Security concerns in MystenLabs/sui
I was looking through the codebase and found a few patterns that might be security-sensitive. Targeting this to Bug Bounty if it hasn't been caught already.
Found 40 items total: 0 critical, 3 high, 5 medium, 32 low.
reentrancy — bridge/evm/contracts/SuiBridgeV2.sol line 152
Severity: HIGH
Language: Solidity
Potential reentrancy — external call before state update
(bool success,) = payable(address(vault)).call{value: amount}("");
reentrancy — bridge/evm/contracts/SuiBridge.sol line 210
Severity: HIGH
Language: Solidity
Potential reentrancy — external call before state update
(bool success,) = payable(address(vault)).call{value: amount}("");
reentrancy — bridge/evm/contracts/BridgeVault.sol line 62
Severity: HIGH
Language: Solidity
Potential reentrancy — external call before state update
(bool success,) = recipientAddress.call{value: amount}("");
Some of these might be false positives — just wanted to put them on your radar. Happy to provide more context if any of these look actionable.
Security concerns in MystenLabs/sui
I was looking through the codebase and found a few patterns that might be security-sensitive. Targeting this to Bug Bounty if it hasn't been caught already.
Found 40 items total: 0 critical, 3 high, 5 medium, 32 low.
reentrancy — bridge/evm/contracts/SuiBridgeV2.sol line 152
Severity: HIGH
Language: Solidity
Potential reentrancy — external call before state update
reentrancy — bridge/evm/contracts/SuiBridge.sol line 210
Severity: HIGH
Language: Solidity
Potential reentrancy — external call before state update
reentrancy — bridge/evm/contracts/BridgeVault.sol line 62
Severity: HIGH
Language: Solidity
Potential reentrancy — external call before state update
Some of these might be false positives — just wanted to put them on your radar. Happy to provide more context if any of these look actionable.