sherlock-audit 2022-11-telcoin-judging issues

sherlock-audit / 2022-11-telcoin-judging

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Deivitto - SimplePlugin and StakingModule ERC20 Tokens with fee on transfer are not supported

#101 sherlock-admin closed 1 year ago
0
hyh - Out of gas with the nested loop across all plugins

#100 sherlock-admin closed 1 year ago
1
0xheynacho - Unsafe ERC20 Operation

#99 sherlock-admin closed 1 year ago
0
eierina - ERC20 Transfer/approve errors may go unnoticed

#98 sherlock-admin closed 1 year ago
0
hyh - FeeBuyback's submit can lose funds if used with zero addresses, which is allowed

#97 sherlock-admin closed 1 year ago
6
Deivitto - ERC20 transfer / transferFrom with not checked return value

#96 sherlock-admin closed 1 year ago
0
Deivitto - Use of `transfer()` instead of `call()` to send eth

#95 sherlock-admin closed 1 year ago
0
hyh - Unsafe underlying token transfer in FeeBuyback

#94 sherlock-admin closed 1 year ago
1
Deivitto - Single-step process for critical ownership transfer/renounce is risky

#93 sherlock-admin closed 1 year ago
0
Deivitto - Front run initializer

#92 sherlock-admin closed 1 year ago
0
Deivitto - ERC20 `approve` can fail for some tokens

#91 sherlock-admin closed 1 year ago
0
Deivitto - Missing check of `0x0` in initialize for `tel`

#90 sherlock-admin closed 1 year ago
0
hyh - There is no delay in executorship's propose/accept logic

#89 sherlock-admin closed 1 year ago
1
Chandr - addPlugin() shold check, that added contract is plugin

#88 sherlock-admin closed 1 year ago
0
zimu - Function rescueERC20 can be exploited to acquire the owner power

#87 sherlock-admin closed 1 year ago
0
WATCHPUG - `claimFromIndividualPlugin()` may endup claiming the reward from a different plugin with wrong `auxData` when the index as changed due to `removePlugin()`

#86 sherlock-admin closed 1 year ago
7
ak1 - StakingModule.sol#L420 : `removePlugin` should check whether the plugin has any valid claim

#85 sherlock-admin closed 1 year ago
0
WATCHPUG - `claimAndExitFor()` can be used by malicious admin with `RECOVERY_ROLE` to steal funds from the users' accounts

#84 sherlock-admin closed 1 year ago
1
WATCHPUG - Flashloan `TEL` tokens to stake and exit in the same block can fake a huge amount of stake with minimal material cost

#83 sherlock-admin opened 1 year ago
6
WATCHPUG - Unsafe ERC20 methods

#82 sherlock-admin opened 1 year ago
2
WATCHPUG - Incomplete support for MATIC token

#81 sherlock-admin closed 1 year ago
5
WATCHPUG - `FeeBuyback` native token can not be rescued

#80 sherlock-admin opened 1 year ago
2
Mukund - USE `SafeTransfer()`/`SafeTransferFrom()` INSTEAD OF `Transfer()` / `TransferFrom()`

#79 sherlock-admin closed 1 year ago
0
__141345__ - ERC20 function call return value not checked

#78 sherlock-admin closed 1 year ago
0
__141345__ - `removePlugin()` will break the claim function

#77 sherlock-admin closed 1 year ago
0
hyh - Native funds can be lost by submit() as msg.value isn't synchronized with amount

#76 sherlock-admin opened 1 year ago
2
__141345__ - check bytes data length before abi.decode

#75 sherlock-admin closed 1 year ago
1
hyh - FeeBuyback submit may end up being blocked for some ERC20

#74 sherlock-admin closed 1 year ago
3
hyh - Plugin removal can freeze user funds

#73 sherlock-admin closed 1 year ago
2
8olidity - Deletion of plugin by administrator will result in loss of user reward

#72 sherlock-admin closed 1 year ago
0
Met - Warning - should submit work without fee?

#71 sherlock-admin closed 1 year ago
0
Met - Unnecessary inaccuracy and wasted gas in FeeBuyback::submit

#70 sherlock-admin closed 1 year ago
0
hansfriese - Plugin need to be checked on addition

#69 sherlock-admin closed 1 year ago
8
hansfriese - TEL coins can be "locked" in plugins

#68 sherlock-admin closed 1 year ago
1
bin2chen - submit() does not check the useless msg.value, which may cause the loss of funds

#67 sherlock-admin closed 1 year ago
0
Met - Non-sensical use of virtual functions in TieredOwnership

#66 sherlock-admin closed 1 year ago
0
imare - ``claimAndExitFor`` can be used to rug users

#65 sherlock-admin closed 1 year ago
0
Met - Missing uint size

#64 sherlock-admin closed 1 year ago
0
0xSmartContract - initialize() function can be called by anybody

#63 sherlock-admin closed 1 year ago
0
0xSmartContract - A single point of failure is not acceptable for this project

#62 sherlock-admin closed 1 year ago
0
rvierdiiev - FeeBuyback.submit doesn't check if they received fee from wallet's swap

#61 sherlock-admin closed 1 year ago
2
0xSmartContract - `addPlugin` function does not check for contract existence

#60 sherlock-admin closed 1 year ago
0
imare - ``_notifyStakeChangeAllPlugins`` call can DOS the protocol

#59 sherlock-admin closed 1 year ago
0
imare - Telcoin token address can become stale

#58 sherlock-admin closed 1 year ago
1
Met - Order of methods does not follow code style.

#57 sherlock-admin closed 1 year ago
0
Met - Redundant variable

#56 sherlock-admin closed 1 year ago
0
Met - [gas] not using the return variable

#55 sherlock-admin closed 1 year ago
0
Met - Wrong comparison of an uint

#54 sherlock-admin closed 1 year ago
0
Met - [gas] multiple calls of the same function

#53 sherlock-admin closed 1 year ago
0
Chandr - removePlugin() should check, that all yield are claimed

#52 sherlock-admin closed 1 year ago
0