Automata

Findings · 13

1. 1 Upsert functions allow inserting the same data Informational
2. 2 _onFetchDataFromResolver does not return an error Informational
3. 3 Authorization mechanism is confusing Informational
4. 4 Continuous encoding and decoding of data is confusing and error prone Informational
5. 5 Certificate chain verification allows expired and irrelevant CRLs High
6. 6 Root CRL checks can be bypassed High
7. 7 Risc0- and sp1-based attestation may accept expired certificates High
8. 8 Constants have inconsistent endianness Informational
9. 9 CRL URI validation is inconsistent Informational
10. 10 Unclear definition and parsing of some header fields Low
11. 11 No length checks can lead to panics Informational
12. 12 Some state-changing functions do not emit events Informational
13. 13 Investigate failing differential fuzz tests Undetermined

Findings extracted from the published report PDF. See the full report below for details and remediation.