code-423n4 2024-01-renft-findings issues

code-423n4 / 2024-01-renft-findings

2 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> 2 from #330 [1706782712600]

#651 c4-judge closed 9 months ago
2
Upgraded Q -> 2 from #297 [1706643369809]

#650 c4-judge closed 10 months ago
2
Upgraded Q -> 2 from #604 [1706642446852]

#649 c4-judge closed 10 months ago
2
Upgraded Q -> 2 from #537 [1706626639195]

#648 c4-judge closed 10 months ago
2
Upgraded Q -> 2 from #577 [1706477331231]

#646 c4-judge closed 10 months ago
2
Upgraded Q -> 2 from #536 [1706477317114]

#645 c4-judge closed 10 months ago
2
Upgraded Q -> 2 from #537 [1706477284703]

#644 c4-judge closed 10 months ago
2
Upgraded Q -> 2 from #290 [1706477248339]

#643 c4-judge closed 10 months ago
2
Upgraded Q -> 2 from #361 [1706477210703]

#642 c4-judge closed 9 months ago
4
Upgraded Q -> 2 from #321 [1706477178281]

#641 c4-judge closed 10 months ago
2
Upgraded Q -> 2 from #136 [1706477144923]

#640 c4-judge closed 10 months ago
2
Upgraded Q -> 2 from #145 [1706477090774]

#639 c4-judge closed 10 months ago
2
Blacklisted USDC Borrower Can Retain NFT Indefinitely

#638 c4-bot-9 closed 10 months ago
3
Use of selector can be missleading

#637 c4-bot-5 closed 10 months ago
2
Lack of Validation Parameters in _calculatePaymentProRata Function

#636 c4-bot-2 closed 10 months ago
6
Transfers may fail due to zero value amounts in pro-rata payment calculation, preventing rentals from being stopped

#635 c4-bot-2 closed 10 months ago
6
Renters can extend rental duration and hold lender's tokens hostage if ERC-777 is used as payment in a `PAY` order

#634 c4-bot-5 closed 10 months ago
5
Analysis

#633 c4-bot-4 opened 10 months ago
1
If the fulfiller is USDC blacklisted and the ERC20 payment is in USDC, the offerer cannot get their NFT back

#632 c4-bot-4 closed 10 months ago
2
Analysis

#631 c4-bot-4 opened 10 months ago
6
Renter can burn ERC721Burnable & ERC1155Burnable tokens

#630 c4-bot-4 closed 10 months ago
3
encodedData argument of OrderMetadata hashStruct is missing struct members which is not EIP712 compliant

#629 c4-bot-4 closed 10 months ago
3
Rented assets will be locked in safe forever if lender or renter is blacklisted by consideration token

#628 c4-bot-4 closed 10 months ago
2
Reclaimer contract may block asset recovery due to failed transfers

#627 c4-bot-4 closed 10 months ago
9
Any renter can prevent the lender from getting back their rented tokens

#626 c4-bot-10 closed 10 months ago
8
Renter can disable Reclaimer module, locking all rented assets in safe

#625 c4-bot-9 closed 10 months ago
4
generateSaltWithSender does not work correctly

#624 c4-bot-9 closed 10 months ago
1
Hooks will be called on `onTransaction` regardless of whether the lender specified them or not

#623 c4-bot-10 closed 10 months ago
6
Hooks required to succeed on both `onStart` and `onStop` may prevent rental termination

#622 c4-bot-1 closed 10 months ago
4
Guard can be completely bypassed via `setFallbackHandler()`

#621 c4-bot-5 closed 10 months ago
2
EIP-712 typehash is incorrect for `RentalOrder` and `RentPayload` structs

#620 c4-bot-4 closed 10 months ago
2
If a hook enabled by guard admin is then subsequently restricted or disabled (e.g. due to vulnerabilities), any existing rental order that uses the hook will be DOSsed and cannot be stopped

#619 c4-bot-1 closed 10 months ago
2
Front-Running Vulnerability in Deposit

#618 c4-bot-7 closed 10 months ago
2
Disabling a hook during rent prevents rental from being stopped

#617 c4-bot-10 closed 10 months ago
2
executor can change admin

#616 c4-bot-2 closed 10 months ago
8
Lender can DOS stopRent and prevent renter from getting reward

#615 c4-bot-4 closed 10 months ago
4
All orders can be hijacked to lock rental assets forever by tipping a malicious ERC20

#614 c4-bot-9 opened 10 months ago
5
`OrderMetadata` encoding breaks EIP-712 compliance

#613 c4-bot-7 closed 10 months ago
2
Long period self rents will block hook disabling

#612 c4-bot-8 closed 9 months ago
12
Attacker can rug all listed NFTs

#611 c4-bot-5 closed 10 months ago
2
Analysis

#610 c4-bot-8 opened 10 months ago
1
Gas Optimizations

#609 c4-bot-7 closed 10 months ago
0
Gas Optimizations

#608 c4-bot-2 opened 10 months ago
3
QA Report

#607 c4-bot-1 opened 10 months ago
2
Missing Revert Parameter in stopRent Function

#606 c4-bot-7 closed 10 months ago
2
`stopRent()` doesn't allow the lender to specify an address to receive the rental payment tokens at, leading to permanent freezal of rental if the lender's address was blacklisted in the token's blacklist.

#605 c4-bot-7 closed 10 months ago
3
QA Report

#604 c4-bot-6 opened 10 months ago
3
executeAction succeeds and emits an event for invalid actions

#603 c4-bot-6 closed 10 months ago
10
Only executor can change executor in Kernel

#602 c4-bot-2 closed 10 months ago
10
Gas Optimizations

#601 c4-bot-2 opened 10 months ago
3