-
Notifications
You must be signed in to change notification settings - Fork 19
All issues
Issue creation is restricted in this repository
Issues
is:issue state:open
is:issue state:open
Search results
Chore: confirm soroban-sdk is latest; close out storage_change_events scanner noise
documentationImprovements or additions to documentationImprovements or additions to documentationenhancementNew feature or requestNew feature or requestseverity: lowLow severityLow severityStatus: Open.#77 In boundlessfi/boundless-contract;Deploy-script hardening: NETWORK path traversal, node -e injection, source .env.deploy
securitySecurity findingSecurity findingseverity: lowLow severityLow severityStatus: Open.#76 In boundlessfi/boundless-contract;CI hardening: pin actions to SHAs, drop unused id-token: write, verify stellar-cli tarball
securitySecurity findingSecurity findingseverity: mediumMedium severityMedium severityStatus: Open.#75 In boundlessfi/boundless-contract;verify-multisig.sh does not enforce ed25519 signer type (custody-policy bypass)
securitySecurity findingSecurity findingseverity: mediumMedium severityMedium severityStatus: Open.#74 In boundlessfi/boundless-contract;Admin tests bypass authorization via mock_all_auths (auth regressions invisible to CI)
help wantedExtra attention is neededExtra attention is neededsecuritySecurity findingSecurity findingseverity: mediumMedium severityMedium severityStatus: Open.#73 In boundlessfi/boundless-contract;Arithmetic hardening: saturating_add on earnings and next_event_id should be checked
bugSomething isn't workingSomething isn't workinggood first issueGood for newcomersGood for newcomerssecuritySecurity findingSecurity findingseverity: lowLow severityLow severityStatus: Open.#72 In boundlessfi/boundless-contract;Hackathon submit() has no submission cap or content_uri length limit
bugSomething isn't workingSomething isn't workingsecuritySecurity findingSecurity findingseverity: mediumMedium severityMedium severityStatus: Open.#71 In boundlessfi/boundless-contract;Manager delegation has no acceptance step (event control can be locked/hijacked)
bugSomething isn't workingSomething isn't workingsecuritySecurity findingSecurity findingseverity: mediumMedium severityMedium severityStatus: Open.#70 In boundlessfi/boundless-contract;Cancellation liveness: unbounded start_cancel loop + manager-only refund crank
bugSomething isn't workingSomething isn't workingsecuritySecurity findingSecurity findingseverity: highHigh severityHigh severityStatus: Open.#69 In boundlessfi/boundless-contract;op_id child derivation is XOR-malleable and profile OpSeen is squattable (payout DoS)
bugSomething isn't workingSomething isn't workingsecuritySecurity findingSecurity findingseverity: highHigh severityHigh severityStatus: Open.#68 In boundlessfi/boundless-contract;Connect Dune Analytics to the escrow contract for on-chain analytics
documentationImprovements or additions to documentationImprovements or additions to documentationenhancementNew feature or requestNew feature or requestStatus: Open.#66 In boundlessfi/boundless-contract;Competition/bounty payouts capped at 50 winners (MAX_WINNERS_PER_SELECT) — push-based select_winners can't scale
enhancementNew feature or requestNew feature or requestStatus: Open.#61 In boundlessfi/boundless-contract;