ak1 data for issue #1690

code-423n4 · Aug 4, 2023 · fcc3209 · fcc3209
1 parent 2d00295
commit fcc3209
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/data/ak1-Q.md b/data/ak1-Q.md
@@ -0,0 +1,14 @@
+1. Use uint256 data type for nonce.
+For example, the below link, the nonce is treated with uint64.
+https://github.com/Tapioca-DAO/tapiocaz-audit/blob/bcf61f79464cfdc0484aa272f9f6e28d5de36a8f/contracts/tOFT/modules/BaseTOFTStrategyModule.sol#L126
+
+uint64 value can be easily reached. max value of uint64 is `18446744073709551615`
+
+2. unsafe use of block.chainId() . this may not be same for all the chains.
+
+when we look at one of the place in `TapOFT.sol`
+
+    function _getChainId() private view returns (uint256) {
+        return block.chainid; -------------------------------->> this will not be same across different chains.
+    }
+