code-423n4 2023-09-delegate-findings issues

code-423n4 / 2023-09-delegate-findings

2 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Tipping is not available for the protocol

#337 c4-submissions closed 1 year ago
1
Gas Optimizations

#336 c4-submissions closed 1 year ago
1
Lack of ERC1155 Token Balance Check in flashloan Smart Contract Function

#335 c4-submissions closed 1 year ago
2
"rights" stored in memory is overwriting the memory block storing "from"

#334 c4-submissions closed 1 year ago
2
Potentially user may lost his funds due to payable marker

#333 c4-submissions closed 1 year ago
6
Non-standart ERC20 tokens are not supported

#332 c4-submissions closed 1 year ago
2
Lack of access control lets anyone rescind any delegate token

#331 c4-submissions closed 1 year ago
3
The tokenType is concatenated rather than tightly integrated. An attacker could manipulate just the type byte of the hash.

#330 c4-submissions closed 1 year ago
1
Analysis

#329 c4-submissions closed 1 year ago
2
delegate ID could differ from the expected order hash if the order hash was manipulated

#328 c4-submissions closed 1 year ago
1
Gas Optimizations

#327 c4-submissions closed 1 year ago
1
A malicious `PrincipalToken` owner can call the `extend()` function through a front-running attack before transferring it to other users, causing the period to be extended, thereby locking other users' funds.

#326 c4-submissions closed 1 year ago
5
Analysis

#325 c4-submissions closed 1 year ago
2
QA Report

#324 c4-submissions closed 1 year ago
3
Function DelegateRegistry#sweep() send all native token to address(0)

#323 c4-submissions closed 1 year ago
5
There is a potential vulnerability with the nonce not incrementing as expected if there is an error or revert during the seaport flow

#322 c4-submissions closed 1 year ago
1
Unchecked token transfer

#321 c4-submissions closed 1 year ago
2
Not cleaning scratch space/memory after delegatecalls leads to the caller to work with "dirty" memory

#320 c4-submissions closed 1 year ago
1
Any user can withdraw a delegate token after expiration

#319 c4-submissions closed 1 year ago
5
The `DelegateToken.approve` function will directly overwrite the old user's approval, resulting in a loss of user rights

#318 c4-submissions closed 1 year ago
4
test

#317 c4-submissions closed 1 year ago
1
The `onlySeaport` is a single point of failure and a centralization risk

#316 c4-submissions closed 1 year ago
3
QA Report

#315 c4-submissions closed 1 year ago
2
The validateCreateOrderHash function is vulnerable to an incorrect token type being provided by the caller

#314 c4-submissions closed 1 year ago
1
To protect the contract in case of hacking or detection of incorrect operation, it is necessary to add pause and blacklist functions

#313 c4-submissions closed 1 year ago
1
QA Report

#312 c4-submissions closed 1 year ago
3
The owner of the PrincipalToken can redeem the asset from escrow before the selected time period expires

#311 c4-submissions closed 1 year ago
5
Use `_safeMint` function instead of `_mint` function to NFTs from being locked

#310 c4-submissions closed 1 year ago
3
An attacker can steal assets due to an incorrect revertInvalidWithdrawalConditions check in DelegateToken.withdraw()

#309 c4-submissions closed 1 year ago
4
An attacker can use the flashloan function with an invalid collateral asset

#308 c4-submissions closed 1 year ago
1
An attacker can use the flashloan() function without real collateral assets

#307 c4-submissions closed 1 year ago
1
Gas Optimizations

#306 c4-submissions closed 1 year ago
1
Analysis

#305 c4-submissions opened 1 year ago
2
Gas Optimizations

#304 c4-submissions closed 1 year ago
2
QA Report

#303 c4-submissions closed 1 year ago
2
A malicious contract could steal assets via a flash loan

#302 c4-submissions closed 1 year ago
1
User funds may be blocked if tokens with a transfer fee are used as the underlyingToken

#301 c4-submissions closed 1 year ago
2
Analysis

#300 c4-submissions closed 1 year ago
2
Failure to Return Value from Low-Level Call

#299 c4-submissions closed 1 year ago
2
QA Report

#298 c4-submissions closed 1 year ago
2
Use `safeTransferFrom()` instead of `transferFrom()` for outgoing erc721 transfers

#297 c4-submissions closed 1 year ago
3
Fee on transfer tokens will cause users to lose funds

#296 c4-submissions closed 1 year ago
2
Incompatibility with rebasing tokens

#295 c4-submissions closed 1 year ago
3
Delegate Token holders can continue to flashloan expected assets even after the expiry dates.

#294 c4-submissions closed 1 year ago
10
QA Report

#293 c4-submissions opened 1 year ago
7
It is possible to brute force salt values to get a desired delegate token ID in the DelegateToken contract.

#292 c4-submissions closed 1 year ago
1
QA Report

#291 c4-submissions closed 1 year ago
1
Gas Optimizations

#290 c4-submissions closed 1 year ago
2
Use _safeMint instead of _mint

#289 c4-submissions closed 1 year ago
1
Hardcoded Zero Address in sweep() Function

#288 c4-submissions closed 1 year ago
4

Previous Next