issues
search
code-423n4
/
2022-12-forgeries-findings
0
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
QA Report
#308
code423n4
opened
1 year ago
1
Gas Optimizations
#307
code423n4
opened
1 year ago
1
Gas Optimizations
#306
code423n4
closed
1 year ago
1
No check or guard for non-sequential drawingToken's tokenId
#305
code423n4
closed
1 year ago
5
Use safeTransferFrom instead of transferFrom for ERC721 transfers
#304
code423n4
closed
1 year ago
2
Potential race condition when claiming prize
#303
code423n4
closed
1 year ago
2
QA Report
#302
code423n4
closed
1 year ago
2
QA Report
#301
code423n4
closed
1 year ago
1
Owners can delay the call to `startDraw` to reject the draw result
#300
code423n4
closed
1 year ago
3
`VRFNFTRandomDraw.redraw()` should be able to be called by users.
#299
code423n4
closed
1 year ago
3
Delayed contests might be rugpulled by admin
#298
code423n4
closed
1 year ago
4
QA Report
#297
code423n4
closed
1 year ago
1
Prize token can overlap with drawingToken and prize tokens from other draws.
#296
code423n4
closed
1 year ago
3
Gas Optimizations
#295
code423n4
closed
1 year ago
1
QA Report
#294
code423n4
opened
1 year ago
1
Gas Optimizations
#293
code423n4
closed
1 year ago
1
The way the winner claiming NFT is vulnerable to flashloan attack.
#292
code423n4
closed
1 year ago
2
A compromised owner of VRFNFTRandomDraw can claim the NFT to another accomplice addresss
#291
code423n4
closed
1 year ago
1
QA Report
#290
code423n4
closed
1 year ago
1
Gas Optimizations
#289
code423n4
closed
1 year ago
1
recoverTimelock can have a value shorter than the winner's deadline to claim
#288
code423n4
closed
1 year ago
3
[NAZ-M1] `fulfillRandomWords()` Must Not Revert
#287
code423n4
closed
1 year ago
1
Any airdrop from the NFT will be locked on `VRFNFTRandomDraw` forever
#286
code423n4
closed
1 year ago
3
In case the winner is the `address(0)`
#285
code423n4
closed
1 year ago
1
After the redrawing the winner can lose his NFT for the Admin
#284
code423n4
closed
1 year ago
3
Malicious drawingToken can make bad actor claim the raffle NFT
#283
code423n4
closed
1 year ago
2
The NFT can be transferred to the owner immediately after ``startDraw()``
#282
code423n4
closed
1 year ago
3
Low value for minimumRequestConfirmations can cause issues in chains with frequent chain reorgs
#281
code423n4
closed
1 year ago
3
Use of resignOwnership can lead to stuck NFT in contract
#280
code423n4
closed
1 year ago
5
QA Report
#279
code423n4
closed
1 year ago
1
Gas Optimizations
#278
code423n4
closed
1 year ago
1
QA Report
#277
code423n4
closed
1 year ago
1
The `transferFrom()` method is used instead of `safeTransferFrom()`, which I assume is a gas-saving measure. I however argue that this isn’t recommended because:
#276
code423n4
closed
1 year ago
2
Choosing a cheap gas lane may result in no winners
#275
code423n4
closed
1 year ago
2
If the subscription does not have enough funds the winner can not be chosen
#274
code423n4
closed
1 year ago
2
Protocol safeguards for time durations are skewed by a factor of 7. Protocol may potentially lock NFT for period of 7 years.
#273
code423n4
opened
1 year ago
4
Draw organizer can rig the draw to favor certain participants such as their own account.
#272
code423n4
opened
1 year ago
13
Draw organizer can time draws so that user's have the illusion of fair random, but draw can be cancelled.
#271
code423n4
closed
1 year ago
3
Draw can be configured without uncancellable-redraw mechanism
#270
code423n4
closed
1 year ago
3
Non-uniform distribution of random causes unfair draws
#269
code423n4
closed
1 year ago
2
Draws can be initiated without startDraw() call, which can cause confusion and state mismatch.
#268
code423n4
closed
1 year ago
3
Winner can call claim multiple times
#267
code423n4
closed
1 year ago
1
Gas Optimizations
#266
code423n4
closed
1 year ago
1
There is no check for tokenId interval to confirm if the tokens actually exist
#265
code423n4
closed
1 year ago
2
`transferFrom` is used instead of `safeTransferFrom` for transfer of ERC721 tokens
#264
code423n4
closed
1 year ago
2
Owner can recover NFT at the start of a drawing
#263
code423n4
opened
1 year ago
6
QA Report
#262
code423n4
closed
1 year ago
1
Gas Optimizations
#261
code423n4
opened
1 year ago
2
Loss of subscription funds
#260
code423n4
closed
1 year ago
1
No admin control in defining minimum request confirmations (a security parameter)
#259
code423n4
closed
1 year ago
2
Previous
Next