issues
search
sherlock-audit
/
2023-02-hats-judging
2
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Avci - Admin who had hat level 0 is ignored already
#131
sherlock-admin
closed
1 year ago
1
cducrest-brainbot - Increase the number of valid signers past maxSigners
#130
sherlock-admin
closed
1 year ago
0
w42d3n - HatsSignerGateBase.countValidSignatures() is susceptible to replay attacks
#129
sherlock-admin
closed
1 year ago
2
unforgiven - it's possible to perform malicious actions in most of the HatsSignerGate, MultiHatsSignerGate and HatsSignerGateBase contracts functions by reentrancy, because of external call in the `isValidSigner()` and hat's check wearer
#128
sherlock-admin
closed
1 year ago
1
Avci - admin in level 0 is locked and impossible to use
#127
sherlock-admin
closed
1 year ago
0
cducrest-brainbot - The value of signerCount can be broken
#126
sherlock-admin
closed
1 year ago
0
ksk2345 - Inconsistency of expected behavior when address is ineligible and good standing
#125
sherlock-admin
closed
1 year ago
1
unforgiven - attacker can perform malicious transactions in the safe because reentrancy is not implemented correctly in the checkTransaction() and checkAfterExecution() function in HSG
#124
sherlock-admin
opened
1 year ago
3
armathor - "HATS" variable defined nowhere
#123
sherlock-admin
closed
1 year ago
0
Avci - There is WRONG calculation in lastHatId logic
#122
sherlock-admin
closed
1 year ago
1
0xAgro - Known Bug In Compiler Used
#121
sherlock-admin
closed
1 year ago
0
unforgiven - function reconcileSignerCount() set higher value for safe's threshold which can cause safe's transaction execution to revert always
#120
sherlock-admin
closed
1 year ago
0
ksk2345 - Hats.sol, function isInGoodStanding may return success for a renounced Hat also
#119
sherlock-admin
closed
1 year ago
1
minhtrng - Owners can be swapped even though they still wear their signer hats
#118
sherlock-admin
opened
1 year ago
2
minhtrng - Safe can break if external module can add additional module
#117
sherlock-admin
closed
1 year ago
0
unforgiven - middle level admins can steal child trees because function unlinkTopHatFromTree() is callable by them
#116
sherlock-admin
opened
1 year ago
12
Ace-30 - Reentrancy in createHat can bypass hat limits (immutable, maxSupply)
#115
sherlock-admin
closed
1 year ago
0
unforgiven - middle level admins can take control of the tree after unlinking it because function unlinkTopHatFromTree() doesn't reset the value of the linkedTreeRequests[]
#114
sherlock-admin
closed
1 year ago
0
cducrest-brainbot - checkAfterExecution threshold constraints incorrect
#113
sherlock-admin
closed
1 year ago
0
GimelSec - `_swapSigner()` would record a wrong `signerCount` value and allow the wrong situation by default.
#112
sherlock-admin
closed
1 year ago
1
GimelSec - An inconsistency in the `MaxSignersReached` of `reconcileSignerCount()` and `claimSigner()`.
#111
sherlock-admin
closed
1 year ago
6
GimelSec - The `claimSigner()` function would be blocked.
#110
sherlock-admin
closed
1 year ago
1
unforgiven - Hats contract functions doesn't check that all upper level hats exists and it would be possible to link a hat to non-existing hats
#109
sherlock-admin
closed
1 year ago
2
GimelSec - An inconsistency in the behaviour of `balanceOf()` and `balanceOfBatch()`.
#108
sherlock-admin
closed
1 year ago
0
GimelSec - `removeSigner()` would fail if `currentSignerCount < validSignerCount`.
#107
sherlock-admin
closed
1 year ago
5
GimelSec - `checkAfterExecution()` will always be reverted, Safe would not be able to execute any transactions, all assets would be locked.
#106
sherlock-admin
closed
1 year ago
0
cducrest-brainbot - _guardEntries not protecting against re-entry
#105
sherlock-admin
closed
1 year ago
0
GimelSec - `reconcileSignerCount()` would be blocked if `validSignerCount > maxSigners`, Safe would not be able to execute any transactions, all assets would be locked.
#104
sherlock-admin
closed
1 year ago
1
GimelSec - Bad admins can front-run mintHat()
#103
sherlock-admin
closed
1 year ago
1
GimelSec - Nested linked trees could cause recursion stack overflow
#102
sherlock-admin
closed
1 year ago
0
cducrest-brainbot - Fail to set safe threshold to targetThreshold
#101
sherlock-admin
closed
1 year ago
0
unforgiven - bypass maxsupply limit(and other impacts) by performing reentrancy in createHat() function
#100
sherlock-admin
closed
1 year ago
1
cducrest-brainbot - setTargetThreshold can set target below minThreshold
#99
sherlock-admin
closed
1 year ago
0
duc - Signatures can duplicate in function `countValidSignatures`
#98
sherlock-admin
closed
1 year ago
0
duc - Hat wearers who are not the safe's owners can execute safe's transaction
#97
sherlock-admin
closed
1 year ago
1
unforgiven - Unbound recursive function call can use unlimited gas and break hats operation
#96
sherlock-admin
opened
1 year ago
7
Ace-30 - A malicious admin can batch create hats and freeze its hat
#95
sherlock-admin
closed
1 year ago
0
duc - Signers can have a free signature to execute transaction of safe if address(0) if a valid wearer.
#94
sherlock-admin
closed
1 year ago
0
cducrest-brainbot - Usage of HSG for existing safe can brick safe
#93
sherlock-admin
opened
1 year ago
5
Ace-30 - topHat admin can lose its token and there is no backup to recover
#92
sherlock-admin
closed
1 year ago
0
james_wu - Can't deploy HSG and Safe anymore in Factory
#91
sherlock-admin
closed
1 year ago
4
cducrest-brainbot - Prevent deployment of HSG when safe has more than 5 modules
#90
sherlock-admin
closed
1 year ago
0
duc - Function `_removeSigner` updates incorrect signerCount and threshold
#89
sherlock-admin
closed
1 year ago
0
james_wu - last Invalid Signer will never be swapped!
#88
sherlock-admin
closed
1 year ago
0
cccz - reconcileSignerCount may not update safe's threshold when safe's threshold > traget
#87
sherlock-admin
closed
1 year ago
0
Ace-30 - linking of hat trees can freeze hat operations because of gas limit
#86
sherlock-admin
closed
1 year ago
0
cccz - The Hats contract needs to override the ERC1155.balanceOfBatch function
#85
sherlock-admin
opened
1 year ago
4
cccz - reconcileSignerCount calls safe.changeThreshold with incorrect parameters
#84
sherlock-admin
closed
1 year ago
0
roguereddwarf - HatsSignerGateBase: _removeSigner function may revert so it is not possible to remove a signer
#83
sherlock-admin
closed
1 year ago
4
Bauer - The signerCount value is incorrect
#82
sherlock-admin
closed
1 year ago
0
Next