sherlock-audit 2023-06-tokensoft-judging issues

sherlock-audit / 2023-06-tokensoft-judging

4 stars 4 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

0xlx - No check that a user has initialized their distribution so they can increase their vote by a large amount.

#237 sherlock-admin closed 1 year ago
0
n33k - If the same user address have claimables on different chains, he will lose tokens

#236 sherlock-admin2 closed 1 year ago
4
pengun - Merkle Root Changes Lead to Failed Claims and Loss of Relayer Fees

#235 sherlock-admin closed 1 year ago
0
jah - IVT token is not burned after claim

#234 sherlock-admin2 closed 1 year ago
0
stopthecap - Anyone can mint tokens by re-using their proof

#233 sherlock-admin closed 1 year ago
0
BenRai - In `PriceTierVesting` tokens are only claimable as long as the current oracle price is above the price of the `tier`

#232 sherlock-admin2 closed 1 year ago
0
mert_eren - same address from two differant chains cannot be beneficed for airdrop

#231 sherlock-admin closed 1 year ago
0
Mlome - Voting power can be removed on behalf of any user

#230 sherlock-admin2 closed 1 year ago
0
stopthecap - _getOraclePrice() doesn't check If Arbitrum sequencer is down in Chainlink feeds

#229 sherlock-admin closed 1 year ago
4
stopthecap - PriceTierVesting will use the wrong price if the Chainlink registry returns price outside min/max range

#228 sherlock-admin2 closed 1 year ago
0
pengun - Vote Factor Alteration During Airdrop Leads to Unfair Voting Power Allocation

#227 sherlock-admin closed 1 year ago
0
stopthecap - Chainlink does not actually support xDai

#226 sherlock-admin2 closed 1 year ago
0
twicek - Users can mint more vote tokens than intended

#225 sherlock-admin closed 1 year ago
0
mert_eren - MerkleContracts Vote problem

#224 sherlock-admin2 closed 1 year ago
0
moneyversed - Unchecked Underflow in TrancheVesting Struct

#223 sherlock-admin closed 1 year ago
0
pengun - Unrestricted Access to initializeDistributionRecord Allows Manipulation of Voting Power

#222 sherlock-admin2 closed 1 year ago
0
moneyversed - Lack of proper validation in proof verification for Merkle distribution

#221 sherlock-admin closed 1 year ago
0
stopthecap - Can't change the merkle root

#220 sherlock-admin2 closed 1 year ago
0
ni8mare - When a new token address is set, allowance is set to `total - claimed` which can be wrong.

#219 sherlock-admin closed 1 year ago
0
magellanXtrachev - No check if L2 Sequencer is not down

#218 sherlock-admin2 closed 1 year ago
4
moneyversed - Unexpected Behavior in `_setTranches` Method

#217 sherlock-admin closed 1 year ago
0
0xMosh - Contract deployment may fail and waste a lot of gas fees in BasicDistributor.sol

#216 sherlock-admin2 closed 1 year ago
0
AkshaySrivastav - `CrosschainDistributor` incorrectly assumes that domain of destination chains will never be 0

#215 sherlock-admin closed 1 year ago
0
magellanXtrachev - Anyone can reduce the native coin balance of Distributor to 0

#214 sherlock-admin2 closed 1 year ago
3
stopthecap - Missing checks on the onlyConnext modifier

#213 sherlock-admin closed 1 year ago
0
0xhacksmithh - Merkle leaf values in `validMerkleProof()` are 84 bytes before hashing which can lead to merkle tree collisions

#212 sherlock-admin2 closed 1 year ago
0
magellanXtrachev - Claiming tokens for other users decreases their voting power

#211 sherlock-admin closed 1 year ago
0
dany.armstrong90 - PriceTierVestingSale_2_0 doesn't take into account for extra purchase of the beneficiary.

#210 sherlock-admin2 closed 1 year ago
0
magellanXtrachev - Signature Replay in the claimBySignature() function

#209 sherlock-admin closed 1 year ago
0
magellanXtrachev - Any beneficiary can mint infinite number of votingTokens

#208 sherlock-admin2 closed 1 year ago
0
pengun - Incomplete Fee Setup in CrosschainDistributor.sol Leads to Inoperative Claims

#207 sherlock-admin closed 1 year ago
0
0xhacksmithh - `_recoverSignature()` s Return Value Never Checked for Zero Address

#206 sherlock-admin2 closed 1 year ago
0
pengun - Failure in xcall Function Call Results in Locked User Relayer Fees

#205 sherlock-admin closed 1 year ago
0
0xMosh - `adjust` can be frontrunned .

#204 sherlock-admin2 closed 1 year ago
2
pengun - Potential Token Theft Risk Due to Signature Reuse in CrosschainMerkleDistributor

#203 sherlock-admin closed 1 year ago
0
0xhacksmithh - Function `_settleClaim()` Call Will Fail As `connext.xcall` Does Not Include Relayer Fee

#202 sherlock-admin2 closed 1 year ago
0
Mlome - Airdrop amount superior than type(uint256).max will result in stucked voting tokens

#201 sherlock-admin closed 1 year ago
0
josephdara - All contracts implementing the AdvancedDistributor have two names

#200 sherlock-admin2 closed 1 year ago
0
0xDanielH - can mint infinite vote tokens through signature and proof replay

#199 sherlock-admin closed 1 year ago
0
lemonmon - Missing price checks for Chainlink oracle

#198 sherlock-admin2 closed 1 year ago
0
0xMosh - No access control on `claim` can lead to unwanted claims

#197 sherlock-admin closed 1 year ago
0
dany.armstrong90 - Malicious beneficiary will get more voting power than normal.

#196 sherlock-admin2 closed 1 year ago
0
0xMAKEOUTHILL - Loss of funds during user adjusting

#195 sherlock-admin opened 1 year ago
8
0xhacksmithh - `onlyConnext()` Modifier's Checks Are Not Sufficient, There should be checks for `Origin Domain` and `Source Contract`

#194 sherlock-admin2 closed 1 year ago
0
josephdara - Random Number is always zero in the BasicDistributor

#193 sherlock-admin closed 1 year ago
8
ni8mare - IVT tokens can be minted many times by calling `initializeDistributionRecord` several times.

#192 sherlock-admin2 closed 1 year ago
0
josephdara - Precision Loss in voteFactor

#191 sherlock-admin closed 1 year ago
0
0xhacksmithh - Missing Of Sanity Check For `_start`, `_cliff` & `_end` In `setVestingConfig()`

#190 sherlock-admin2 closed 1 year ago
0
AkshaySrivastav - `CrosschainMerkleDistributor.claimByMerkleProof` does not work for cross chain airdrops

#189 sherlock-admin closed 1 year ago
6
josephdara - Users can mint more than allocated due implicit conversions

#188 sherlock-admin2 closed 1 year ago
9