issues
search
sherlock-audit
/
2022-11-nounsdao-judging
4
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
yongkiws - withdraw() and cancel() opens just in case using nonReentrant or ReentrancyGuard
#79
sherlock-admin
closed
1 year ago
0
francoHacker - modifier
#78
sherlock-admin
closed
1 year ago
0
0x421f - After cancellation, there is no way for payer to recover streaming tokens sent by mistake
#77
sherlock-admin
closed
1 year ago
2
joestakey - `payer` cannot cancel if the `recipient` is blacklisted by `USDC`
#76
sherlock-admin
closed
1 year ago
0
Avci - bad actors can steal others' accidentally transferred tokens.
#75
sherlock-admin
closed
1 year ago
2
Ch_301 - `Recipient` is not guaranteed to receive all the `tokenAmount()`
#74
sherlock-admin
closed
1 year ago
0
peanuts - Potential Hash Collision in StreamFactory.salt and StreamFactory.encodeData
#73
sherlock-admin
closed
1 year ago
0
Avci - The attacker can create streams with fake token.
#72
sherlock-admin
closed
1 year ago
1
chainNue - `createStream` didn't check if time is already passed can result instant withdrawal for recipient
#71
sherlock-admin
closed
1 year ago
0
WATCHPUG - Unnecessary precision loss in `_recipientBalance()`
#70
sherlock-admin
opened
1 year ago
2
reassor - Stream contract formal verification with certora
#69
sherlock-admin
closed
1 year ago
0
hansfriese - Recipient can prevent the payer from the cancelation via DOS (ERC777)
#68
sherlock-admin
closed
1 year ago
0
WATCHPUG - `rescueERC20` should allow the payer to claw back overpaid amount
#67
sherlock-admin
closed
1 year ago
0
WATCHPUG - Lack of sanity check for `stoptime`
#66
sherlock-admin
opened
1 year ago
2
pashov - `Payer` can rug `recipient` if a special ERC20 is used
#65
sherlock-admin
closed
1 year ago
0
hansfriese - Anyone can fabricate the stream history
#64
sherlock-admin
closed
1 year ago
0
WATCHPUG - The rather harsh requirement of `tokenAmount` makes it inapplicable for certain tokens
#63
sherlock-admin
opened
1 year ago
2
pashov - Missing input validation can result in `Stream` `recipient` instantly receiving all tokens
#62
sherlock-admin
closed
1 year ago
0
hansfriese - rescueERC20() is not safe for tokens with multiple addresses
#61
sherlock-admin
closed
1 year ago
0
hansfriese - Protocol can become useless by malicious attackers through front-running
#60
sherlock-admin
closed
1 year ago
5
hihen - A malicious recipient may cheat the payer and can ensure to withdraw all tokens
#59
sherlock-admin
closed
1 year ago
0
dipp - Payer cannot recover overspent tokens sent to a stream without cancelling the stream
#58
sherlock-admin
closed
1 year ago
0
Deivitto - StreamFactory can be unable to createStreams neither initialize them
#57
sherlock-admin
closed
1 year ago
0
Koolex - Non-negligible precision loss for tokens that have small decimals
#56
sherlock-admin
closed
1 year ago
2
perseverancesuccess - [Gas Optimization] In Stream.sol can move The code segment L347-L351 to be before L335_L345 in the function _recipientBalance() to save gas
#55
sherlock-admin
closed
1 year ago
0
imare - token can get stuck inside ``Stream`` contract
#54
sherlock-admin
closed
1 year ago
2
reassor - Missing event emitting for function `Stream.rescueERC20`
#53
sherlock-admin
closed
1 year ago
0
DecorativePineapple - Two address tokens can be withdrawn by the payer even when the stream has began
#52
sherlock-admin
opened
1 year ago
2
keccak123 - Uneven ratePerSecond from precision loss
#51
sherlock-admin
closed
1 year ago
1
keccak123 - Missing address validation causes issues
#50
sherlock-admin
closed
1 year ago
1
keccak123 - createStream can use any address as sender
#49
sherlock-admin
closed
1 year ago
1
keccak123 - Stream never receives tokens from payer
#48
sherlock-admin
closed
1 year ago
1
KingNFT - The ````Stream```` contract is designed to receive ETH but not implement function for withdrawal
#47
sherlock-admin
opened
1 year ago
2
zimu - Public `createStream()` without restrictions allows spam of event `StreamCreated()`
#46
sherlock-admin
closed
1 year ago
0
zimu - It doesn't handle fee-on-transfer/deflationary tokens
#45
sherlock-admin
closed
1 year ago
1
yongkiws - `Withdraw` and `Cancel` time can be circumvented _recipientBalance()
#44
sherlock-admin
closed
1 year ago
2
HonorLt - Max duration and end time
#43
sherlock-admin
closed
1 year ago
1
HonorLt - Funding and cancel race condition
#42
sherlock-admin
closed
1 year ago
0
Zarf - Recipient is not entitled to any funds if the fund amount is too small
#41
sherlock-admin
closed
1 year ago
0
Zarf - Payer’s funds might be permanently locked in certain cases
#40
sherlock-admin
closed
1 year ago
0
zimu - `RATE_DECIMALS_MULTIPLIER * tokenAmount() / duration` in unchecked block of `ratePerSecond()` can overflow
#39
sherlock-admin
closed
1 year ago
0
Koolex - The stream recipient can prevent the payer from cancelling the stream
#38
sherlock-admin
closed
1 year ago
5
cccz - If the recipient is added to the USDC blacklist, then cancel() does not work
#37
sherlock-admin
opened
1 year ago
2
cccz - When the tokens sent by the payer to the stream are greater than tokenAmount, the excess tokens can only be withdrawn by calling cancel()
#36
sherlock-admin
closed
1 year ago
0
jonatascm - Lack of validation of `startTime` and `stopTime` when creating new Stream
#35
sherlock-admin
closed
1 year ago
0
0xSmartContract - Cross-chain replay attacks are possible with `createStream()`
#34
sherlock-admin
closed
1 year ago
1
0xSmartContract - Vulnerability related to 'Optimizer Bug Regarding Memory Side Effects of Inline Assembly’
#33
sherlock-admin
closed
1 year ago
1
ctf_sec - The caller can set start and stop timestamp far away from the current timestamp to let recipient never receive the token or set start and stop timestamp to past timestamp to game the recipient
#32
sherlock-admin
closed
1 year ago
0
adriro - Allow payer to recover tokens sent in excess
#31
sherlock-admin
closed
1 year ago
0
adriro - `balanceOf` will return an incorrect amount if stream is unfunded or partially funded
#30
sherlock-admin
closed
1 year ago
0
Next