issues
search
sherlock-audit
/
2023-06-tokensoft-judging
4
stars
4
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
0xlx - No check that a user has initialized their distribution so they can increase their vote by a large amount.
#237
sherlock-admin
closed
1 year ago
0
n33k - If the same user address have claimables on different chains, he will lose tokens
#236
sherlock-admin2
closed
1 year ago
4
pengun - Merkle Root Changes Lead to Failed Claims and Loss of Relayer Fees
#235
sherlock-admin
closed
1 year ago
0
jah - IVT token is not burned after claim
#234
sherlock-admin2
closed
1 year ago
0
stopthecap - Anyone can mint tokens by re-using their proof
#233
sherlock-admin
closed
1 year ago
0
BenRai - In `PriceTierVesting` tokens are only claimable as long as the current oracle price is above the price of the `tier`
#232
sherlock-admin2
closed
1 year ago
0
mert_eren - same address from two differant chains cannot be beneficed for airdrop
#231
sherlock-admin
closed
1 year ago
0
Mlome - Voting power can be removed on behalf of any user
#230
sherlock-admin2
closed
1 year ago
0
stopthecap - _getOraclePrice() doesn't check If Arbitrum sequencer is down in Chainlink feeds
#229
sherlock-admin
closed
1 year ago
4
stopthecap - PriceTierVesting will use the wrong price if the Chainlink registry returns price outside min/max range
#228
sherlock-admin2
closed
1 year ago
0
pengun - Vote Factor Alteration During Airdrop Leads to Unfair Voting Power Allocation
#227
sherlock-admin
closed
1 year ago
0
stopthecap - Chainlink does not actually support xDai
#226
sherlock-admin2
closed
1 year ago
0
twicek - Users can mint more vote tokens than intended
#225
sherlock-admin
closed
1 year ago
0
mert_eren - MerkleContracts Vote problem
#224
sherlock-admin2
closed
1 year ago
0
moneyversed - Unchecked Underflow in TrancheVesting Struct
#223
sherlock-admin
closed
1 year ago
0
pengun - Unrestricted Access to initializeDistributionRecord Allows Manipulation of Voting Power
#222
sherlock-admin2
closed
1 year ago
0
moneyversed - Lack of proper validation in proof verification for Merkle distribution
#221
sherlock-admin
closed
1 year ago
0
stopthecap - Can't change the merkle root
#220
sherlock-admin2
closed
1 year ago
0
ni8mare - When a new token address is set, allowance is set to `total - claimed` which can be wrong.
#219
sherlock-admin
closed
1 year ago
0
magellanXtrachev - No check if L2 Sequencer is not down
#218
sherlock-admin2
closed
1 year ago
4
moneyversed - Unexpected Behavior in `_setTranches` Method
#217
sherlock-admin
closed
1 year ago
0
0xMosh - Contract deployment may fail and waste a lot of gas fees in BasicDistributor.sol
#216
sherlock-admin2
closed
1 year ago
0
AkshaySrivastav - `CrosschainDistributor` incorrectly assumes that domain of destination chains will never be 0
#215
sherlock-admin
closed
1 year ago
0
magellanXtrachev - Anyone can reduce the native coin balance of Distributor to 0
#214
sherlock-admin2
closed
1 year ago
3
stopthecap - Missing checks on the onlyConnext modifier
#213
sherlock-admin
closed
1 year ago
0
0xhacksmithh - Merkle leaf values in `validMerkleProof()` are 84 bytes before hashing which can lead to merkle tree collisions
#212
sherlock-admin2
closed
1 year ago
0
magellanXtrachev - Claiming tokens for other users decreases their voting power
#211
sherlock-admin
closed
1 year ago
0
dany.armstrong90 - PriceTierVestingSale_2_0 doesn't take into account for extra purchase of the beneficiary.
#210
sherlock-admin2
closed
1 year ago
0
magellanXtrachev - Signature Replay in the claimBySignature() function
#209
sherlock-admin
closed
1 year ago
0
magellanXtrachev - Any beneficiary can mint infinite number of votingTokens
#208
sherlock-admin2
closed
1 year ago
0
pengun - Incomplete Fee Setup in CrosschainDistributor.sol Leads to Inoperative Claims
#207
sherlock-admin
closed
1 year ago
0
0xhacksmithh - `_recoverSignature()` s Return Value Never Checked for Zero Address
#206
sherlock-admin2
closed
1 year ago
0
pengun - Failure in xcall Function Call Results in Locked User Relayer Fees
#205
sherlock-admin
closed
1 year ago
0
0xMosh - `adjust` can be frontrunned .
#204
sherlock-admin2
closed
1 year ago
2
pengun - Potential Token Theft Risk Due to Signature Reuse in CrosschainMerkleDistributor
#203
sherlock-admin
closed
1 year ago
0
0xhacksmithh - Function `_settleClaim()` Call Will Fail As `connext.xcall` Does Not Include Relayer Fee
#202
sherlock-admin2
closed
1 year ago
0
Mlome - Airdrop amount superior than type(uint256).max will result in stucked voting tokens
#201
sherlock-admin
closed
1 year ago
0
josephdara - All contracts implementing the AdvancedDistributor have two names
#200
sherlock-admin2
closed
1 year ago
0
0xDanielH - can mint infinite vote tokens through signature and proof replay
#199
sherlock-admin
closed
1 year ago
0
lemonmon - Missing price checks for Chainlink oracle
#198
sherlock-admin2
closed
1 year ago
0
0xMosh - No access control on `claim` can lead to unwanted claims
#197
sherlock-admin
closed
1 year ago
0
dany.armstrong90 - Malicious beneficiary will get more voting power than normal.
#196
sherlock-admin2
closed
1 year ago
0
0xMAKEOUTHILL - Loss of funds during user adjusting
#195
sherlock-admin
opened
1 year ago
8
0xhacksmithh - `onlyConnext()` Modifier's Checks Are Not Sufficient, There should be checks for `Origin Domain` and `Source Contract`
#194
sherlock-admin2
closed
1 year ago
0
josephdara - Random Number is always zero in the BasicDistributor
#193
sherlock-admin
closed
1 year ago
8
ni8mare - IVT tokens can be minted many times by calling `initializeDistributionRecord` several times.
#192
sherlock-admin2
closed
1 year ago
0
josephdara - Precision Loss in voteFactor
#191
sherlock-admin
closed
1 year ago
0
0xhacksmithh - Missing Of Sanity Check For `_start`, `_cliff` & `_end` In `setVestingConfig()`
#190
sherlock-admin2
closed
1 year ago
0
AkshaySrivastav - `CrosschainMerkleDistributor.claimByMerkleProof` does not work for cross chain airdrops
#189
sherlock-admin
closed
1 year ago
6
josephdara - Users can mint more than allocated due implicit conversions
#188
sherlock-admin2
closed
1 year ago
9
Next