Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Initia>Threat Model>Module block.move
GeneralOverview
Findings
Critical (3)
High (12)
Medium (4)
Low (9)
Informational (3)
DiscussionGeneral DiscussionImprove AMM testsBridge executor minting powerCharge before using valuesEmpty allowed_publishers array allows every address to publishERC20Keeper with custom contractsSuggestions for additional security checksTable handle overflow leads to abort
Threat ModelWhat are threat models?
stdlibModule block.moveModule table.moveModule event.moveModule type_info.moveModules any.move and copyable_any.moveModule address.moveModule cosmos.moveModule multisig.moveModule object.moveModule transaction_context.moveModule debug.moveModule table_key.moveModule account.moveModule base64.moveModule hex.moveModule from_bcs.moveModule json.moveModule oracle.moveModule code.moveModule zapping.moveModule dex.moveModule reward.moveModule comparator.moveModule managed_coin.moveModules decimal128.move and decimal256.moveModule string_utils.move
Audit ResultsSummary
AppendixProof of concept: Reference safety verifier bypass

Module block.move

Function: get_block_info

This unpermissioned function can be used to get the current block height and time stamp.

Zellic © 2025Back to top ↑