code-423n4 2024-02-ai-arena-findings issues

code-423n4 / 2024-02-ai-arena-findings

4 stars 3 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> 3 from #1355 [1709696350611]

#2046 c4-judge closed 6 months ago
6
Upgraded Q -> 3 from #1640 [1709696308218]

#2045 c4-judge closed 6 months ago
2
Upgraded Q -> 3 from #1931 [1709696231780]

#2044 c4-judge closed 6 months ago
2
Upgraded Q -> 3 from #1214 [1709615133380]

#2043 c4-judge closed 6 months ago
2
Upgraded Q -> 3 from #1661 [1709615006081]

#2042 c4-judge closed 6 months ago
2
Upgraded Q -> 3 from #2021 [1709614891758]

#2041 c4-judge closed 6 months ago
3
Loss of Precision in `claimableNRN` Calculations in `RankedBattle.sol`

#2040 c4-bot-8 closed 7 months ago
3
Analysis

#2039 c4-bot-8 closed 6 months ago
2
Check on transferability can be bypassed with safeBatchTransferFrom

#2038 c4-bot-8 closed 7 months ago
4
unrestricted fighter NFT transfer

#2037 c4-bot-8 closed 7 months ago
4
`claimFighters()` is susceptible to signature malleability issue

#2036 c4-bot-8 closed 7 months ago
4
Analysis

#2035 c4-bot-8 opened 7 months ago
3
Lock Persistence Issue for Fighters Losing All Stake in a Round

#2034 c4-bot-10 closed 7 months ago
7
Players can unfairly mint rare fighters

#2033 c4-bot-10 closed 7 months ago
6
Gas Optimizations

#2032 c4-bot-10 opened 7 months ago
3
Fighter rare attributes can be deterministically rerolled

#2031 c4-bot-5 closed 7 months ago
6
QA Report

#2030 c4-bot-6 closed 6 months ago
4
`Neuron::mint()` - L156: `MAX_SUPPLY` represents a valid max value, but `require(totalSupply() + amount < MAX_SUPPLY` check implies that its not. Should use `<=` instead.

#2029 c4-bot-6 closed 7 months ago
5
Analysis

#2028 c4-bot-5 opened 7 months ago
3
QA Report

#2027 c4-bot-6 closed 7 months ago
4
`safeTransfer()` with `data` not overridden

#2026 c4-bot-1 closed 7 months ago
3
Analysis

#2025 c4-bot-4 opened 7 months ago
2
QA Report

#2024 c4-bot-4 opened 7 months ago
12
Players can claim items beyond their daily allowance in `GameItems` contract

#2023 c4-bot-4 closed 7 months ago
4
Fighter rarity can be bruteforced to better results than other players

#2022 c4-bot-4 closed 7 months ago
6
QA Report

#2021 c4-bot-4 closed 6 months ago
3
Useless require in `pickWinner` allows for multiple picks by mistake.

#2020 c4-bot-4 closed 7 months ago
5
Allows player at the start of each round to generate a risk free position by setting [`accumulatedPointsPerFighter`](https://github.com/code-423n4/2024-02-ai-arena/blob/cd1a0e6d1b40168657d1aaee8223dc050e15f8cc/src/RankedBattle.sol#L479) greater than 0 by winning a few battles.

#2019 c4-bot-3 closed 7 months ago
4
QA Report

#2018 c4-bot-1 opened 7 months ago
7
Gas Optimizations

#2017 c4-bot-4 opened 7 months ago
3
Custom attribute parameter in `mintFromMergingPool` allows minting fighters outside designated range

#2016 c4-bot-4 closed 7 months ago
4
Frankenstein fighters can be created

#2015 c4-bot-2 closed 7 months ago
4
FighterFarm.sol::`claimFighters()` is vulnerable to signature replay attack

#2014 c4-bot-5 closed 7 months ago
3
Tokens/fighters may earn NRN rewards after being unstaked

#2013 c4-bot-7 closed 7 months ago
6
No validation for attributeProbabilities array value

#2012 c4-bot-3 closed 6 months ago
8
GameItems can always be transferred

#2011 c4-bot-2 closed 6 months ago
6
Same Address can participated at a same time to win the fighter.

#2010 c4-bot-2 closed 6 months ago
7
Exploiting Staking Factor Rounding Up and `curStakeAtRisk` Rounding Down with Minimal NRN Stake and Merging Pool Allocation

#2009 c4-bot-8 closed 7 months ago
4
Gas Optimizations

#2008 c4-bot-9 opened 7 months ago
3
There is no option for the admin team to modify the pricing of an in-game item and/or it's allowance depending on the game economy demands.

#2007 c4-bot-9 closed 7 months ago
3
Possible DoS in claimRewards due to out of gas

#2006 c4-bot-6 closed 7 months ago
5
Analysis

#2005 c4-bot-7 opened 7 months ago
2
MergingPool.pickWinner roundId check is always satisfied leading to potentially set incorrect data

#2004 c4-bot-10 opened 7 months ago
3
Incrementing the generation may lead to a DOS.

#2003 c4-bot-3 closed 7 months ago
3
wrong implementation in spendVoltage

#2002 c4-bot-3 closed 6 months ago
4
GameItems.setTokenUri not compliant with EIP-1155

#2001 c4-bot-10 opened 7 months ago
6
Transfering unstaked fighters can DoS game server calls to updateBattleRecord

#2000 c4-bot-10 closed 7 months ago
6
Fighters can be transferred whilst being staked and DoS game server calls to updateBattleRecord

#1999 c4-bot-9 closed 7 months ago
3
Missing validation of `customAttributes`

#1998 c4-bot-1 closed 7 months ago
3
Use Aeweave instead of IPFS

#1997 c4-bot-1 closed 6 months ago
5

Previous Next