code-423n4 2024-07-traitforge-findings issues

code-423n4 / 2024-07-traitforge-findings

2 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

A chain re-org would make a forger forge the wrong NFT and could even lose funds due to this

#1090 howlbot-integration[bot] closed 2 months ago
1
All entities will have 0 entropy

#1089 howlbot-integration[bot] closed 2 months ago
1
Upgraded Q -> 2 from #1076 [1725656589063]

#1088 c4-judge closed 2 months ago
2
Lack of mechanism to ensure all batches are initialized before entropy is used

#1087 howlbot-integration[bot] closed 2 months ago
3
Potential Uninitialized `entropySlots` Reading in `getNextEntropy`, Causing 0 Entropy Mint

#1086 howlbot-integration[bot] opened 2 months ago
7
NFT Token cannot be `nuked` even if `minimumDaysHeld` period has been passed.

#1085 howlbot-integration[bot] closed 2 months ago
2
User cannot nuke NFT after `minimumDaysHeld` if user `listNFTForSale` and `cancelListing` of NFT

#1084 howlbot-integration[bot] closed 2 months ago
2
Title Users can be temporary DOSed and unable to `nuke`

#1083 howlbot-integration[bot] closed 2 months ago
1
wrong contracts deployment, can lead to severe results where tokens has no entropy.

#1082 howlbot-integration[bot] closed 2 months ago
3
Nuking is broken for approved personnels

#1081 howlbot-integration[bot] closed 2 months ago
1
Upgraded Q -> 2 from #1076 [1725567784981]

#1080 c4-judge closed 2 months ago
2
Upgraded Q -> 2 from #1028 [1725566988368]

#1079 c4-judge closed 2 months ago
2
Funds can be locked indefinitely in NukeFund.sol

#1078 howlbot-integration[bot] opened 2 months ago
5
initializeAlphaIndices() can be overridden by writeEntropyBatch3()

#1077 howlbot-integration[bot] closed 2 months ago
2
QA Report

#1076 howlbot-integration[bot] closed 2 months ago
1
Upgraded Q -> 2 from #1067 [1725542893345]

#1075 c4-judge closed 2 months ago
3
Upgraded Q -> 2 from #1067 [1725542544973]

#1074 c4-judge closed 2 months ago
3
lastForgeResetTimestamp in EntityForging does activate when mint like what documentation stated

#1073 howlbot-integration[bot] closed 2 months ago
2
The `EntityForging.setTaxCut` function can be called to update the `taxCut` amount even when the `EntityForging` contract is paused thus incurring loss of funds on the `forgerOwner`

#1072 howlbot-integration[bot] closed 2 months ago
3
# Rounding Errors Cause DevFund Donations To Be Stolen By Owner

#1071 howlbot-integration[bot] closed 2 months ago
2
Forger Can Front Run, Relist Tokens And Claim Donations

#1070 howlbot-integration[bot] closed 2 months ago
2
Upgraded Q -> 2 from #32 [1725448114436]

#1069 c4-judge closed 2 months ago
3
`maxAllowedClaimAmount` for a given fund size may be exceeded in `nuke()`

#1068 howlbot-integration[bot] closed 2 months ago
2
QA Report

#1067 howlbot-integration[bot] closed 2 months ago
2
Setting max generation can be bypassed by forging

#1066 howlbot-integration[bot] closed 2 months ago
2
Wrong updation of lasttransferredtimestamp of an entity

#1065 howlbot-integration[bot] closed 2 months ago
7
Lingering token approvals in `EntityTrading` and `NukeFund` may lead to unauthorized transfers of NFTs

#1064 howlbot-integration[bot] closed 2 months ago
2
Incorrect checking for slot index in getEntropy() and getNextEntropy()

#1063 howlbot-integration[bot] closed 2 months ago
2
There is no mechanism to withdraw funds from NukeFund contract, this causes the remaining funds on NukeFund to be locked

#1062 howlbot-integration[bot] closed 2 months ago
3
It is possible for users who has claimed rewards and contribute it back to DevFund.sol to be unable to claim their portion of the funds

#1061 howlbot-integration[bot] closed 2 months ago
2
A dev will lose rewards if after claiming his rewards he mints an NFT

#1060 howlbot-integration[bot] opened 2 months ago
12
While loop can result in DoS due to high gas costs

#1059 howlbot-integration[bot] closed 2 months ago
2
User can lose on gas by calling mintWithBudget() if his budget is enough to lead to a transaction being out of gas

#1058 howlbot-integration[bot] closed 2 months ago
7
DoS vulnerability in EntityTrading::buyNFT and EntityForging::forgeWithListed functions because a contract that listed nft for sale or for forging might not accept ETH transfer

#1057 howlbot-integration[bot] closed 2 months ago
1
NFT seller could `grief buyer` when they call `buyNFT` by making the call revert when receiving funds

#1056 howlbot-integration[bot] closed 2 months ago
1
Potential Denial of Service (DoS) by Forger in the forgeWithListed()

#1055 howlbot-integration[bot] closed 2 months ago
1
Malicious NFT Owner who lists his NFT for forge, can DoS forging requested from Mergers

#1054 howlbot-integration[bot] closed 2 months ago
1
Forger NFT owner could `grief merger` when they call `forgeWithListed` by making the call revert when receiving funds

#1053 howlbot-integration[bot] closed 2 months ago
5
Miss slippage protection for amountMinted in mintWithBudget.

#1051 howlbot-integration[bot] closed 3 months ago
2
Lack of Slippage Protection in Dynamic Pricing Mint Function

#1050 howlbot-integration[bot] opened 3 months ago
4
Upgraded Q -> 2 from #107 [1724083523856]

#1049 c4-judge closed 3 months ago
1
Upgraded Q -> 2 from #191 [1724083427475]

#1048 c4-judge closed 3 months ago
4
Upgraded Q -> 2 from #201 [1724083404790]

#1047 c4-judge closed 3 months ago
3
Upgraded Q -> 2 from #1013 [1724082675544]

#1046 c4-judge closed 3 months ago
4
Upgraded Q -> 2 from #1014 [1724082614295]

#1045 c4-judge closed 3 months ago
5
Upgraded Q -> 2 from #1017 [1724082393626]

#1044 c4-judge closed 3 months ago
3
Upgraded Q -> 3 from #1020 [1724082189816]

#1043 c4-judge closed 3 months ago
2
Upgraded Q -> 2 from #1022 [1724081741665]

#1042 c4-judge closed 3 months ago
3
Upgraded Q -> 2 from #1023 [1724081645126]

#1041 c4-judge closed 3 months ago
1
Upgraded Q -> 2 from #1027 [1724081366853]

#1040 c4-judge closed 3 months ago
4