A list of public issues our members collectively reported, ranging from critical vulnerabilities to minor flaws and weaknesses. All of these come from our bug hunting efforts to protect relevant apps in the Ethereum ecosystem. Ordered by date of publication.
| Project | Date | Description | Relevant links |
|---|---|---|---|
| Lido | 2023-06-09 | Unhandled exception in oracle code may lead to crashing | lidofinance/lido-oracle#389, https://blog.theredguild.org/question-until-it-crashes/ |
| Account Abstraction (ERC4337) reference bundler implementation | 2023-04-26 | Minor miscalculation of reputation | eth-infinitism/bundler#94 |
| ENS | 2023-03-27 | A critical vulnerability in the DNSSEC integration | https://blog.theredguild.org/how-to-almost-take-over-any-dns-domain-on-ens |
| Optimism Bedrock contest | 2023-02-20 | Gasless ETH bridging from L1 to L2 | sherlock-audit/2023-01-optimism-judging#71 |
| Arbitrum Nitro | 2022-12-08 | Gas griefing scenarios with return bombs in the Arbitrum bridge | https://www.notonlyowner.com/research/message-traps-in-the-arbitrum-bridge |
| Arbitrum Nitro | 2022-10-19 | A small flaw in logging data with events in a smart contract | OffchainLabs/nitro#1251 |
| OpenZeppelin Contracts | 2022-09-22 | Unexpected breaking change in ERC4626 smart contract | OpenZeppelin/openzeppelin-contracts#3721 |
| OpenZeppelin Contracts | 2022-09-20 | Unsolicited review of a smart contract in a release candidate | OpenZeppelin/openzeppelin-contracts#3711 |
| Lido | 2022-08-01 | Potential recovery of tokens from burner contract | lidofinance/lido-dao#443 |