Trail of Bits
Audit Open Original ↗

Nested Tetris/HyVM

Type

Security review

Client

Nested Finance

Date

2023-06

Domain

Blockchain

Effort

1 wk

Section

Ethereum/EVM

Trail of Bits's security review of Nested Finance (Jun 2023) identified 6 issues: 2 high, 1 medium, and 3 informational.

Findings · 6

  1. 1 Trusted forwarder can take over the WalletFactory contract High
  2. 2 Lack of contract existence check on StaticHyVM High
  3. 3 Address aliasing on optimistic rollups is not considered Informational
  4. 4 Undocumented expectations for state-changing operations in HyVM Informational
  5. 5 Invalid EVM versions possible in multi-chain deployment Informational
  6. 6 executeCall will always revert when sending native tokens Medium

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related