All Reports
Download PDF
Typhoon
2025-05-25
Critical1
High3
Medium3
Low0
Info1
About the Protocol
Privacy-preserving fund transfer protocol using modular mixer contracts on Starknet.
Findings (8)
C-01CriticalFixed
Encrypted notes can be arbitrarily altered and signatures can be replayed
Notes lack integrity protection allowing tampering and signature replay attacks.
H-01HighFixed
Merkle tree overwrite issue after max depth reached
Merkle tree entries can be overwritten once maximum depth is exceeded.
H-02HighFixed
withdraw_fee remains stuck in contract with no withdrawal mechanism
Collected withdrawal fees are permanently locked in the contract.
H-03HighFixed
newRootIndex should not use modulo with ROOT_HISTORY_SIZE
Modulo operation on root index causes incorrect root history tracking.
M-01MediumFixed
Inconsistent notesCount handling results in inconsistent results
Notes counter inconsistency affects multiple view functions.
Ready to Secure Your Project?
Let's discuss your project and ensure your security!