issues
search
sherlock-audit
/
2023-02-openq-judging
4
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Jeiwan - Griefing attack can cause an indefinite DoS on the bounty minting functionality
#518
github-actions[bot]
closed
1 year ago
0
Aymen0909 - `issuer` can close ongoing bounty before all claims has been collected thus blocking the funds claiming process
#517
github-actions[bot]
closed
1 year ago
1
imare - the user cannot easily know if its dealing with a legit bounty
#516
github-actions[bot]
closed
1 year ago
0
imare - funding of bounties with erc20 tokens can be blocked
#515
github-actions[bot]
closed
1 year ago
0
sinh3ck - sinh3ck - Denial Of Service On `fundBountyToken()` Of Any Non-whitelisted Tokens
#514
github-actions[bot]
closed
1 year ago
0
sinh3ck - sinh3ck - Denial Of Service On `fundBountyToken()` Of Any Non-whitelisted Tokens
#513
github-actions[bot]
closed
1 year ago
0
Udsen - `initialize()` FUNCTION IS NOT PROTECTED BY `onlyProxy` MODIFIER
#512
github-actions[bot]
closed
1 year ago
0
dipp - ```ClaimManagerV1.sol``` does not call ```claimNFT``` for Ongoing bounties
#511
github-actions[bot]
closed
1 year ago
2
joestakey - Issuers of ongoing bounties can front run claims to decrease `payoutVolume`
#510
github-actions[bot]
closed
1 year ago
2
Lucacez - `receiveFunds()` MAY LOCK ETHER SENT TO THE CONTRACT, FOREVER
#509
github-actions[bot]
closed
1 year ago
4
ck - `_claimTieredFixedBounty` claims only one token while supporting multiple NFTs
#508
github-actions[bot]
closed
1 year ago
4
0xmuxyz - When the ClaimManagerV1# `claimBounty()` is called for a payout of the claimant for the AtomicBountyV1, that transaction will fail because of shortfall of the `available fund` of the payout token address in the AtomicBounty contract.
#507
github-actions[bot]
closed
1 year ago
2
ak1 - `_claimTieredPercentageBounty` and `_claimTieredFixedBounty` should update the `setTierClaimed` inside the `claimTiered` `claimTieredFixed`
#506
github-actions[bot]
closed
1 year ago
4
HonorLt - Locked funds do not account for claims and refunds
#505
github-actions[bot]
closed
1 year ago
4
joestakey - Claimers of ongoing bounties cannot receive `NFT` funds.
#504
github-actions[bot]
closed
1 year ago
0
Breeje - User can Claim `OngoingBounty` multiple times
#503
github-actions[bot]
closed
1 year ago
0
GimelSec - A malicious user can block other users from calling `refundDeposit()`
#502
github-actions[bot]
closed
1 year ago
0
GimelSec - `TieredFixedBountyV1.closeCompetition()` doesn't check if the bounty has enough payoutSchedule balances of payoutTokenAddress
#501
github-actions[bot]
closed
1 year ago
3
GimelSec - `bountyIsClaimable()` should revert when the bounty is invalid
#500
github-actions[bot]
closed
1 year ago
0
GimelSec - `setPayoutScheduleFixed`, `setPayoutSchedule` Unable to resize to fewer tiers
#499
github-actions[bot]
closed
1 year ago
0
Aymen0909 - User can claim payout multiple times in the ongoing bounty
#498
github-actions[bot]
closed
1 year ago
0
GimelSec - `refundDeposit` may fail due to the gas limit DoS of `bounty.getLockedFunds(depToken)`
#497
github-actions[bot]
closed
1 year ago
0
Udsen - APPROVE THE `BountyCore` CONTRACT TO TRANSFER THE NFT FROM THE `_sender` TO ITS OWN CONTRACT
#496
github-actions[bot]
closed
1 year ago
0
GimelSec - Invalid expiration blocks users from refunding, and also causes abuses of bounty contracts
#495
github-actions[bot]
closed
1 year ago
3
GimelSec - `mintBounty` should check managers are initialized
#494
github-actions[bot]
closed
1 year ago
4
joestakey - `claimOngoingPayout()` allows claimers to claim the same `claimId` twice
#493
github-actions[bot]
closed
1 year ago
0
slowfi - Funders can fund with an evil token and make bounty not claimable
#492
github-actions[bot]
closed
1 year ago
0
GimelSec - Inherited contracts should have gap storage slots
#491
github-actions[bot]
closed
1 year ago
0
HonorLt - Many deposits can block refunds
#490
github-actions[bot]
closed
1 year ago
0
GimelSec - Malicious users can pretend to be other organizations
#489
github-actions[bot]
closed
1 year ago
0
GimelSec - OpenQ cannot accept rebasing token
#488
github-actions[bot]
closed
1 year ago
0
ck - `_claimOngoingBounty` only claims the `payoutToken` but allows NFT deposits
#487
github-actions[bot]
closed
1 year ago
0
joestakey - `refundDeposit` can be DOS
#486
github-actions[bot]
closed
1 year ago
0
ak1 - `refundDeposit` will not work when `deposits` array grows bigger or deliberately increased to huge value.
#485
github-actions[bot]
closed
1 year ago
0
GimelSec - Should Check `claimId` in `OngoingBountyV1.claimOngoingPayout`
#484
github-actions[bot]
closed
1 year ago
0
GimelSec - Refunding NFT doesn't decrease the length of nftDeposits. A malicious user can block other users from depositing any NFT.
#483
github-actions[bot]
closed
1 year ago
3
GimelSec - A malicious User can deposit a malicious erc20 token to DOS the bounty
#482
github-actions[bot]
closed
1 year ago
0
GimelSec - A refunded NFT could block `ClaimManagerV1.claimBounty`
#481
github-actions[bot]
closed
1 year ago
4
0xmuxyz - Due to lack of the validation to check whether or not a `claimId` is the `claimId` that is already claimed and completed a payout, which results in that same claimant can incorrectly receive the payout multiple times.
#480
github-actions[bot]
closed
1 year ago
0
joestakey - `refundDeposit` should bypass `expiration` if a bounty is closed and all claimants have claimed their share
#479
github-actions[bot]
closed
1 year ago
0
GimelSec - `BountyCore.receiveFunds` only checks `_volume != 0` when `_tokenAddress == address(0)`. Malicious users can create many deposits without depositing any funds.
#478
github-actions[bot]
closed
1 year ago
4
sinh3ck - sinh3ck - `permissionedClaimTieredBounty()` Allows `issuer` Of Bounty To Claim Own Bounty
#477
github-actions[bot]
closed
1 year ago
1
GimelSec - `__ERC721Holder_init()` is not called in all the bounty contracts
#476
github-actions[bot]
closed
1 year ago
3
ck - `closeCompetition()` does not freeze the current funds for the competition as expected
#475
github-actions[bot]
closed
1 year ago
1
GimelSec - OpenQV1.initialize() doesn't call __Oraclize_init(_oracle)
#474
github-actions[bot]
closed
1 year ago
0
HonorLt - Owner can change requirements anytime
#473
github-actions[bot]
closed
1 year ago
2
ak1 - `_receiveERC20` should check the amount of received value greater than zero
#472
github-actions[bot]
closed
1 year ago
4
n33k - initialize() function of ERC1967Proxy can be frontrun
#471
github-actions[bot]
closed
1 year ago
0
joestakey - funder can lose native token in `receiveFunds`
#470
github-actions[bot]
closed
1 year ago
0
slowfi - Funds can get locked on the bounty contract
#469
github-actions[bot]
closed
1 year ago
1
Previous
Next