issues
search
sherlock-audit
/
2022-11-telcoin-judging
0
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Deivitto - SimplePlugin and StakingModule ERC20 Tokens with fee on transfer are not supported
#101
sherlock-admin
closed
1 year ago
0
hyh - Out of gas with the nested loop across all plugins
#100
sherlock-admin
closed
1 year ago
1
0xheynacho - Unsafe ERC20 Operation
#99
sherlock-admin
closed
1 year ago
0
eierina - ERC20 Transfer/approve errors may go unnoticed
#98
sherlock-admin
closed
1 year ago
0
hyh - FeeBuyback's submit can lose funds if used with zero addresses, which is allowed
#97
sherlock-admin
closed
1 year ago
6
Deivitto - ERC20 transfer / transferFrom with not checked return value
#96
sherlock-admin
closed
1 year ago
0
Deivitto - Use of `transfer()` instead of `call()` to send eth
#95
sherlock-admin
closed
1 year ago
0
hyh - Unsafe underlying token transfer in FeeBuyback
#94
sherlock-admin
closed
1 year ago
1
Deivitto - Single-step process for critical ownership transfer/renounce is risky
#93
sherlock-admin
closed
1 year ago
0
Deivitto - Front run initializer
#92
sherlock-admin
closed
1 year ago
0
Deivitto - ERC20 `approve` can fail for some tokens
#91
sherlock-admin
closed
1 year ago
0
Deivitto - Missing check of `0x0` in initialize for `tel`
#90
sherlock-admin
closed
1 year ago
0
hyh - There is no delay in executorship's propose/accept logic
#89
sherlock-admin
closed
1 year ago
1
Chandr - addPlugin() shold check, that added contract is plugin
#88
sherlock-admin
closed
1 year ago
0
zimu - Function rescueERC20 can be exploited to acquire the owner power
#87
sherlock-admin
closed
1 year ago
0
WATCHPUG - `claimFromIndividualPlugin()` may endup claiming the reward from a different plugin with wrong `auxData` when the index as changed due to `removePlugin()`
#86
sherlock-admin
closed
1 year ago
7
ak1 - StakingModule.sol#L420 : `removePlugin` should check whether the plugin has any valid claim
#85
sherlock-admin
closed
1 year ago
0
WATCHPUG - `claimAndExitFor()` can be used by malicious admin with `RECOVERY_ROLE` to steal funds from the users' accounts
#84
sherlock-admin
closed
1 year ago
1
WATCHPUG - Flashloan `TEL` tokens to stake and exit in the same block can fake a huge amount of stake with minimal material cost
#83
sherlock-admin
opened
1 year ago
6
WATCHPUG - Unsafe ERC20 methods
#82
sherlock-admin
opened
1 year ago
2
WATCHPUG - Incomplete support for MATIC token
#81
sherlock-admin
closed
1 year ago
5
WATCHPUG - `FeeBuyback` native token can not be rescued
#80
sherlock-admin
opened
1 year ago
2
Mukund - USE `SafeTransfer()`/`SafeTransferFrom()` INSTEAD OF `Transfer()` / `TransferFrom()`
#79
sherlock-admin
closed
1 year ago
0
__141345__ - ERC20 function call return value not checked
#78
sherlock-admin
closed
1 year ago
0
__141345__ - `removePlugin()` will break the claim function
#77
sherlock-admin
closed
1 year ago
0
hyh - Native funds can be lost by submit() as msg.value isn't synchronized with amount
#76
sherlock-admin
opened
1 year ago
2
__141345__ - check bytes data length before abi.decode
#75
sherlock-admin
closed
1 year ago
1
hyh - FeeBuyback submit may end up being blocked for some ERC20
#74
sherlock-admin
closed
1 year ago
3
hyh - Plugin removal can freeze user funds
#73
sherlock-admin
closed
1 year ago
2
8olidity - Deletion of plugin by administrator will result in loss of user reward
#72
sherlock-admin
closed
1 year ago
0
Met - Warning - should submit work without fee?
#71
sherlock-admin
closed
1 year ago
0
Met - Unnecessary inaccuracy and wasted gas in FeeBuyback::submit
#70
sherlock-admin
closed
1 year ago
0
hansfriese - Plugin need to be checked on addition
#69
sherlock-admin
closed
1 year ago
8
hansfriese - TEL coins can be "locked" in plugins
#68
sherlock-admin
closed
1 year ago
1
bin2chen - submit() does not check the useless msg.value, which may cause the loss of funds
#67
sherlock-admin
closed
1 year ago
0
Met - Non-sensical use of virtual functions in TieredOwnership
#66
sherlock-admin
closed
1 year ago
0
imare - ``claimAndExitFor`` can be used to rug users
#65
sherlock-admin
closed
1 year ago
0
Met - Missing uint size
#64
sherlock-admin
closed
1 year ago
0
0xSmartContract - initialize() function can be called by anybody
#63
sherlock-admin
closed
1 year ago
0
0xSmartContract - A single point of failure is not acceptable for this project
#62
sherlock-admin
closed
1 year ago
0
rvierdiiev - FeeBuyback.submit doesn't check if they received fee from wallet's swap
#61
sherlock-admin
closed
1 year ago
2
0xSmartContract - `addPlugin` function does not check for contract existence
#60
sherlock-admin
closed
1 year ago
0
imare - ``_notifyStakeChangeAllPlugins`` call can DOS the protocol
#59
sherlock-admin
closed
1 year ago
0
imare - Telcoin token address can become stale
#58
sherlock-admin
closed
1 year ago
1
Met - Order of methods does not follow code style.
#57
sherlock-admin
closed
1 year ago
0
Met - Redundant variable
#56
sherlock-admin
closed
1 year ago
0
Met - [gas] not using the return variable
#55
sherlock-admin
closed
1 year ago
0
Met - Wrong comparison of an uint
#54
sherlock-admin
closed
1 year ago
0
Met - [gas] multiple calls of the same function
#53
sherlock-admin
closed
1 year ago
0
Chandr - removePlugin() should check, that all yield are claimed
#52
sherlock-admin
closed
1 year ago
0
Next