sherlock-audit 2023-09-Gitcoin-judging issues

sherlock-audit / 2023-09-Gitcoin-judging

11 stars 7 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

radevauditor - Gas grief possible on unsafe external calls

#987 sherlock-admin2 closed 1 year ago
1
chaduke - QVSimpleStrategy.removeAllocator() fails to remove the votes casted by the allocator, leading to unfair fund distribution.

#986 sherlock-admin closed 1 year ago
2
John_Femi - Multiple places of unbounded loops

#985 sherlock-admin2 closed 1 year ago
1
helpMePlease - DOS in `DonationVotingMerkleDistributionBaseStrategy` contract

#984 sherlock-admin closed 1 year ago
1
JP_Courses - Allo::_fundPool()

#983 sherlock-admin2 closed 1 year ago
0
alexzoid - `createPoolWithCustomStrategy` Non-Reentrancy Guard Missed in `Allo` Contract

#982 sherlock-admin closed 1 year ago
1
whiteh4t9527 - Old Anchor contracts are still accessible when profile owner switch to a new Anchor via Registry.updateProfileName()

#981 sherlock-admin2 closed 1 year ago
1
Tri-pathi - PoolManager can always bypass the check which make sure to withdraw funds from pool, allocation should be ended and 30 days have passed.

#980 sherlock-admin closed 1 year ago
1
0xLeveler - Funds sent to the Anchor contract are lost forever

#979 sherlock-admin2 closed 1 year ago
1
foresthalberd - Voters can vote multiple times

#978 sherlock-admin closed 1 year ago
1
aycozynfada - Centralisation issue as event not emmited after new pool managers are added or removed

#977 sherlock-admin2 closed 1 year ago
1
albert - need overflow check

#976 sherlock-admin closed 1 year ago
1
SBSecurity - 0 amount will be distributed if `recipient.proposalBid` is very low

#975 sherlock-admin2 closed 1 year ago
10
0xG0P1 - There is no `recieve/fallback` function implemented in `registry.sol`

#974 sherlock-admin closed 1 year ago
1
radevauditor - Potential underfunding in the `_fundPool` method due to ERC20 tokens that don't revert on over-withdrawals.

#973 sherlock-admin2 closed 1 year ago
1
helpMePlease - no check on return value of `create3`

#972 sherlock-admin closed 1 year ago
1
0xarno - attacker can steal funds of allo.sol by using fundPool() function

#971 sherlock-admin2 closed 1 year ago
1
trachev - The Registry contract's upgradeability would not work

#970 sherlock-admin closed 1 year ago
1
JP_Courses - WrappedVotingNftMintStrategy::_distribute()

#969 sherlock-admin2 closed 1 year ago
1
0xnirlin - Rft Committee Strategy is not reusable and become useless after one recipient have been voted upon

#968 sherlock-admin closed 1 year ago
1
John_Femi - Admin or Member Can Inflate Pool Amount

#967 sherlock-admin2 closed 1 year ago
1
helpMePlease - `_allocate` won't work as intended

#966 sherlock-admin closed 1 year ago
1
radevauditor - Users can bypass the required fees during pool funding even in cloneable strategies

#965 sherlock-admin2 closed 1 year ago
1
Tri-pathi - Anchor deployement can be always failed

#964 sherlock-admin closed 1 year ago
1
alexzoid - `Anchor` Address Reuse Across Different `Registry` Versions

#963 sherlock-admin2 closed 1 year ago
1
gkrastenov - Not cleaned votes to other recipient statuses

#962 sherlock-admin closed 1 year ago
0
whiteh4t9527 - Allo.registerRecipient() is not necessary to be a payable function

#961 sherlock-admin2 closed 1 year ago
1
albert - The createPool function is vulnerable to a DOS attack.

#960 sherlock-admin closed 1 year ago
1
Martians - calling distribute before updateDistribution will brick the strategy in DonationVotingMerkleDistributionBaseStrategy

#959 sherlock-admin2 closed 1 year ago
1
Arz - Allocator voiceCreditsCastToRecipient is incremented by the totalCredits instead of the new credits

#958 sherlock-admin closed 1 year ago
0
0xarno - funding of `QVSimpleStrategy.sol` is impossibe since it doesn't have `receive()` function for eth

#957 sherlock-admin2 closed 1 year ago
1
0xnirlin - Create3 library may not work as intended on the zksync

#956 sherlock-admin closed 1 year ago
1
darkart - Lack of Access Control in `Allocate Function`

#955 sherlock-admin2 closed 1 year ago
1
cammamoon - The 'Batch Allocate' function does not handle 'msg.value' properly.

#954 sherlock-admin closed 1 year ago
1
alymurtazamemon - The `safeTransferETH` function does not protect from the `gas griefing` attack

#953 sherlock-admin2 closed 1 year ago
1
branch_indigo - Existing RecipientId Status can be Overwritten in DonationVoting Strategy, causing loss of allocation funds for accepted recipients

#952 sherlock-admin closed 1 year ago
0
aycozynfada - Admin can assign manager roles to invalid addresses

#951 sherlock-admin2 closed 1 year ago
0
helpMePlease - No function to return money

#950 sherlock-admin closed 1 year ago
0
imsrybr0 - Allo@allocate can lead to ETHbeing locked in strategies due to user error

#949 sherlock-admin2 closed 1 year ago
0
jah - steal fund

#948 sherlock-admin closed 1 year ago
1
SBSecurity - `Allo.sol` feeAmount will round down to 0 when user calls `fundPool()` with small amount

#947 sherlock-admin2 closed 1 year ago
1
pontifex - RFPSimpleStrategy: `setPoolActive` is not protected

#946 sherlock-admin closed 1 year ago
0
pontifex - RFPSimpleStrategy: fail in distributing the upcoming milestone

#945 sherlock-admin2 closed 1 year ago
0
Arz - The voiceCredits of the allocator are not updated when he allocates his voice credits

#944 sherlock-admin closed 1 year ago
0
dipp - `allocator.voiceCredits` not increased allowing allocators to allocate any amount

#943 sherlock-admin2 closed 1 year ago
0
0xc0ffEE - Potential funds stuck in QVBaseStrategy

#942 sherlock-admin closed 1 year ago
1
vangrim - [MEDIUM] QVBaseStrategy.sol

#941 sherlock-admin2 closed 1 year ago
1
pontifex - RFPSimpleStrategy: submitting proposal will always revert

#940 sherlock-admin closed 1 year ago
0
pontifex - QVSimpleStrategy: unlimited voting is possible

#939 sherlock-admin2 closed 1 year ago
0
Tri-pathi - Funds will lost if treasury is blacklisted

#938 sherlock-admin closed 1 year ago
1