code-423n4 2024-01-renft-findings issues

code-423n4 / 2024-01-renft-findings

2 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

A malicious lender can freeze borrower's ERC1155 tokens indefinitely because the guard can't differentiate between rented and non-rented ERC1155 tokens in the borrower's safe.

#600 c4-bot-6 opened 10 months ago
16
QA Report

#599 c4-bot-3 closed 10 months ago
1
Gas Optimizations

#598 c4-bot-8 closed 10 months ago
1
Gas Optimizations

#597 c4-bot-8 closed 10 months ago
0
Mishandling of double-entry tokens in `skim()` function in `PaymentEscrow` causes permanent freezal of rentals and/or hijacking of all double-entry tokens in the `PaymentEscrow` by an attacker

#596 c4-bot-5 closed 10 months ago
11
Modules and Policies remain active in old Kernel mappings after migration

#595 c4-bot-3 closed 10 months ago
4
Some Real World Nft Those Support Both ERC721 and ERC1155 Will Incompactible With Current Code Structure.

#594 c4-bot-8 closed 10 months ago
12
An attacker is able to hijack any ERC721 / ERC1155 he borrows because guard is missing validation on the address supplied to function call `setFallbackHandler()`

#593 c4-bot-2 opened 10 months ago
7
There is no max fee threshold, the protocol devs could set the fee to the full 10000 ensuring no amount is sent to the user

#592 c4-bot-2 closed 10 months ago
2
Attacker can temporarily DOS safe creation for other users

#591 c4-bot-2 closed 10 months ago
4
Gas Optimizations

#590 c4-bot-5 closed 10 months ago
1
Reentrancy in stopRent Function

#589 c4-bot-5 closed 10 months ago
3
An attacker can hijack any ERC1155 token he rents due to a design issue in reNFT via reentrancy exploitation

#588 c4-bot-1 opened 10 months ago
20
A malicious borrower can hijack any NFT with `permit()` function he rents.

#587 c4-bot-3 opened 10 months ago
44
QA Report

#586 c4-bot-3 closed 10 months ago
1
Real-world NFT tokens may support both ERC721 and ERC1155 standards

#585 c4-bot-5 closed 10 months ago
3
Guard doesn't check for `burn(address,uint256,uint256)` function selector in ERC1155 tokens allowing an attacker to burn ERC1155 tokens after renting and utilizing them for some time.

#584 c4-bot-7 closed 10 months ago
3
When stopping a rental malicious user can steal tokens from another renter's rental safe

#583 c4-bot-6 closed 10 months ago
6
Analysis

#582 c4-bot-3 opened 10 months ago
3
Guard doesn't check for `burn(uint256)` function selector in ERC721 tokens allowing an attacker to burn NFTs after renting and utilizing them for some time.

#581 c4-bot-9 closed 10 months ago
3
Gas Optimizations

#580 c4-bot-2 opened 10 months ago
3
Analysis

#579 c4-bot-9 closed 10 months ago
1
QA Report

#578 c4-bot-10 closed 10 months ago
1
QA Report

#577 c4-bot-4 opened 10 months ago
2
Rental safes can call Guard.checkTransaction directly to execute hooks with arbitrary params

#576 c4-bot-4 closed 10 months ago
4
Analysis

#575 c4-bot-9 closed 10 months ago
1
Gas Optimizations

#574 c4-bot-3 closed 10 months ago
1
Kernel does not implement a 2 step process for updating the executor and admin addresses

#573 c4-bot-2 closed 10 months ago
2
Gas Optimizations

#572 c4-bot-2 opened 10 months ago
3
Memory Overflow in addRentals Function

#571 c4-bot-5 closed 10 months ago
2
Gas Optimizations

#570 c4-bot-7 opened 10 months ago
3
Gas Optimizations

#569 c4-bot-7 opened 10 months ago
3
Lack of Contract Verification in updateHookPath Function

#568 c4-bot-7 closed 10 months ago
2
A SINGLE MALICOUS LENDER CAN REVERT THE `Stop.stopRentBatch` TRANSACTION INSIDE THE `onERC721Received` HOOK WHILE RECEIVING THE `ERC721` TOKENS BACK

#567 c4-bot-7 closed 10 months ago
4
The return value of an external call is not stored in a local or state variable.

#566 c4-bot-7 closed 10 months ago
3
Incorrect `gnosis_safe_disable_module_offset` constant leads to removing the rental safe's `module` without verification

#565 c4-bot-7 opened 10 months ago
18
Lack of Input Validation in Functions addRentals, removeRentals, and removeRentalsBatch

#564 c4-bot-8 closed 10 months ago
2
QA Report

#563 c4-bot-3 closed 10 months ago
1
_emitRentalOrderStopped emits wrong seaport order hashes for stopping multiple rentals

#562 c4-bot-8 closed 10 months ago
7
Analysis

#561 c4-bot-4 opened 10 months ago
1
Gas Optimizations

#560 c4-bot-8 opened 10 months ago
5
Manipulating the `rentalWallet` param to permanently brick the victim's rental order and tricking arbitrary `Hook` contracts into consuming malicious data

#559 c4-bot-10 closed 10 months ago
7
Wrong assumption that the same hook is reNFT-approved to execute on rental `start` and `stop`.

#558 c4-bot-4 closed 10 months ago
2
reNFT Protocol is not EIP712 compliant (See coded POC)

#557 c4-bot-8 closed 10 months ago
6
Gas Optimizations

#556 c4-bot-6 closed 10 months ago
1
REENTRANCY: Malicious user can steal all the funds in escrow if settlePayment() is called repeatedly for an active Base order.

#555 c4-bot-6 closed 10 months ago
9
Gas Optimizations

#554 c4-bot-9 opened 10 months ago
3
deployRentalSafe(...) could be DOSed

#553 c4-bot-2 closed 10 months ago
4
Malicious Lender can create a PAY order that does not settle to the renter

#552 c4-bot-2 closed 10 months ago
7
Disabling Hooks leads to DoS issue on rental stop transactions

#551 c4-bot-2 closed 10 months ago
2

Previous Next