issues
search
code-423n4
/
2023-01-rabbithole-findings
1
stars
2
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Users may mint receipts before Quest has started, if there is none or faulty off-chain validation
#656
code423n4
opened
1 year ago
3
Owner can stop user from claiming rewards in the `Erc1155Quest`
#655
code423n4
closed
1 year ago
5
QA Report
#654
code423n4
opened
1 year ago
3
QA Report
#653
code423n4
opened
1 year ago
2
Gas Optimizations
#652
code423n4
closed
1 year ago
1
Unlike `questFee_` , `royaltyFee_` is missing Upper Limit
#651
code423n4
opened
1 year ago
3
Gas Optimizations
#650
code423n4
opened
1 year ago
1
Immutable varibles should be checked to there default values
#649
code423n4
closed
1 year ago
4
QA Report
#648
code423n4
opened
1 year ago
2
Gas Optimizations
#647
code423n4
opened
1 year ago
3
Gas Optimizations
#646
code423n4
closed
1 year ago
1
TEST
#645
code423n4
closed
1 year ago
0
Gas Optimizations
#644
code423n4
opened
1 year ago
1
QA Report
#643
code423n4
opened
1 year ago
3
QA Report
#642
code423n4
opened
1 year ago
2
QA Report
#641
code423n4
opened
1 year ago
4
Gas Optimizations
#640
code423n4
opened
1 year ago
1
`hash` and `signature_` can be obtained from the mempool when `recoverSigner` is executed
#639
code423n4
closed
1 year ago
1
withdrawRemainingTokens in Erc20Quest could be called several times by the owner, allowing him to withdraw part of the non-claimable tokens
#638
code423n4
closed
1 year ago
4
Gas Optimizations
#637
code423n4
opened
1 year ago
1
Modifier onlyMinter() implementation is faulty
#636
code423n4
closed
1 year ago
2
Royalty logic might result in DoS with certain marketplaces
#635
code423n4
opened
1 year ago
3
Incase a malicious attack occurs and the quest is paused, the owner won't be able to withdraw some of his tokens back.
#634
code423n4
opened
1 year ago
7
`claim` can run out of gas
#633
code423n4
closed
1 year ago
2
Quest owner can withdraw the reward for unclaimed receipt.
#632
code423n4
closed
1 year ago
5
In ERC1155 quests the owner withdraws all of the remaining tokens even for the unclaimed receipts. Leaving users who didn't claim their receipts before the quest end time unable to claim rewards.
#631
code423n4
closed
1 year ago
5
Incompatibility with Rebasing or Deflationary or Inflationary Tokens
#630
code423n4
opened
1 year ago
8
`mintReceipt` might mint NFT's even if the signature is not valid.
#629
code423n4
closed
1 year ago
2
Gas Optimizations
#628
code423n4
opened
1 year ago
1
Wrongly implemented modifier allow everybody to mint Rabbit Hole tickets.
#627
code423n4
closed
1 year ago
2
Any user is able to mint a new `receipt/ticket` tokens
#626
code423n4
closed
1 year ago
2
TEST
#625
code423n4
closed
1 year ago
1
Wrongly implemented modifier allow anybody to mint receipts.
#624
code423n4
closed
1 year ago
2
Malicious user can send the quest reward tokens to the protocol fee contract preventing users from claiming their rewards.
#623
code423n4
closed
1 year ago
2
`OwnableUpgradeable` uses single-step ownership transfer
#622
code423n4
closed
1 year ago
3
QA Report
#621
code423n4
opened
1 year ago
2
`mintReceipt` is vulnerable for cross-chain and cross-contract attacks
#620
code423n4
closed
1 year ago
2
QA Report
#619
code423n4
opened
1 year ago
4
QA Report
#618
code423n4
closed
1 year ago
1
Minting can be called by anyone
#617
code423n4
closed
1 year ago
2
Gas Optimizations
#616
code423n4
opened
1 year ago
1
QA Report
#615
code423n4
opened
1 year ago
3
ERC1155 Quest allows for arbitrary rewardToken
#614
code423n4
closed
1 year ago
5
Add domain separator for preventing multiple chain attack
#613
code423n4
closed
1 year ago
2
QA Report
#612
code423n4
opened
1 year ago
2
Users can be tricked with claimed receipt tokens - Receipts can be claimed via flash loans
#611
code423n4
closed
1 year ago
2
QA Report
#610
code423n4
closed
1 year ago
1
Protocol fee recipient address is copied into `Erc20Quest` contract
#609
code423n4
closed
1 year ago
3
Bad implementation in minter access control for `RabbitHoleReceipt` and `RabbitHoleTickets` contracts
#608
code423n4
opened
1 year ago
5
Changing the `RabbitHoleReceipt` contract in the `QuestFactory` will break rewards for existing quests
#607
code423n4
closed
1 year ago
3
Previous
Next