issues
search
code-423n4
/
2023-07-lens-findings
0
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
EIP-712 typehash is incorrect for several functions in `MetaTxLib`
#141
code423n4
opened
1 year ago
6
`_hashActionModulesInitDatas()` doesn't encode `bytes` array according to EIP-712
#140
code423n4
closed
1 year ago
7
Precomputed `LENS_HUB_CACHED_POLYGON_DOMAIN_SEPARATOR` will become incorrect if Polygon hard forks
#139
code423n4
opened
1 year ago
4
`transactionExecutor` is incorrectly set to relayer instead of signer in `setFollowModuleWithSig()`
#138
code423n4
opened
1 year ago
6
`_getReceiver()` will revert for burnt profiles due to use of `ownerOf()`
#137
code423n4
opened
1 year ago
4
Token guardian protection doesn't account for approved operators in `approve()`
#136
code423n4
opened
1 year ago
3
rollbackLastUpgrade: function Rollback address can be the same as current address breaking the rollback functionality
#135
code423n4
closed
1 year ago
4
`LensBaseERC721.sol` does not implement `_safeMint()` and the case where `_safeMint()` should be used rather than `_mint()` wherever possible is missed by bot.
#134
code423n4
closed
1 year ago
8
The initialize function will not be callable even once in the FollowNFT contract
#133
code423n4
closed
1 year ago
2
Signature Malleability in `MetaTxLib.sol`
#132
code423n4
closed
1 year ago
3
In `LensBaseERC721.sol#_transfer()` Lack of check `from==to`
#131
code423n4
closed
1 year ago
7
QA Report
#130
code423n4
opened
1 year ago
0
Incorrect Incrementation of Follower Count in _replaceFollower Function
#129
code423n4
closed
1 year ago
3
QA Report
#128
code423n4
closed
1 year ago
2
QA Report
#127
code423n4
closed
1 year ago
0
QA Report
#126
code423n4
closed
1 year ago
0
QA Report
#125
code423n4
opened
1 year ago
4
Anyone can burn/steal other users' wrapped follow NFTs
#124
code423n4
closed
1 year ago
3
processBlock() function forcibly wrapping a follow NFT could lock it without the owner's consent
#123
code423n4
closed
1 year ago
4
Profile owner can set royalties on a follow NFT they don't own.
#122
code423n4
closed
1 year ago
6
no __gap variable in contracts marked upgradeable as seen in Lens V2 Social Layer Architecture diagram
#121
code423n4
closed
1 year ago
6
The `initialize()` function in multiple contracts can be front-run
#120
code423n4
closed
1 year ago
6
Anyone can permanently disable the token guardian for their wallet by calling this one DANGER__disableTokenGuardian function
#119
code423n4
closed
1 year ago
4
The owner can call _upgrade directly, skipping executeLensV2Upgrade.
#118
code423n4
closed
1 year ago
3
A single profile can follow multiple times by utilizing FollowNFT#tryMigrate
#117
code423n4
closed
1 year ago
2
The user who is about to be followed will frontrun a follower with a `LensHub#setFollowModule` call to steal from them.
#116
code423n4
closed
1 year ago
8
QA Report
#115
code423n4
opened
1 year ago
0
If follower follows by inputting an existing tokenId, he can be removed at anytime by the holder of that tokenId
#114
code423n4
closed
1 year ago
4
Weak Conditional Statements which gives Room for Unauthorize Execution of unfollow() and _followWithWrappedToken() by an attacker
#113
code423n4
closed
1 year ago
3
Adversary can force any profile to follow a profile by sending followNFT to address that owns the profile and calling `LensV2Migration#batchMigrateFollows`
#112
code423n4
closed
1 year ago
21
Unbound length of referrers may lead to DOS of publication actions and modules
#111
code423n4
opened
1 year ago
5
Lack of the limitation how many profileIds/followerProfileIds can be assigned into the `profileIds`/`followerProfileIds` array parameter at once, the transaction will be reverted due to reaching the gas limit in the while-loop
#110
code423n4
closed
1 year ago
2
QA Report
#109
code423n4
opened
1 year ago
1
Missing pause modifier on important `LensV2Migration` and `FollowNFT` functions
#108
code423n4
closed
1 year ago
12
Implementation error of EIP-712 due to wrong Typehash can lead to tx reverts
#107
code423n4
closed
1 year ago
4
Users can self-follow via `FollowNFT::tryMigrate()` on Lens V2
#106
code423n4
opened
1 year ago
6
Lens Handles from v1 can be minted by other users on v2 before they are migrated to their corresponding owner
#105
code423n4
closed
1 year ago
2
Users can make any user follow them via `FollowNFT::tryMigrate()` without their consent
#104
code423n4
opened
1 year ago
5
Privacy Violation: Unauthorized Access to Blocking Status of Profiles
#103
code423n4
closed
1 year ago
4
Inability of Followers and Followees to Commenting
#102
code423n4
closed
1 year ago
4
unfollow() functionality allows the owner to reserve the tokenId but not follow the owner of the FollowNFT collection
#101
code423n4
closed
1 year ago
4
Due to rounding down, treasury may not receive fee in FeeFollowModule.processFollow
#100
code423n4
closed
1 year ago
5
SimpleFeeCollectModule/MultirecipientFeeCollectModule should be able to modify the recipient receiving the fee
#99
code423n4
closed
1 year ago
3
SeaDropMintPublicationAction._distributeFees may miscalculate the fee allocated to treasury in some cases
#98
code423n4
closed
1 year ago
4
SeaDropMintPublicationAction._distributeFees will revert due to division by zero
#97
code423n4
closed
1 year ago
3
QA Report
#96
code423n4
opened
1 year ago
2
QA Report
#95
code423n4
closed
1 year ago
1
Missing owner check on from when transferring tokens
#94
code423n4
closed
1 year ago
4
removeFollower() function decreases the functionality provided by the approve() function due to centralization risk
#93
code423n4
closed
1 year ago
6
Analysis
#92
code423n4
closed
1 year ago
1
Previous
Next