sherlock-audit 2023-04-footium-judging issues

sherlock-audit / 2023-04-footium-judging

13 stars 7 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

tsueti_ - _safeMint() SHOULD BE USED RATHER THAN _mint() WHEREVER POSSIBLE

#401 sherlock-admin closed 1 year ago
0
gryphon - Risk of loosing tokens after burning the NFT Club

#400 sherlock-admin closed 1 year ago
0
tsueti_ - Bad implementation in minter access control for FootiumClub contract

#399 sherlock-admin closed 1 year ago
0
SanketKogekar - Scope for reentrancy in `withdraw()` function of `FootiumAcademy` and `FootiumEscrow`

#398 sherlock-admin closed 1 year ago
0
0xhacksmithh - `clubNft` will be lost if caller doesn't implement `ERC721 Receiver`(i.e if caller unable to handle incoming Erc721 Token)

#397 sherlock-admin closed 1 year ago
0
BAHOZ - Possible faulty calculation of prize amount in FootiumPrizeDistributor

#396 sherlock-admin closed 1 year ago
0
lewisbroadhurst - Medium Severity Finding: FootiumClub.sol => safeMint

#395 sherlock-admin closed 1 year ago
0
kaysoft - EXCESS ETHER NOT REFUNDED IN THE `mintPlayers()` FUNCTION

#394 sherlock-admin closed 1 year ago
0
PokemonAuditSimulator - Risk of the previous owner taking all the players from the new owner when a club is traded

#393 sherlock-admin closed 1 year ago
0
SanketKogekar - Loss of funds in case user decides to claim rewards in his safe contract.

#392 sherlock-admin closed 1 year ago
0
tibthecat - Unsafe usage of ERC20 transfer

#391 sherlock-admin closed 1 year ago
0
PokemonAuditSimulator - The escrow “setApprovalForERC20” function is vulnerable to a sandwich attack

#390 sherlock-admin closed 1 year ago
0
SanketKogekar - `whenNotPaused` is added to `claimERC20Prize` and `claimETHPrize`

#389 sherlock-admin closed 1 year ago
0
PokemonAuditSimulator - Contract without a payable fallback cannot claim their ETH prize, resulting in the funds being stuck

#388 sherlock-admin closed 1 year ago
0
0xhacksmithh - Excess ETH Sent By Caller(Buyer) While Buying Players Are Stolen By Owner Of Contract

#387 sherlock-admin closed 1 year ago
0
PokemonAuditSimulator - The transfer of ERC20 prizes may fail without reverting, resulting in the funds becoming locked

#386 sherlock-admin closed 1 year ago
0
SanketKogekar - In `FootiumGeneralPaymentContract`, set `footiumClub` contract address to be immutable.

#385 sherlock-admin closed 1 year ago
0
jasonxiale - FootiumClub.safeMint should use ERC721Upgradeable._safeMint instead of ERC721Upgradeable._mint

#384 sherlock-admin closed 1 year ago
0
SanketKogekar - No check if NFT having same tokenId was already minted

#383 sherlock-admin closed 1 year ago
0
ch13fd357r0y3r - ch13fd357r0y3r - User cannot claim Prizes on their second claim in many instances.

#382 sherlock-admin closed 1 year ago
0
0xPkhatri - Loss of Excess ETH Sent to FootiumAcademy's mintPlayers() Function

#381 sherlock-admin closed 1 year ago
0
Diana - Use safeTransfer consistently instead of transfer

#380 sherlock-admin closed 1 year ago
0
SanketKogekar - Usage of `transfer()` in place of `safeTransfer()` for ERC20 tokens.

#379 sherlock-admin closed 1 year ago
0
0xRobocop - Buyers of Footium Clubs on secondary markets can get rekt

#378 sherlock-admin closed 1 year ago
0
SanketKogekar - The user prize balance and `_amount` is not checked in `claimETHPrize()` & `claimERC20Prize()` of contract `FootiumPrizeDistributor`

#377 sherlock-admin closed 1 year ago
0
Diana - Approve function is subject to front-run attack

#376 sherlock-admin closed 1 year ago
0
sam_gmk - transferERC721 does not work as intended

#375 sherlock-admin closed 1 year ago
0
ddimitrov22 - Unsafe usage of transfer method

#374 sherlock-admin closed 1 year ago
0
jasonxiale - lack of refund mechanism for overpayment

#373 sherlock-admin closed 1 year ago
0
favelanky - approve function is subject to front-run attack

#372 sherlock-admin closed 1 year ago
0
favelanky - Use safeTransfer instead of transfer

#371 sherlock-admin closed 1 year ago
0
SanketKogekar - No non-zero number check for `divisionTier` function on `mintPlayers()` in FootiumAcademy contract.

#370 sherlock-admin closed 1 year ago
0
0xnirlin - transferERC20 function in `FootiumEscrow` contract may not work as expected.

#369 sherlock-admin closed 1 year ago
0
ddimitrov22 - Approve race condition in FootiumEscrow

#368 sherlock-admin closed 1 year ago
0
Phantasmagoria - Unclaimed Rewards Can Be Lost When Merkle Root is Changed

#367 sherlock-admin closed 1 year ago
0
0xRobocop - FootiumAcademy does not return excess of Ether

#366 sherlock-admin closed 1 year ago
0
jasonxiale - safeTransfer is recommended instead of transfer

#365 sherlock-admin closed 1 year ago
0
Diana - Did not Approve to zero first

#364 sherlock-admin closed 1 year ago
0
SanketKogekar - Missing modifier (access control) on function `mintPlayers()` in FootiumAcademy contract.

#363 sherlock-admin closed 1 year ago
0
0xPkhatri - User not able to claim Prizes in the FootiumPrizeDistributor#claimERC20Prize Function

#362 sherlock-admin closed 1 year ago
0
jasonxiale - ERC20 return values not checked

#361 sherlock-admin closed 1 year ago
0
Phantasmagoria - User can lost his rewards

#360 sherlock-admin closed 1 year ago
0
0xnirlin - User may not be able to claim any rewards due to use of transfer in `claimErc20Prize`

#359 sherlock-admin closed 1 year ago
0
SanketKogekar - OwnableUpgradeable uses single-step ownership transfer

#358 sherlock-admin closed 1 year ago
0
peanuts - After first claim, claimERC20Prize and claimETHPrize does not claim the full amount anymore

#357 sherlock-admin closed 1 year ago
0
modern_Alchemist_00 - Signature Replay attack on isValidSignature function

#356 sherlock-admin closed 1 year ago
0
jasonxiale - Approval Race Protections

#355 sherlock-admin closed 1 year ago
0
AlexCzm - ERC20 return values not checked

#354 sherlock-admin closed 1 year ago
0
0xnirlin - Prize can only be claimed once, all later prizes cannot be claimed

#353 sherlock-admin closed 1 year ago
0
Phantasmagoria - Funds can get stuck in FootiumPrizeDistributor.sol

#352 sherlock-admin closed 1 year ago
0