sherlock-audit 2022-10-nftport-judging issues

sherlock-audit / 2022-10-nftport-judging

1 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

keccak123 - Operator can change own role bypassing require

#131 sherlock-admin closed 1 year ago
4
keccak123 - Deployment fee is never paid

#130 sherlock-admin closed 1 year ago
1
Sm4rty - No Upper limit or Lower limit for setting new deployment and call fees in factory contract.

#129 sherlock-admin closed 1 year ago
0
Chom - NFT minting both public and presale doesn't have ending time check

#128 sherlock-admin closed 1 year ago
0
minhquanym - User can use the same signature to deploy and call on different chain

#127 sherlock-admin closed 1 year ago
0
Chom - Public sales may be attacked by bots if the price is zero

#126 sherlock-admin closed 1 year ago
1
0xheynacho - <ARRAY>.LENGTH SHOULD NOT BE LOOKED UP IN EVERY LOOP OF A FOR-LOOP and Increments can be unchecked for Gas Optimizations

#125 sherlock-admin closed 1 year ago
0
minhquanym - User can deploy and call multiple times with the same signature

#124 sherlock-admin closed 1 year ago
0
0xheynacho - ABI.ENCODEPACKED() SHOULD NOT BE USED WITH DYNAMIC TYPES WHEN PASSING THE RESULT TO A HASH FUNCTION SUCH AS KECCAK256() Use abi.encode() instead which will pad items to 32 bytes, which will prevent hash collisions

#123 sherlock-admin closed 1 year ago
0
cryptphi - Improper implementation of IERC2981 in ERC2981.sol

#122 sherlock-admin closed 1 year ago
0
ak1 - Lack of validation check for runtimeConfig durnng initialization in ERC721NFTProduct and ERC1155NFTProduct contracts.

#121 sherlock-admin closed 1 year ago
0
Chom - Presale minting may not be able to mint the amount that they should be

#120 sherlock-admin closed 1 year ago
0
Chom - Presale minting can't have a different whitelisted amount for different people

#119 sherlock-admin closed 1 year ago
1
keccak123 - `abi.encodePacked` Allows Hash Collision

#118 sherlock-admin opened 1 year ago
3
cryptphi - Malicious Operator can revoke Operator for all other known operators

#117 sherlock-admin closed 1 year ago
0
ak1 - NFTCollection.sol : Absence of validation check for ownership during the transfer ownership

#116 sherlock-admin closed 1 year ago
0
ak1 - NFTCollection.sol : Lack of validation for runtime configuration when initialize is dangerous.

#115 sherlock-admin closed 1 year ago
0
sorrynotsorry - Compromised admin address

#114 sherlock-admin closed 1 year ago
0
Dravee - `UPDATE_CONTRACT_ROLE` users can't call `update()`. They need to be admins too.

#113 sherlock-admin closed 1 year ago
0
cryptphi - Possible token Total Supply mismatch in ERC1155NFTProduct

#112 sherlock-admin closed 1 year ago
3
sorrynotsorry - No fee validation

#111 sherlock-admin closed 1 year ago
1
cryptphi - Re-entrancy issue in ERC1155NFTProduct contract's mintByOwner function

#110 sherlock-admin closed 1 year ago
4
0xNazgul - [NAZ-M4] User's May Accidentally Overpay

#109 sherlock-admin closed 1 year ago
0
0xNazgul - [NAZ-M3] Value Range Validity for Fee Setters

#108 sherlock-admin closed 1 year ago
0
0xNazgul - `MINTER_ROLE` Can Be Granted By The Deployer and Mint Arbitrary Amount of Tokens

#107 sherlock-admin closed 1 year ago
1
ak1 - Factory.sol : Issue with arbitrary data as signature in signature based call and deploy methods.

#106 sherlock-admin opened 1 year ago
2
sorrynotsorry - Eth sent more than the required fees will remain in contract.

#105 sherlock-admin closed 1 year ago
0
Dravee - No validation for royalties in `ERC721NFTProduct` and `ERC1155NFTProduct`

#104 sherlock-admin closed 1 year ago
0
0xNazgul - [NAZ-M2] `ADMIN_ROLE` Can Be Granted By The Deployer and Can Lose Collected Fees

#103 sherlock-admin closed 1 year ago
0
Dravee - `NFTCollection.sol`: Initial Royalties can be over 100%

#102 sherlock-admin closed 1 year ago
0
cryptphi - Re-entrancy issue in ERC721NFTProduct mintToCaller function

#101 sherlock-admin closed 1 year ago
4
Dravee - Admin can DOS with fees

#100 sherlock-admin closed 1 year ago
0
cryptphi - Frontrunning and Access Control Issue on initialize() functions

#99 sherlock-admin closed 1 year ago
0
cccz - NFTCollection: No limit on royaltiesBps

#98 sherlock-admin closed 1 year ago
0
Dravee - Setting the wrong Solidity deployment version could introduce vulnerabilities

#97 sherlock-admin closed 1 year ago
3
0x0 - `UPDATE_CONTRACT_ROLE` Unable To Revoke NFT Port Permissions (721)

#96 sherlock-admin closed 1 year ago
0
cccz - The supply of NFT for each tokenID in ERC1155NFTProduct cannot be modified after the first minting

#95 sherlock-admin opened 1 year ago
1
0x0 - Admin Cannot Burn Tokens Owned By `_owner` (721)

#94 sherlock-admin closed 1 year ago
0
0x0 - Admin Cannot Call `transferByOwner` (721)

#93 sherlock-admin closed 1 year ago
0
cccz - The upgradeable abstract contract(GranularRoles.sol) should add storage gaps

#92 sherlock-admin closed 1 year ago
0
0x0 - Admin Cannot Update Token URI (721)

#91 sherlock-admin closed 1 year ago
1
cccz - Burned NFTs can be reminted

#90 sherlock-admin closed 1 year ago
1
cccz - Excess ETH not refunded

#89 sherlock-admin closed 1 year ago
1
GimelSec - `ERC1155NFTProduct` does not support full functionality of `ERC1155`

#88 sherlock-admin closed 1 year ago
1
GimelSec - `NFTCollection` inherits non-upgradeable contracts

#87 sherlock-admin closed 1 year ago
7
GimelSec - Corruptible upgrade patterns in `ERC721NFTProduct.sol` and `ERC1155NFTProduct.sol`

#86 sherlock-admin closed 1 year ago
1
GimelSec - Attackers can bypass `tokensPerMint` and mint lots of tokens in a transaction

#85 sherlock-admin opened 1 year ago
3
GimelSec - `Factory.sol` lacks methods to revoke signatures

#84 sherlock-admin closed 1 year ago
1
GimelSec - Template implementations doesn't validate configurations properly

#83 sherlock-admin opened 1 year ago
2
GimelSec - Should prevent users from sending more fees than required in `Factory.sol`

#82 sherlock-admin closed 1 year ago
0