code-423n4 2022-03-joyn-findings issues

code-423n4 / 2022-03-joyn-findings

4 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Wrong constant definition

#105 code423n4 closed 2 years ago
1
Non unique token ID might lead to collusion

#104 code423n4 closed 2 years ago
2
QA Report

#103 code423n4 opened 2 years ago
2
Improper Upper Bound Definition on the Fee

#102 code423n4 closed 2 years ago
1
UNSAFE TRANSFERFROM HANDLE TRANSFER INCORRECTLY

#101 code423n4 closed 2 years ago
2
transfer on non-standard token will always fail and lead to lock of fund

#100 code423n4 closed 2 years ago
2
Gas Optimizations

#99 code423n4 opened 2 years ago
0
Gas Optimizations

#98 code423n4 opened 2 years ago
0
QA Report

#97 code423n4 opened 2 years ago
0
QA Report

#96 code423n4 opened 2 years ago
3
Gas Optimizations

#95 code423n4 opened 2 years ago
0
Gas Optimizations

#94 code423n4 opened 2 years ago
0
Initializer Can be Reinitialized

#93 code423n4 closed 2 years ago
1
Gas Optimizations

#92 code423n4 opened 2 years ago
1
Gas Optimizations

#91 code423n4 opened 2 years ago
0
Setting `RoyaltyVault.splitterShare` to value bigger than `10000` causes Denial of Service in `RoyaltyVault.sendToSplitter`

#90 code423n4 closed 2 years ago
1
QA Report

#89 code423n4 opened 2 years ago
0
QA Report

#88 code423n4 opened 2 years ago
0
Gas Optimizations

#87 code423n4 opened 2 years ago
0
QA Report

#86 code423n4 opened 2 years ago
0
`mintToken` will fail on non-standard token

#85 code423n4 closed 2 years ago
2
transferFrom on non standard ERC20 might lead to lose of funds

#84 code423n4 closed 2 years ago
2
ERC20 tokens with no return value will fail to transfer

#83 code423n4 opened 2 years ago
2
Unchecked return value when transferring tokens

#82 code423n4 closed 2 years ago
2
Not handling return value of transferFrom command can create inconsistency

#81 code423n4 opened 2 years ago
2
Funds cannot be withdrawn in `CoreCollection.withdraw`

#80 code423n4 opened 2 years ago
2
Implementation for setRoyaltyVault() is different than the specification / documentation

#79 code423n4 closed 2 years ago
3
Owner can call initialize multiple times in CoreCollection.sol

#78 code423n4 closed 2 years ago
1
Gas Optimizations

#77 code423n4 opened 2 years ago
0
QA Report

#76 code423n4 opened 2 years ago
0
SplitProxy and ProxyVault both have `fallback` and `receive` set to payable, opening possibilities of native assets getting stuck in contract

#75 code423n4 closed 2 years ago
3
`Splitter.incrementWindow` checks window incrementation value incorrectly, allowing any whitelisted user to steal earnings of other users

#74 code423n4 closed 2 years ago
2
`CoreCollection.setRoyaltyVault` doesn't check `royaltyVault.royaltyAsset` against `payableToken`, resulting in potential permanent lock of `payableTokens` in royaltyVault

#73 code423n4 opened 2 years ago
1
`CoreCollection.initialize` doesn't use the `onlyUninitialized` modifier, allowing arbitrary re-initialized by owner

#72 code423n4 closed 2 years ago
1
QA Report

#71 code423n4 opened 2 years ago
1
Gas Optimizations

#70 code423n4 opened 2 years ago
0
Gas Optimizations

#69 code423n4 opened 2 years ago
1
[WP-H12] `CoreCollection.sol` The owner won't be able to withdraw the funds due to the wrong ERC20 method being used in `withdraw()`

#68 code423n4 closed 2 years ago
2
[WP-H11] `Splitter.sol#incrementWindow()` Improper access control allows attacker to steal funds from all other beneficiaries of the Splitter

#67 code423n4 closed 2 years ago
1
QA Report

#66 code423n4 opened 2 years ago
1
[WP-H7] `CoreCollection.sol#initialize()` can be called again after initialized, making it possible for the owner to change the critical settings of the contract

#65 code423n4 closed 2 years ago
1
[WP-H6] `RoyaltyVault.sol#setPlatformFee()` unbounded `platformFee` allows a malicious/compromised `Owner` to rug the beneficiaries of the royaltyVault

#64 code423n4 closed 2 years ago
2
QA Report

#63 code423n4 opened 2 years ago
3
Gas Optimizations

#62 code423n4 opened 2 years ago
1
Unchecked return value of `payableToken.transferFrom(msg.sender, recipient, _amount)`

#61 code423n4 closed 2 years ago
1
Use safeTransferFrom instead of transferFrom or check the return of transferFrom

#60 code423n4 closed 2 years ago
2
QA Report

#59 code423n4 opened 2 years ago
1
Gas Optimizations

#58 code423n4 opened 2 years ago
0
QA Report

#57 code423n4 opened 2 years ago
1
Gas Optimizations

#56 code423n4 opened 2 years ago
1

Previous Next