code-423n4 2023-07-lens-findings issues

code-423n4 / 2023-07-lens-findings

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

User NFT Not Re-Minted After Migration Causing User Confusion

#91 code423n4 closed 1 year ago
3
Improper Handling of Approvals with TOKEN GUARDIAN can lead to unauthorized token transfers

#90 code423n4 closed 1 year ago
7
Failure to Unfollow a Wrapped Token for a Current Follower

#89 code423n4 closed 1 year ago
8
follow still exist even profile burned

#88 code423n4 closed 1 year ago
4
Front-Running Vulnerability in LensHub.sol's commentWithSig and quoteWithSig Functions

#87 code423n4 closed 1 year ago
2
Collect modules can fail on zero amount transfers if treasury fee is set to zero

#86 code423n4 closed 1 year ago
4
DOS: setProfileMetadataURIWithSig can be front run with setProfileImageURIWithSig

#85 code423n4 closed 1 year ago
5
wrap after unfollow is enabled

#84 code423n4 closed 1 year ago
4
user should not be able to follow people he blocked

#83 code423n4 closed 1 year ago
4
Potential Multiple Enabling of Action Modules In PublicationLib Contract

#82 code423n4 closed 1 year ago
3
Incorrect Signature Validation in LensHub Contract

#81 code423n4 closed 1 year ago
2
QA Report

#80 code423n4 closed 1 year ago
1
Unauthorized Profile "Follow" Operation Bug

#79 code423n4 closed 1 year ago
6
Users can avoid blocking by making calling _followWithWrappedToken themselves or make an approval to another followerProfileId

#78 code423n4 closed 1 year ago
5
setBlockStatus() can revert due to gas limit DOS if u want to block too many handles at once

#77 code423n4 closed 1 year ago
4
Rightfully users got DOS some functions in FollowNFT

#76 code423n4 opened 1 year ago
5
Blocked users can comment/quote/mirror indirectly on blocker's post

#75 code423n4 closed 1 year ago
5
Blocked users can comment/quote/mirror indirectly on blocker's post

#74 code423n4 closed 1 year ago
1
LegacyCollectNFT#initialize and FollowNFT#initialize will fail because _initialized is set to true in the constructor

#73 code423n4 closed 1 year ago
4
QA Report

#72 code423n4 opened 1 year ago
1
Gas Optimizations

#71 code423n4 closed 1 year ago
1
tryMigrate() has onlyHub modifier but it's called from LensV2Migration

#70 code423n4 closed 1 year ago
3
Use Safer Functions to Transfer NFT

#69 code423n4 closed 1 year ago
4
Unchecked Call Return Value of ERC20 Functions

#68 code423n4 closed 1 year ago
7
Unauthenticated Access of withdrawToTreasury Makes _distributeFees Not Work

#67 code423n4 closed 1 year ago
3
Function initialize Not Work

#66 code423n4 closed 1 year ago
2
Lack of Preventing Multiple Follows to the Same Profile ID

#65 code423n4 closed 1 year ago
6
Signature doesn't include chain id resulting in possible replay attack scenario

#64 code423n4 closed 1 year ago
4
QA Report

#63 code423n4 opened 1 year ago
1
The return value of ```functionDelegateCall(data)``` does not have any impact changes on the contract

#62 code423n4 closed 1 year ago
4
LensHandle._hasTokenGuardianEnabled HAS STRICT EQUALITY THAT CAN BE MANIPULATED BY ATTACKERS

#61 code423n4 closed 1 year ago
5
A user can perform ```SelfFollow``` during migration

#60 code423n4 closed 1 year ago
3
The user can switch to the config that holds the delegatedExecutors state that he didn't approve

#59 code423n4 closed 1 year ago
4
User can potentially bypass the processFollow call during the migration process and follow users for free

#58 code423n4 closed 1 year ago
1
User can use an address as a referrer that he has been blocked by

#57 code423n4 closed 1 year ago
4
Not all profiles can be migrated to V2 profile

#56 code423n4 closed 1 year ago
5
QA Report

#55 code423n4 opened 1 year ago
1
Unrestricted Access to setRoyalty Function

#54 code423n4 closed 1 year ago
3
Potential Fraudulent Signature Validation in _validateRecoveredAddress Function

#53 code423n4 closed 1 year ago
4
Potential Signature Malleability in _validateRecoveredAddress Function

#52 code423n4 closed 1 year ago
4
LensHub `_actionModuleWhitelistedId` storage interpretation after upgrade from v1.3 -> v2.0

#51 code423n4 closed 1 year ago
4
Bypassing onlyEOA Modifier and Unprotected Access to getTokenGuardianDisablingTimestamp

#50 code423n4 opened 1 year ago
4
Case Insensitivity in _isAlphaNumeric Function

#49 code423n4 closed 1 year ago
4
QA Report

#48 code423n4 opened 1 year ago
1
Gas Optimizations

#47 code423n4 closed 1 year ago
1
QA Report

#46 code423n4 opened 1 year ago
1
Anyone can initialize `LensHubInitializable` if `REVISION` is increased

#45 code423n4 closed 1 year ago
3
Gas Optimizations

#44 code423n4 closed 1 year ago
1
Analysis

#43 code423n4 closed 1 year ago
1
Gas Optimizations

#42 code423n4 closed 1 year ago
1

Previous Next