Insight] There is a problem in the DPoS Threshold Switch Undercounts Votes at Hayabusa Activation

  • #56045 [BC-Insight] Block Packing Starvation via Oversized Priority Transactions

  • #57179 [BC-Insight] During the call to native_totalSupply, there's missing gas charges

  • #55925 [BC-Insight] Underpriced supply queries enable cheap CPU DoS

  • #56345 [BC-Insight] There is an issue related to strict threshold Breaks Exact 2/3, and is Causing Finality Freeze

  • #56761 [BC-Insight] The check for integer overflow in the function staker.go#checkStake() is incorrect

  • #56657 [BC-Insight] Inactive Validator Scheduling Bypass in VeChain Thor PoS Consensus Mechanism

  • #57055 [BC-Medium] DOS via P2P during block header validation using bad proof

  • #56946 [BC-Insight] The code comparing two big.In pointers for equality, not their numeric values

  • #55632 [BC-Critical] Delegation submitted in the same period before a validator exit will be permanently frozen

  • #57136 [BC-Low] TxPool priority cache lets base-fee swings reduce proposers tips

Previous49787 sc high batched yield distribution doesn t account for transfers purchases between batchesNext57468 bc insight there is an issue about zero vtho generation during hayabusa transition period

Was this helpful?