Cyfrin 2023-08-sparkn issues

Cyfrin / 2023-08-sparkn

Other

11 stars 15 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Missing features to manage whitelist tokens

#941 codehawks-bot closed 1 year ago
0
Duplicate winners are possible

#940 codehawks-bot closed 1 year ago
3
Funds can be stuck on Proxy or will be sent to owner beneficial addresses by owner if winners or supporters is 0.

#939 codehawks-bot closed 1 year ago
1
Make `COMMISSION_FEE` of storage type if protocol want change it in future w/o re deploying the contract

#938 codehawks-bot closed 1 year ago
1
`Organizer` can be malicious and transfer *95%* of the funds from Contest contract to himself by passing only himself in winners array.

#937 codehawks-bot opened 1 year ago
2
Rounding error in disribute for lop

#936 codehawks-bot opened 1 year ago
0
DoS: Blacklisted user may prevent _distribute()

#935 codehawks-bot opened 1 year ago
0
`ProxyFactory.deployProxyAndDistributeBySignature` is vulnerable to front running

#934 codehawks-bot closed 1 year ago
1
The `deployProxyAndDistributeByOwner` and `distributeByOwner` miss an important check

#933 codehawks-bot closed 1 year ago
1
The `deployProxyAndDistribute` and `deployProxyAndDistributeBySignature` miss an important check

#932 codehawks-bot closed 1 year ago
1
There is no validation that signature is reused in `ProxyFactory.deployProxyAndDistributeBySignature`

#931 codehawks-bot opened 1 year ago
0
Some user could be blacklisted by ERC-20 tokens like USDC/USDT/WBTC which could DOS `_distribute`.

#930 codehawks-bot opened 1 year ago
0
Correct implementation check in setContest

#929 codehawks-bot opened 1 year ago
0
Winner can grief by providing USDC blacklisted address, causing all transfers to fail

#928 codehawks-bot opened 1 year ago
0
Percentage of 0 for a winner may cause transaction to revert

#927 codehawks-bot closed 1 year ago
0
Organizer unable to distribute to a large amount of winners

#926 codehawks-bot opened 1 year ago
0
Organizer can maliciously claim funds with their own address or one they control

#925 codehawks-bot opened 1 year ago
0
Functions `deployProxyAndDistributeByOwner` and ` distributeByOwner` doesn't check if the contest is closed or not.

#924 codehawks-bot closed 1 year ago
1
The input calldata value `data` in the function `deployProxyAndDistribute` should be checked if its length is 0

#923 codehawks-bot closed 1 year ago
1
The `winners` addresses are not checked if it is zero address

#922 codehawks-bot opened 1 year ago
0
Multiple Unbounded Loops

#921 codehawks-bot opened 1 year ago
0
Potential DOS with Block Gas Limit

#920 codehawks-bot opened 1 year ago
2
`0` value transfers may do event poisoning and even revert

#919 codehawks-bot closed 1 year ago
0
Missing sanity checks can lead to wrong scenarios

#918 codehawks-bot closed 1 year ago
1
Single-step ownership change introduces risks

#917 codehawks-bot closed 1 year ago
0
Some tokens allow a winner to DoS at `distribute`

#916 codehawks-bot opened 1 year ago
0
If a winner is blacklisted on any of the tokens they can't receive their funds

#915 codehawks-bot opened 1 year ago
8
No zero address checks in `proxy.sol`

#914 codehawks-bot closed 1 year ago
3
Inability to _fairly_ distribute rewards in the future when SparkN scales up

#913 codehawks-bot opened 1 year ago
0
Currently if organizer signs on a request there are no deadlines for this to expire

#912 codehawks-bot opened 1 year ago
0
ProxyFactory imports OpenZeppelin's Ownable.sol which lacks a 2-step ownership transfer

#911 codehawks-bot closed 1 year ago
4
Non-inclusive checks currently break contract's logic in a few instances

#910 codehawks-bot closed 1 year ago
1
Organizers reputation could be massively destroyed based on current implementation

#909 codehawks-bot closed 1 year ago
1
Usage of `block.timestamp` is unreliable

#908 codehawks-bot closed 1 year ago
1
Out of gas error when distributing funds

#907 codehawks-bot opened 1 year ago
0
Coins with low decimals could cause inaccurate reward calculation

#906 codehawks-bot closed 1 year ago
1
Rewards can be stolen by a malicious tx to `Proxy`

#905 codehawks-bot closed 1 year ago
1
Organizer has no incentive to actually deploy the `Proxy`

#904 codehawks-bot opened 1 year ago
0
Rewards can be stolen by malicious Proxy deployments

#903 codehawks-bot closed 1 year ago
1
Design flaw in the _distribute() can unexpectedly drain the rescue requestor's stuck token

#902 codehawks-bot closed 1 year ago
5
Unsafe ownership removal of the ProxyFactory contract

#901 codehawks-bot closed 1 year ago
0
Unsafe ownership transfer of the ProxyFactory contract

#900 codehawks-bot closed 1 year ago
0
Permanently freezing tokens in all Proxy contracts if the fee collector gets blacklisted

#899 codehawks-bot opened 1 year ago
0
The distributeByOwner() can mistakenly drain all tokens from an incorrect Proxy

#898 codehawks-bot opened 1 year ago
0
Insufficient validation leads to locking up prize tokens forever

#897 codehawks-bot opened 1 year ago
12
Lack of checking the existence of the Proxy contract

#896 codehawks-bot opened 1 year ago
0
The same contestId can be assigned for different contests

#895 codehawks-bot opened 1 year ago
0
Potential DoS when the list of winner is large

#894 codehawks-bot opened 1 year ago
0
Transfers for Fee-On-Transfer

#893 codehawks-bot closed 1 year ago
1
Centralize all interfaces within a single directory

#892 codehawks-bot closed 1 year ago
1