Trail of Bits
Audit Open Original ↗

Scroll l2geth (initial)

Type

Security review

Client

Scroll

Date

2023-08

Domain

Blockchain

Effort

2 wks

Section

Scroll

Trail of Bits's security review of Scroll (Aug 2023) identified 7 issues: 1 medium, 4 low, and 2 informational.

Findings · 7

  1. 1 Transaction pool fails to drop transactions that cannot aord L1 fees Informational
  2. 2 Multiple instances of unchecked errors Low
  3. 3 Risk of double-spend attacks due to use of single-node Clique consensus without finality API Medium
  4. 4 Improper use of panic Low
  5. 5 Risk of panic from nil dereference due to flawed error reporting in addressToKey Informational
  6. 6 Risk of transaction pool admission denial of service Low
  7. 7 Syncing nodes fail to check consensus rule for L1 message count Low

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related