sherlock-audit 2023-02-hats-judging issues

sherlock-audit / 2023-02-hats-judging

2 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Avci - Admin who had hat level 0 is ignored already

#131 sherlock-admin closed 1 year ago
1
cducrest-brainbot - Increase the number of valid signers past maxSigners

#130 sherlock-admin closed 1 year ago
0
w42d3n - HatsSignerGateBase.countValidSignatures() is susceptible to replay attacks

#129 sherlock-admin closed 1 year ago
2
unforgiven - it's possible to perform malicious actions in most of the HatsSignerGate, MultiHatsSignerGate and HatsSignerGateBase contracts functions by reentrancy, because of external call in the `isValidSigner()` and hat's check wearer

#128 sherlock-admin closed 1 year ago
1
Avci - admin in level 0 is locked and impossible to use

#127 sherlock-admin closed 1 year ago
0
cducrest-brainbot - The value of signerCount can be broken

#126 sherlock-admin closed 1 year ago
0
ksk2345 - Inconsistency of expected behavior when address is ineligible and good standing

#125 sherlock-admin closed 1 year ago
1
unforgiven - attacker can perform malicious transactions in the safe because reentrancy is not implemented correctly in the checkTransaction() and checkAfterExecution() function in HSG

#124 sherlock-admin opened 1 year ago
3
armathor - "HATS" variable defined nowhere

#123 sherlock-admin closed 1 year ago
0
Avci - There is WRONG calculation in lastHatId logic

#122 sherlock-admin closed 1 year ago
1
0xAgro - Known Bug In Compiler Used

#121 sherlock-admin closed 1 year ago
0
unforgiven - function reconcileSignerCount() set higher value for safe's threshold which can cause safe's transaction execution to revert always

#120 sherlock-admin closed 1 year ago
0
ksk2345 - Hats.sol, function isInGoodStanding may return success for a renounced Hat also

#119 sherlock-admin closed 1 year ago
1
minhtrng - Owners can be swapped even though they still wear their signer hats

#118 sherlock-admin opened 1 year ago
2
minhtrng - Safe can break if external module can add additional module

#117 sherlock-admin closed 1 year ago
0
unforgiven - middle level admins can steal child trees because function unlinkTopHatFromTree() is callable by them

#116 sherlock-admin opened 1 year ago
12
Ace-30 - Reentrancy in createHat can bypass hat limits (immutable, maxSupply)

#115 sherlock-admin closed 1 year ago
0
unforgiven - middle level admins can take control of the tree after unlinking it because function unlinkTopHatFromTree() doesn't reset the value of the linkedTreeRequests[]

#114 sherlock-admin closed 1 year ago
0
cducrest-brainbot - checkAfterExecution threshold constraints incorrect

#113 sherlock-admin closed 1 year ago
0
GimelSec - `_swapSigner()` would record a wrong `signerCount` value and allow the wrong situation by default.

#112 sherlock-admin closed 1 year ago
1
GimelSec - An inconsistency in the `MaxSignersReached` of `reconcileSignerCount()` and `claimSigner()`.

#111 sherlock-admin closed 1 year ago
6
GimelSec - The `claimSigner()` function would be blocked.

#110 sherlock-admin closed 1 year ago
1
unforgiven - Hats contract functions doesn't check that all upper level hats exists and it would be possible to link a hat to non-existing hats

#109 sherlock-admin closed 1 year ago
2
GimelSec - An inconsistency in the behaviour of `balanceOf()` and `balanceOfBatch()`.

#108 sherlock-admin closed 1 year ago
0
GimelSec - `removeSigner()` would fail if `currentSignerCount < validSignerCount`.

#107 sherlock-admin closed 1 year ago
5
GimelSec - `checkAfterExecution()` will always be reverted, Safe would not be able to execute any transactions, all assets would be locked.

#106 sherlock-admin closed 1 year ago
0
cducrest-brainbot - _guardEntries not protecting against re-entry

#105 sherlock-admin closed 1 year ago
0
GimelSec - `reconcileSignerCount()` would be blocked if `validSignerCount > maxSigners`, Safe would not be able to execute any transactions, all assets would be locked.

#104 sherlock-admin closed 1 year ago
1
GimelSec - Bad admins can front-run mintHat()

#103 sherlock-admin closed 1 year ago
1
GimelSec - Nested linked trees could cause recursion stack overflow

#102 sherlock-admin closed 1 year ago
0
cducrest-brainbot - Fail to set safe threshold to targetThreshold

#101 sherlock-admin closed 1 year ago
0
unforgiven - bypass maxsupply limit(and other impacts) by performing reentrancy in createHat() function

#100 sherlock-admin closed 1 year ago
1
cducrest-brainbot - setTargetThreshold can set target below minThreshold

#99 sherlock-admin closed 1 year ago
0
duc - Signatures can duplicate in function `countValidSignatures`

#98 sherlock-admin closed 1 year ago
0
duc - Hat wearers who are not the safe's owners can execute safe's transaction

#97 sherlock-admin closed 1 year ago
1
unforgiven - Unbound recursive function call can use unlimited gas and break hats operation

#96 sherlock-admin opened 1 year ago
7
Ace-30 - A malicious admin can batch create hats and freeze its hat

#95 sherlock-admin closed 1 year ago
0
duc - Signers can have a free signature to execute transaction of safe if address(0) if a valid wearer.

#94 sherlock-admin closed 1 year ago
0
cducrest-brainbot - Usage of HSG for existing safe can brick safe

#93 sherlock-admin opened 1 year ago
5
Ace-30 - topHat admin can lose its token and there is no backup to recover

#92 sherlock-admin closed 1 year ago
0
james_wu - Can't deploy HSG and Safe anymore in Factory

#91 sherlock-admin closed 1 year ago
4
cducrest-brainbot - Prevent deployment of HSG when safe has more than 5 modules

#90 sherlock-admin closed 1 year ago
0
duc - Function `_removeSigner` updates incorrect signerCount and threshold

#89 sherlock-admin closed 1 year ago
0
james_wu - last Invalid Signer will never be swapped!

#88 sherlock-admin closed 1 year ago
0
cccz - reconcileSignerCount may not update safe's threshold when safe's threshold > traget

#87 sherlock-admin closed 1 year ago
0
Ace-30 - linking of hat trees can freeze hat operations because of gas limit

#86 sherlock-admin closed 1 year ago
0
cccz - The Hats contract needs to override the ERC1155.balanceOfBatch function

#85 sherlock-admin opened 1 year ago
4
cccz - reconcileSignerCount calls safe.changeThreshold with incorrect parameters

#84 sherlock-admin closed 1 year ago
0
roguereddwarf - HatsSignerGateBase: _removeSigner function may revert so it is not possible to remove a signer

#83 sherlock-admin closed 1 year ago
4
Bauer - The signerCount value is incorrect

#82 sherlock-admin closed 1 year ago
0