Trail of Bits
Audit Open Original ↗

Lisk Smart Contracts

Type

Security review

Client

Lisk

Date

2024-05

Domain

Blockchain

Effort

4 wks

Section

Ethereum/EVM

Trail of Bits's security review of Lisk (May 2024) identified 12 issues: 2 medium, 3 low, and 7 informational.

Findings · 12

  1. 1 Users can bypass the minimum lock duration Low
  2. 2 Removing L2Reward from allowedCreators will freeze all positions created through the contract Low
  3. 3 Missing certificate validation Medium
  4. 4 Synchronous function calls inside asynchronous functions Informational
  5. 5 Hard-coded credentials Low
  6. 6 Use of outdated libraries Informational
  7. 7 Stack traces in Express are not disabled Informational
  8. 8 Docker Compose ports exposed on all interfaces Informational
  9. 9 Extending the duration of an expired position can break protocol accounting Medium
  10. 10 Insucient event generation Informational
  11. 11 Users are charged a larger penalty for fast unlocks than necessary Informational
  12. 12 Potential for huge gas consumption in updateGlobalState and calculateRewards Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related