-
Bauer
high
# The last NFT owner may be unable to claim the reward
## Summary
The deletion in the burn function removes the `balances[balances.length - 1]` element, causing the owner of this …
-
Bauer
high
# The removeFromOffice() function is implemented incorrectly
## Summary
In the `removeFromOffice()` function,it does not clear the approval, allowing the approved user to retain permissi…
-
The idea is to have the standard deployments page(`https://docs.sablier.com/contracts/v2/deployments`) for 2.1 contracts and then we should add a note with a hyperlink that points to the old (2.0) dep…
-
-
Jaraxxus
medium
# Council members can transfer their NFTs to someone else
## Summary
Council Members can transfer their NFTs although they are not supposed to.
## Vulnerability Detail
Protocol m…
-
Current behaviour: An error is logged when a Transfer event is emitted and a stream doesn't already exist, this will occur everytime a new stream is created as when a StreamNFT is created the action o…
-
0xadrii
high
# Denial of service in mint() after burning an NFT
## Summary
The `mint()` function incorrectly uses the `totalSupply()` function to set the new tokenId to be minted, which br…
-
6160.web3
medium
# Not imported a specific member from the module
## Summary
Specific members of the modules should be imported
## Vulnerability Detail
It is a better practice and more secure to im…
-
Over time, many users have asked us when gas fees are paid. We should clarify in the docs that gas is paid only at deposit and withdrawal time.
-
iberry
high
# TelcoinDistributor: recoverERC20() can be used as a backdoor by the owner to retrieve Token, the owner can rug token
## Summary
"The recoverERC20 function poses a risk of the owner r…