PatStiles
PatStiles
## Overview The [`BatcherPaymentService`](https://github.com/yetanotherco/aligned_layer/blob/testnet/contracts/src/core/BatcherPaymentService.sol#L55) contract does not implement a way to prevent frontrunning during the initialization step. ## Mitigation Implement access control checks in the [`BatcherPaymentService`](https://github.com/yetanotherco/aligned_layer/blob/testnet/contracts/src/core/BatcherPaymentService.sol#L55) contract to prevent frontrunning...
## Overview: The [`fetch_batch_data_pointer`](https://github.com/yetanotherco/aligned_layer/blob/staging/explorer/lib/explorer_web/live/utils.ex#L182) function in the [`explorer`](explorer/lib/explorer_web/live/utils.ex) is vulnerable to an OOM attack. The function reads the entire response body without any limitation, which can lead to an OOM...
Upon initialization the batcher currently fetches the last block from an rpc node by invoking the `getBlockNumber` JSON-RPC call. Ideally we should register the last submitted batch block and reference...
## Overview: [`AlignedLayerServiceManager`](https://github.com/yetanotherco/aligned_layer/blob/staging/contracts/src/core/AlignedLayerServiceManager.sol#L43) contract initialize step can be frontrun in some cases. ## Detailed Behavior: The [`AlignedLayerServiceManager`](https://github.com/yetanotherco/aligned_layer/blob/staging/contracts/src/core/AlignedLayerServiceManager.sol#L43) contract does not implement a way to prevent frontrunning during the initialization step....
## Overview: The Docker files used to build the project images in: `explorer/Dockerfiles` `operator/docker/operator.Dockerfile` do not have a `HEALTHCHECK` directive. ## Mitigation: Use the `HEALTHCHECK` directive in the Dockerfiles to...
## Overview: The Docker files don't use the `USER` directive to specify the user that the image should run as. By default, Docker runs the image as the root user....
## Overview: The Dockerfiles used to build the project images update the package manager cache without installing any packages in the same layer and delete the apt-get lists after. ##...
## Overview: The Dockerfiles used to build the project are vulnerable to supply chain attacks. The vulnerability lies in the `FROM` directive in the Dockerfiles. The FROM directive is used...
We currently lack a CI runner for the examples in the repo. Add one so we can catch when packages are incompatible.
# `has_enough_balance` used current_max_fee + new_max_fee in replacement message ## Description Currently the user balance is checked to ensure a user can pay for all there submitted proofs. Currently this...