sherlock-audit 2023-02-openq-judging issues

sherlock-audit / 2023-02-openq-judging

4 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Avci - in the DepositManagerOwnable manager address cannot remove if accidently transfered or when losing access will be dangrous

#568 github-actions[bot] closed 1 year ago
0
Avci - in extendDeposit in Bounty core there is incorrect calc of time

#567 github-actions[bot] closed 1 year ago
0
Aymen0909 - Risk of reentrancy attack in the `permissionedClaimTieredBounty` function

#566 github-actions[bot] closed 1 year ago
1
Avci - in BountyCore:refundDeposit there is problem in logic of checking in function that checks wrong.

#565 github-actions[bot] closed 1 year ago
1
ak1 - `setPayoutScheduleFixed` and `setPayoutSchedule` are not using the correct array length value in the `for` loop

#564 github-actions[bot] closed 1 year ago
0
Udsen - `safeTransferFrom` IS CALLED IN THE `BountyCore` CONTRACT WITHOUT APPROVAL FROM THE OWNER.

#563 github-actions[bot] closed 1 year ago
0
0xhacksmithh - Incorrect logics for ```refundDeposit()``` function inside ```DeposiManagerV1.sol``` contract file

#562 github-actions[bot] closed 1 year ago
0
Avci - contract doesnt support the rebase tokens as technical but they didnt take any stepts to not alowing rebasing tokens

#561 github-actions[bot] closed 1 year ago
0
Avci - in the AtomicBountyV1.sol: reciveNft there is wrong calculation of time

#560 github-actions[bot] closed 1 year ago
1
joestakey - percentage tiered bounty issuer can game the payout schedule

#559 github-actions[bot] closed 1 year ago
0
ck - Array mismatch can happen when setting a new payout schedule

#558 github-actions[bot] closed 1 year ago
0
Udsen - `address(0)` CHECK IS NOT PERFORMED FOR THE `address` VARIABLES PASSED INTO THE `initiazlize()` FUNCTIONS OF THE IMPLEMENTATION CONTRACTS.

#557 github-actions[bot] closed 1 year ago
0
Breeje - Any organization can close the `Bounty` before paying out the reward

#556 github-actions[bot] closed 1 year ago
3
0xmuxyz - A transaction of calling the the DepositManagerV1# `fundBountyNFT()` may be reverted despite the actual number of NFTs deposited (funded) has not reached the `nftDepositLimit` yet.

#555 github-actions[bot] closed 1 year ago
0
joestakey - refund logic is unfair to funders.

#554 github-actions[bot] closed 1 year ago
0
sinh3ck - sinh3ck - Closing `TierFixedBounty` May Lock Tokens In Bounty Forever

#553 github-actions[bot] closed 1 year ago
0
HonorLt - Incorrect new expiration when extending expired deposit

#552 github-actions[bot] closed 1 year ago
2
Qeew - No input Validation check for _associatedAddress

#551 github-actions[bot] closed 1 year ago
0
imare - possible grief attack on bounty refund deposit call

#550 github-actions[bot] closed 1 year ago
0
ak1 - Number of token limit check is not same for ERC20 and ERC721 contracts

#549 github-actions[bot] closed 1 year ago
4
joestakey - `refundDeposit` has an incorrect `availableFunds` logic, preventing some depositors from getting a refund when they should

#548 github-actions[bot] closed 1 year ago
0
XKET - `onlyProxy` modifiers are missing in two functions of `OpenQV1`

#547 github-actions[bot] closed 1 year ago
0
XKET - `ClaimManagerV1.bountyIsClaimable` is wrong for tiered bounties

#546 github-actions[bot] closed 1 year ago
0
XKET - Refund after close will cause lack of balance for TieredPercentageBounty

#545 github-actions[bot] closed 1 year ago
0
ck - Blacklisted user may prevent certain bounty claims

#544 github-actions[bot] closed 1 year ago
4
XKET - `TieredFixedBountyV1.setFundingGoal` changes `payoutTokenAddress`

#543 github-actions[bot] closed 1 year ago
0
XKET - Some winners of tiered percentage bounty can't claim their payouts

#542 github-actions[bot] closed 1 year ago
3
XKET - `setPayoutSchedule` will revert for tiered bounties in some condition

#541 github-actions[bot] closed 1 year ago
0
XKET - An attacker can prevent claimers from claiming

#540 github-actions[bot] closed 1 year ago
3
XKET - An attacker can prevent claimers from claiming when `openQTokenWhitelist.TOKEN_ADDRESS_LIMIT > 0`

#539 github-actions[bot] closed 1 year ago
0
XKET - An attacker can prevent claimers from claiming for atomic and tiered percentage bounties

#538 github-actions[bot] closed 1 year ago
0
sinh3ck - sinh3ck - Closing `OngoingBounty` May Lock Tokens In Bounty Forever

#537 github-actions[bot] closed 1 year ago
0
joestakey - claimer not supporting ERC-721 tokens can be DOS

#536 github-actions[bot] closed 1 year ago
2
Udsen - MALICIOUS USER CAN FRONT RUN THE `initialize()` FUNCTION IN THE `OpenQV1` AND BECOME THE OWNER OF THE CONTRACT

#535 github-actions[bot] closed 1 year ago
0
Jeiwan - Payout schedule cannot be shrunk due to a revert

#534 github-actions[bot] closed 1 year ago
0
Jeiwan - The NFT deposit limit may be not enough for tiered bounties

#533 github-actions[bot] closed 1 year ago
0
Jeiwan - Bounty contracts' state can be corrupted as a result of an upgrade

#532 github-actions[bot] closed 1 year ago
0
Jeiwan - Claiming ongoing bounty can be replayed, causing double-spending of rewards

#531 github-actions[bot] closed 1 year ago
3
Jeiwan - Non-whitelisted tokens cannot be added if the limit of token addresses is filled with whitelisted ones

#530 github-actions[bot] opened 1 year ago
3
Jeiwan - Bounty contract funding can be blocked by an attack filling the limit of token addresses

#529 github-actions[bot] closed 1 year ago
0
Jeiwan - `OpenQV1.solvent` always reverts for tiered bounties

#528 github-actions[bot] closed 1 year ago
0
Jeiwan - Oracle is not initialized in `OpenQV1`, making the contract partially non-operational

#527 github-actions[bot] closed 1 year ago
3
Jeiwan - Griefing attack may cause indefinite DoS on refunding

#526 github-actions[bot] closed 1 year ago
0
Jeiwan - Disproportional distribution of deposited funds causes some depositors to lose funds

#525 github-actions[bot] closed 1 year ago
1
Jeiwan - Ongoing bounty contract can be used to run scam bounties promising NFT rewards but not paying them

#524 github-actions[bot] closed 1 year ago
0
joestakey - Attackers can DOS claims of `USDC` blacklisted claimers

#523 github-actions[bot] closed 1 year ago
0
Jeiwan - Refunded NFT can indefinitely block bounty rewards claiming

#522 github-actions[bot] closed 1 year ago
4
Jeiwan - Claiming of rewards can be indefinitely blocked by a malicious ERC20 token

#521 github-actions[bot] closed 1 year ago
0
Jeiwan - Native coin can be lost when deposited together with an ERC20 token

#520 github-actions[bot] closed 1 year ago
0
Jeiwan - Bounty minter can rugpull contest winners by changing winners and payout amounts after contest results were announced

#519 github-actions[bot] closed 1 year ago
2