code-423n4 2022-12-forgeries-findings issues

code-423n4 / 2022-12-forgeries-findings

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Wrong calculation of MONTH_IN_SECONDS

#358 code423n4 closed 1 year ago
2
QA Report

#357 code423n4 closed 1 year ago
1
winnerClaimNFT() does not check if recipient can receive ERC721

#356 code423n4 closed 1 year ago
2
Miners Can Re-Roll the VRF Output to Game the Protocol

#355 code423n4 closed 1 year ago
2
Gas Optimizations

#354 code423n4 opened 1 year ago
3
QA Report

#353 code423n4 closed 1 year ago
1
QA Report

#352 code423n4 closed 1 year ago
1
Gas Optimizations

#351 code423n4 closed 1 year ago
1
QA Report

#350 code423n4 closed 1 year ago
1
QA Report

#349 code423n4 closed 1 year ago
3
LOWER BOUNDARY OF DRAWING TOKEN RANGE IS TOO LOW

#348 code423n4 closed 1 year ago
2
QA Report

#347 code423n4 closed 1 year ago
2
The ```recoverTimelock``` does not sufficiently protect against an admin withdrawing the NFT before a user is able to claim it

#346 code423n4 closed 1 year ago
3
QA Report

#345 code423n4 opened 1 year ago
1
DoS after creating 100 raffles under one subscriptionID

#344 code423n4 closed 1 year ago
8
Draw admin/owner can rug the winner after `recoverTimelock` expires.

#343 code423n4 closed 1 year ago
3
Gas Optimizations

#342 code423n4 closed 1 year ago
1
Attacker can disable contract functionality

#341 code423n4 closed 1 year ago
1
Malicious ChainLink's VRF manager can decide to not whitelist VRFNFTRandomDraw or brick ongoing raffles

#340 code423n4 closed 1 year ago
3
Bad actor can burn `VRFCoordinatorV2` LINK's balance

#339 code423n4 closed 1 year ago
1
QA Report

#338 code423n4 closed 1 year ago
1
Gas Optimizations

#337 code423n4 closed 1 year ago
1
State variables should be cleaned/reset in `lastResortTimelockOwnerClaimNFT()` call

#336 code423n4 closed 1 year ago
2
Gas Optimizations

#335 code423n4 closed 1 year ago
1
Frontrunning the `winnerClaimNFT` is possible

#334 code423n4 closed 1 year ago
6
QA Report

#333 code423n4 opened 1 year ago
2
Gas Optimizations

#332 code423n4 opened 1 year ago
1
Owner can potentially prevent winner from claiming by starting draw after recover timelock and then calling lastResortTimelockOwnerClaimNFT

#331 code423n4 closed 1 year ago
3
Raffle is fair only if `tokenRange` is a power of 2.

#330 code423n4 closed 1 year ago
2
In consistent parameters settings can break the business logic

#329 code423n4 closed 1 year ago
2
QA Report

#328 code423n4 closed 1 year ago
1
Gas Optimizations

#327 code423n4 closed 1 year ago
1
safeTransfer should be used instead of transferFrom in `winnerClaimNFT`

#326 code423n4 closed 1 year ago
2
The parameters in the setting of the draw are in consistent

#325 code423n4 closed 1 year ago
2
Gas Optimizations

#324 code423n4 opened 1 year ago
1
QA Report

#323 code423n4 opened 1 year ago
1
Function `fulfillRandomWords` in VRFNFTRandomDraw contract must not revert

#322 code423n4 closed 1 year ago
3
Generalized frontrunning risk for claiming winnings due to `request.currentChosenTokenId` being public

#321 code423n4 closed 1 year ago
2
QA Report

#320 code423n4 opened 1 year ago
1
QA Report

#319 code423n4 closed 1 year ago
1
The owner can swap the proxy implementation with a malicious one

#318 code423n4 closed 1 year ago
1
Gas Optimizations

#317 code423n4 opened 1 year ago
1
ERC20 can be mistakenly used instead of ERC721

#316 code423n4 closed 1 year ago
2
QA Report

#315 code423n4 closed 1 year ago
1
Wrong value of MONTH_IN_SECONDS could make it impossible to recover NFT in 7 years

#314 code423n4 closed 1 year ago
3
Weak PRNG

#313 code423n4 closed 1 year ago
2
Unprotected contract

#312 code423n4 closed 1 year ago
2
QA Report

#311 code423n4 closed 1 year ago
1
Gas Optimizations

#310 code423n4 closed 1 year ago
1
Gas Optimizations

#309 code423n4 closed 1 year ago
1