Origin Protocol

Findings · 11

1. 1 Marketplace OGN balance is drainable through withdrawListing High
2. 2 Disputes are front-runnable by a buyer Medium
3. 3 Remote code execution through arbitrary ERC20 implementation High
4. 4 ERC20 approve race conditions Informational
5. 5 Marketplace contract can trap funds if the whitelist is disabled Medium
6. 6 OriginToken contract migration breaks Marketplace ofer references High
7. 7 Withdrawn listing prevents seller from withdrawing submitted ofers Low
8. 8 Seller finalization of an ofer with an afiliate and commission results in trapped funds Medium
9. 9 OriginToken migration while unpaused leads to inconsistent state Medium
10. 10 Marketplace cannot be Paused Informational
11. 11 Tokens with external code execution can lead to thet of tokens through reentrancy High

Findings extracted from the published report PDF. See the full report below for details and remediation.