issues
search
sherlock-audit
/
2023-09-Gitcoin-judging
11
stars
7
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
foresthalberd - FEE-ON-TRANSFER tokens are not accounted for in the fundPool function.
#937
sherlock-admin2
closed
11 months ago
0
SBSecurity - merkleRoot can be bytes(0) or "”
#936
sherlock-admin
closed
11 months ago
1
pontifex - QVBaseStrategy: incorrect calculation in voice credits allocation
#935
sherlock-admin2
closed
11 months ago
0
jah - a user can still more fund than intended
#934
sherlock-admin
closed
11 months ago
2
0xnirlin - When registery ownership is transferred, previous owner can add him as member before the ownership transfer
#933
sherlock-admin2
closed
11 months ago
1
pontifex - Fee-on-transfer tokens are not supported
#932
sherlock-admin
closed
11 months ago
0
Aamirusmani1552 - `Allo::fundPool()` will not be able to fund a pool if `percentFee` is set to `1e18`
#931
sherlock-admin2
closed
11 months ago
1
SBSecurity - Every milestone can be rejected
#930
sherlock-admin
closed
11 months ago
9
Martians - Accepted recipient could get more amount than the `proposalBid` value
#929
sherlock-admin2
closed
11 months ago
1
0xaghas - Gas Efficient Square Root Calculation with Binary Search Approach
#928
sherlock-admin
closed
11 months ago
1
aycozynfada - Admin can assign manager roles to invalid addresses during pool creation
#927
sherlock-admin2
closed
11 months ago
1
SBSecurity - RfpCommitteeStrategy._allocate() lacks `onlyActivePool` modifier
#926
sherlock-admin
closed
11 months ago
1
Martians - `registerRecipient` is not sending the ETH value while calling strategy's `registerRecipient` function
#925
sherlock-admin2
closed
11 months ago
1
gkrastenov - _qv_allocate function will not work as expected
#924
sherlock-admin
closed
11 months ago
7
Arz - setPoolActive() is missing access control in RFPSimpleStrategy.sol
#923
sherlock-admin2
closed
11 months ago
0
radevauditor - Allowed tokens checks do not work correctly in `DonationVotingMerkleDistributionBaseStrategy`
#922
sherlock-admin
closed
11 months ago
3
alexxander - Donation strategy allocate() & distribute() can be called in the same block
#921
sherlock-admin2
closed
11 months ago
1
cammamoon - The pool's active status can be updated by anyone.
#920
sherlock-admin
closed
11 months ago
0
Bauchibred - Anyone can toggle the status of a pool
#919
sherlock-admin2
closed
11 months ago
0
SBSecurity - `RFPSimpleStrategy.setPoolActive()` has no access control
#918
sherlock-admin
closed
11 months ago
0
jah - the function will not work as intended
#917
sherlock-admin2
closed
11 months ago
0
SBSecurity - Non-profiled users can register as recipients in `RfpSimpleStrategy`
#916
sherlock-admin
closed
11 months ago
1
0xnirlin - In DonationVotingMerkleDistributionBaseStrategy `_registerRecipient` wrongly sets the recipient after the first one
#915
sherlock-admin2
closed
11 months ago
0
arnie - when creating a pool, users are forced to overpay basefee
#914
sherlock-admin
closed
11 months ago
1
alymurtazamemon - Incompatibility with deflationary / fee-on-transfer tokens
#913
sherlock-admin2
closed
11 months ago
0
Bauchibred - Executions that require native tokens currently wouldn't get processed
#912
sherlock-admin
closed
11 months ago
1
vangrim - [MEDIUM]Allo#_fundPool
#911
sherlock-admin2
closed
11 months ago
3
Arz - registerRecipient() in Allo.sol is payable but it doesnt forward the ether to the strategy
#910
sherlock-admin
closed
11 months ago
1
Hash01011122 - Access control attacking vector in `Allo.sol` for allocation and `BaseStrategy.sol` for getPayouts and setPoolActive
#909
sherlock-admin2
closed
11 months ago
1
SBSecurity - Rejected milestones can be distributed
#908
sherlock-admin
closed
11 months ago
1
jah - wrong vote calculation
#907
sherlock-admin2
closed
11 months ago
0
Martians - Fee-on-transfer token will block payment for last recipient
#906
sherlock-admin
closed
11 months ago
0
gkrastenov - Wrongly changed status in registerRecipient function
#905
sherlock-admin2
closed
11 months ago
1
radevauditor - Unauthorized users can become recipients in the `DonationVotingMerkleDistributionDirectTransferStrategy` strategy
#904
sherlock-admin
closed
11 months ago
1
Arz - Fee on transfer tokens can cause problems when distributing funds
#903
sherlock-admin2
closed
11 months ago
0
hals - [M-09] `QVSimpleStrategy` contract: removing pool allocators will not remove their votes
#902
sherlock-admin
closed
11 months ago
1
qbs - Recipient data may be manipulated through front-running
#901
sherlock-admin2
closed
11 months ago
0
0xaghas - Missing Access Control in setPoolActive Function and its Internal Implementation
#900
sherlock-admin
closed
11 months ago
0
Tri-pathi - `Allo.initialize` is prone to front run attack which can lead to DOS
#899
sherlock-admin2
closed
11 months ago
0
Martians - `batchRegisterRecipeint` is not marked as payable function.
#898
sherlock-admin
closed
11 months ago
0
hals - `RFPSimpleStrategy::rejectMilestone` : pool manager can reject any milestone as there's no check if the milestone status is set to pending by the accepted recipient.
#897
sherlock-admin2
closed
11 months ago
1
Hash01011122 - Classic case of Precision loss in `Allo.sol`
#896
sherlock-admin
closed
11 months ago
1
dany.armstrong90 - Donation Voting's reviewRecipient function may malfunction.
#895
sherlock-admin2
closed
11 months ago
1
Arz - The QV strategy does not accept ether
#894
sherlock-admin
closed
11 months ago
1
honeymewn - Fund recovery mechanism is broken for merkle vault
#893
sherlock-admin2
closed
11 months ago
14
vagrant - QVBaseStrategy does not update poolAmount value after distributing tokens
#892
sherlock-admin
closed
11 months ago
1
0xnirlin - _registerRecipient will always revert in case useRegistryAnchor is set to false in rftCommitteeStrategy.sol
#891
sherlock-admin2
closed
11 months ago
0
bitsurfer - On pool creation user need to provide `msg.value` more than required `baseFee`, but the rest of `msg.value` is not refunded back to user, (it will be kept in Allo)
#890
sherlock-admin
closed
11 months ago
1
Arz - The registry is set to a wrong address in the Anchor constructor.
#889
sherlock-admin2
closed
11 months ago
0
0xaghas - Timestamp verification flaw in _isPoolTimestampValid function
#888
sherlock-admin
closed
11 months ago
1
Previous
Next