Open Issues Need Help
View All on GitHubAI Summary: This GitHub issue describes a critical cross-chain bridge vulnerability (SCWE-XXX) where withdrawing an NFT from one chain to another fails to burn or lock the original token on the source chain. This oversight allows the same token to exist simultaneously on both chains, enabling double-spend attacks. Such a flaw compromises asset uniqueness and integrity, posing a significant security risk.
AI Summary: This GitHub issue describes SCWE-XXX, a weakness where smart contracts fail to validate that ERC20 token transfer amounts are greater than zero. While most ERC20 tokens permit zero-value transfers, some implementations revert, leading to unexpected production issues. This inconsistency can cause unexpected reverts, disrupt execution flow, and potentially introduce denial-of-service conditions or break integrations with non-standard tokens.
AI Summary: Analyze the provided OWASP Smart Contract Security (SCS) project information and the specific issue regarding improper decimal normalization in price-based calculations (SCWE-088). The task requires understanding the problem of misaligned decimals in smart contract arithmetic, the potential for exploitation, and the proposed solutions (decimal normalization, centralized utility functions, sanity checks). A concise explanation of the issue and its importance within the context of the larger SCS project is needed.
AI Summary: The task involves creating a new entry for the OWASP Smart Contract Weakness Enumeration (SCWE) database. This new entry, SCWE-XXX, will describe the vulnerability of smart contracts failing to validate oracle response fields (answer, answeredInRound, timestamp), leading to the use of stale or incomplete data. The task requires writing a clear and concise description of the vulnerability, explaining its importance, providing examples of vulnerable and secure code, and ensuring it doesn't duplicate existing SCWE entries.
AI Summary: The task is to add a new entry to the OWASP Smart Contract Weakness Enumeration (SCWE) catalog. The new entry, SCWE-XXX, describes the vulnerability of using price oracle feeds without validating that the returned price falls within a reasonable range. This requires writing a clear and concise description of the vulnerability, explaining its importance, providing examples of vulnerable and safe code, and ensuring it doesn't duplicate existing SCWE entries.