code-423n4 2021-05-nftx-findings issues

code-423n4 / 2021-05-nftx-findings

1 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Sorry, I used the wrong submission form, the recent issues are not relevant for NFTX 🤦‍♂️

#123 code423n4 closed 3 years ago
0
Hypervisor.stake does not transfer tokens

#122 code423n4 closed 3 years ago
0
Can lock more tokens than in contract

#121 code423n4 closed 3 years ago
0
Approval for NFT transfers is not removed after transfer

#120 code423n4 closed 3 years ago
0
Delegated transfer of owner fails

#119 code423n4 closed 3 years ago
0
Unbounded iteration

#118 code423n4 closed 3 years ago
0
Wrong TimeLockERC20 event emitted

#117 code423n4 closed 3 years ago
0
Missing events

#116 code423n4 closed 3 years ago
0
Vault factory owner can frontrun vault creators

#115 code423n4 closed 3 years ago
0
Missing parameter validation

#114 code423n4 closed 3 years ago
0
Potential reentrancy in the `swapTo` function of `NFTXVaultUpgradeable`

#113 code423n4 closed 3 years ago
1
Unchecked return value of `transfer` in `NFTXFeeDistributor`

#112 code423n4 closed 3 years ago
1
Should use `SafeMath` in `NFTXFeeDistributor`

#111 code423n4 closed 3 years ago
1
Can declare `__NFTXEligibility_init_bytes` external to save gas

#110 code423n4 closed 3 years ago
1
Unused variables and events in `NFTXMintRequestEligibility`

#109 code423n4 closed 3 years ago
2
User can avoid paying `directRedeemFee` by passively controlling the output of `getPseudoRand`

#108 code423n4 closed 3 years ago
0
Cannot set the variable `eligibilityManager` in `NFTXVaultFactoryUpgradeable`

#107 code423n4 closed 3 years ago
0
Contract `StakingTokenProvider` lacks a non-zero address check during initialization

#106 code423n4 closed 3 years ago
0
Inconsistency between the usage of `transfer` and `transferFrom` in `NFTXLPStaking`

#105 code423n4 closed 3 years ago
0
The `supportsInterface` function is not implemented in the `ERC1155HolderUpgradeable`

#104 code423n4 closed 3 years ago
1
Out-of-bound index access in `NFTXMintRequestEligibility`

#103 code423n4 closed 3 years ago
0
Contracts `NFTXDeferEligibility` and `NFTXUniqueEligibility` lack non-zero address checks during initialization.

#102 code423n4 closed 3 years ago
0
Contract `NFTXDeferEligibility` should not include a `constructor`

#101 code423n4 closed 3 years ago
0
Using calldata when not appropiate

#100 code423n4 opened 3 years ago
2
Emit order

#99 code423n4 closed 3 years ago
0
Gas optimizations

#98 code423n4 closed 3 years ago
0
Revert inside a loop

#97 code423n4 opened 3 years ago
1
uint256[25] ___gap argument in NFTXVaultUpgradeable Increases Deployment Costs For createVault()

#96 code423n4 closed 3 years ago
2
Missing SafeMath

#95 code423n4 closed 3 years ago
1
Any User Can Deploy Duplicate Vaults With Identical Assets and Symbols, Fragmenting Liquidity And Confusing Users

#94 code423n4 closed 3 years ago
2
Missing nonReentrant in swapTo

#93 code423n4 closed 3 years ago
0
Magic Numbers Used In onlyOwnerIfPaused Could Lead To Developer Error

#92 code423n4 closed 3 years ago
0
Two Duplicate "rescueTokens" Functions In NFTXFeeDistributor

#91 code423n4 opened 3 years ago
0
Overflow could lead to stealing funds

#90 code423n4 closed 3 years ago
1
Incorrect Type Specified For Argument _address In NFTXFeeDistributor.rescueTokens()

#89 code423n4 opened 3 years ago
0
NFTXLPStaking Is Subject To A Flash Loan Attack That Can Steal Nearly All Rewards/Fees That Have Accrued For A Particular Vault

#88 code423n4 opened 3 years ago
4
Upgradeable contracts not Upgradeable

#87 code423n4 opened 3 years ago
2
Reduce calls to vault.mintTo

#86 code423n4 closed 3 years ago
0
mintRequests can remain 0 when the token is erc721

#85 code423n4 closed 3 years ago
0
__Ownable_init will be called twice in multiple Eligibility contracts

#84 code423n4 opened 3 years ago
0
Inconsistence use require() message

#83 code423n4 closed 3 years ago
0
lack of zero address validation

#82 code423n4 opened 3 years ago
0
unimplemented-functions in BeaconProxy.sol

#81 code423n4 closed 3 years ago
1
Missing pool existence check in balanceOf

#80 code423n4 opened 3 years ago
0
Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom

#79 code423n4 opened 3 years ago
0
Randomization of NFTs returned in redeem/swap operations can be brute-forced

#78 code423n4 opened 3 years ago
1
Front-running risk of direct redeem/swap operations

#77 code423n4 closed 3 years ago
0
Missing call to afterRedeemHook in swapTo()

#76 code423n4 closed 3 years ago
0
An attacker can cause an overflow in the flashLoan function

#75 code423n4 closed 3 years ago
1
NFTs initially of similar price may change significantly in value leading to unfair ownership changes

#74 code423n4 closed 3 years ago
1