issues
search
sherlock-audit
/
2023-09-Gitcoin-judging
11
stars
7
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
radevauditor - Gas grief possible on unsafe external calls
#987
sherlock-admin2
closed
11 months ago
1
chaduke - QVSimpleStrategy.removeAllocator() fails to remove the votes casted by the allocator, leading to unfair fund distribution.
#986
sherlock-admin
closed
11 months ago
2
John_Femi - Multiple places of unbounded loops
#985
sherlock-admin2
closed
11 months ago
1
helpMePlease - DOS in `DonationVotingMerkleDistributionBaseStrategy` contract
#984
sherlock-admin
closed
11 months ago
1
JP_Courses - Allo::_fundPool()
#983
sherlock-admin2
closed
11 months ago
0
alexzoid - `createPoolWithCustomStrategy` Non-Reentrancy Guard Missed in `Allo` Contract
#982
sherlock-admin
closed
11 months ago
1
whiteh4t9527 - Old Anchor contracts are still accessible when profile owner switch to a new Anchor via Registry.updateProfileName()
#981
sherlock-admin2
closed
11 months ago
1
Tri-pathi - PoolManager can always bypass the check which make sure to withdraw funds from pool, allocation should be ended and 30 days have passed.
#980
sherlock-admin
closed
11 months ago
1
0xLeveler - Funds sent to the Anchor contract are lost forever
#979
sherlock-admin2
closed
11 months ago
1
foresthalberd - Voters can vote multiple times
#978
sherlock-admin
closed
11 months ago
1
aycozynfada - Centralisation issue as event not emmited after new pool managers are added or removed
#977
sherlock-admin2
closed
11 months ago
1
albert - need overflow check
#976
sherlock-admin
closed
11 months ago
1
SBSecurity - 0 amount will be distributed if `recipient.proposalBid` is very low
#975
sherlock-admin2
closed
11 months ago
10
0xG0P1 - There is no `recieve/fallback` function implemented in `registry.sol`
#974
sherlock-admin
closed
11 months ago
1
radevauditor - Potential underfunding in the `_fundPool` method due to ERC20 tokens that don't revert on over-withdrawals.
#973
sherlock-admin2
closed
11 months ago
1
helpMePlease - no check on return value of `create3`
#972
sherlock-admin
closed
11 months ago
1
0xarno - attacker can steal funds of allo.sol by using fundPool() function
#971
sherlock-admin2
closed
11 months ago
1
trachev - The Registry contract's upgradeability would not work
#970
sherlock-admin
closed
11 months ago
1
JP_Courses - WrappedVotingNftMintStrategy::_distribute()
#969
sherlock-admin2
closed
11 months ago
1
0xnirlin - Rft Committee Strategy is not reusable and become useless after one recipient have been voted upon
#968
sherlock-admin
closed
11 months ago
1
John_Femi - Admin or Member Can Inflate Pool Amount
#967
sherlock-admin2
closed
11 months ago
1
helpMePlease - `_allocate` won't work as intended
#966
sherlock-admin
closed
11 months ago
1
radevauditor - Users can bypass the required fees during pool funding even in cloneable strategies
#965
sherlock-admin2
closed
11 months ago
1
Tri-pathi - Anchor deployement can be always failed
#964
sherlock-admin
closed
11 months ago
1
alexzoid - `Anchor` Address Reuse Across Different `Registry` Versions
#963
sherlock-admin2
closed
11 months ago
1
gkrastenov - Not cleaned votes to other recipient statuses
#962
sherlock-admin
closed
11 months ago
0
whiteh4t9527 - Allo.registerRecipient() is not necessary to be a payable function
#961
sherlock-admin2
closed
11 months ago
1
albert - The createPool function is vulnerable to a DOS attack.
#960
sherlock-admin
closed
11 months ago
1
Martians - calling distribute before updateDistribution will brick the strategy in DonationVotingMerkleDistributionBaseStrategy
#959
sherlock-admin2
closed
11 months ago
1
Arz - Allocator voiceCreditsCastToRecipient is incremented by the totalCredits instead of the new credits
#958
sherlock-admin
closed
11 months ago
0
0xarno - funding of `QVSimpleStrategy.sol` is impossibe since it doesn't have `receive()` function for eth
#957
sherlock-admin2
closed
11 months ago
1
0xnirlin - Create3 library may not work as intended on the zksync
#956
sherlock-admin
closed
11 months ago
1
darkart - Lack of Access Control in `Allocate Function`
#955
sherlock-admin2
closed
11 months ago
1
cammamoon - The 'Batch Allocate' function does not handle 'msg.value' properly.
#954
sherlock-admin
closed
11 months ago
1
alymurtazamemon - The `safeTransferETH` function does not protect from the `gas griefing` attack
#953
sherlock-admin2
closed
11 months ago
1
branch_indigo - Existing RecipientId Status can be Overwritten in DonationVoting Strategy, causing loss of allocation funds for accepted recipients
#952
sherlock-admin
closed
11 months ago
0
aycozynfada - Admin can assign manager roles to invalid addresses
#951
sherlock-admin2
closed
11 months ago
0
helpMePlease - No function to return money
#950
sherlock-admin
closed
11 months ago
0
imsrybr0 - Allo@allocate can lead to ETHbeing locked in strategies due to user error
#949
sherlock-admin2
closed
11 months ago
0
jah - steal fund
#948
sherlock-admin
closed
11 months ago
1
SBSecurity - `Allo.sol` feeAmount will round down to 0 when user calls `fundPool()` with small amount
#947
sherlock-admin2
closed
11 months ago
1
pontifex - RFPSimpleStrategy: `setPoolActive` is not protected
#946
sherlock-admin
closed
11 months ago
0
pontifex - RFPSimpleStrategy: fail in distributing the upcoming milestone
#945
sherlock-admin2
closed
11 months ago
0
Arz - The voiceCredits of the allocator are not updated when he allocates his voice credits
#944
sherlock-admin
closed
11 months ago
0
dipp - `allocator.voiceCredits` not increased allowing allocators to allocate any amount
#943
sherlock-admin2
closed
11 months ago
0
0xc0ffEE - Potential funds stuck in QVBaseStrategy
#942
sherlock-admin
closed
11 months ago
1
vangrim - [MEDIUM] QVBaseStrategy.sol
#941
sherlock-admin2
closed
11 months ago
1
pontifex - RFPSimpleStrategy: submitting proposal will always revert
#940
sherlock-admin
closed
11 months ago
0
pontifex - QVSimpleStrategy: unlimited voting is possible
#939
sherlock-admin2
closed
11 months ago
0
Tri-pathi - Funds will lost if treasury is blacklisted
#938
sherlock-admin
closed
11 months ago
1
Next