issues
search
sherlock-audit
/
2023-09-Gitcoin-judging
11
stars
7
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Shubham - Calling `execute()` can incur high expense as the data length is not checked while `_target.call`
#887
sherlock-admin2
closed
11 months ago
0
gkrastenov - The review threshold can be easily bypassed by any manager
#886
sherlock-admin
closed
11 months ago
0
jah - a user can vote unlimited times
#885
sherlock-admin2
closed
11 months ago
0
pengun - Malicious user can front-run the strategy to DOS it or steal it to save gas.
#884
sherlock-admin
closed
11 months ago
0
0xnirlin - Anchor contract is unable to receive NFTs of any kind
#883
sherlock-admin2
opened
12 months ago
21
radevauditor - Revert on exact amount
#882
sherlock-admin
closed
11 months ago
1
pengun - Fee-on-transfer not supported in fundPool
#881
sherlock-admin2
closed
11 months ago
0
0xaghas - Centralization Concerns in Admin-Controlled Merkle Root Distribution
#880
sherlock-admin
closed
11 months ago
0
pengun - RFPSimpleStrategy's _distribute implementation is incorrect
#879
sherlock-admin2
closed
11 months ago
0
alymurtazamemon - `transfering` tokens to multiple addresses togather inside a loop can create DOS issue.
#878
sherlock-admin
closed
11 months ago
1
pengun - Infinite Voting in QVSimpleStrategy
#877
sherlock-admin2
closed
11 months ago
0
alexxander - Allo user is forced to supply more Eth than necessary but it's not credited back the remainder
#876
sherlock-admin
closed
11 months ago
1
jah - an attacker can stop user from receiving a fund
#875
sherlock-admin2
closed
11 months ago
0
0xnirlin - Registery address is set to proxy address of create3 instead of registery in the anchor.sol
#874
sherlock-admin
closed
11 months ago
0
pengun - Malicious user can split the vote in QVBaseStrategy to get more votes.
#873
sherlock-admin2
closed
11 months ago
0
shirochan - Anyone can toggle the pool status for `RFPSimpleStrategy`
#872
sherlock-admin
closed
11 months ago
0
aycozynfada - Missing payable in "function distribute" which makes it impossible to operate with native tokens
#871
sherlock-admin2
closed
11 months ago
0
0xaghas - Redundant modifier onlyAllo
#870
sherlock-admin
closed
11 months ago
0
carrotsmuggler - ETH transfers susceptible to gas griefing / DOS.
#869
sherlock-admin2
closed
11 months ago
0
pengun - A single pool manager can accept or reject recipients.
#868
sherlock-admin
closed
11 months ago
0
carrotsmuggler - Eth in `allo.sol` contract can be stolen
#867
sherlock-admin2
closed
11 months ago
1
carrotsmuggler - Incorrect CREATE3 implementation for zksync era
#866
sherlock-admin
closed
11 months ago
0
carrotsmuggler - QVSimpleStrategy.sol: `allocator.voiceCredits` is never updated
#865
sherlock-admin2
closed
11 months ago
0
Hash01011122 - Use `++i` instead of `i++` to save gas
#864
sherlock-admin
closed
11 months ago
0
cats - batchAllocate is Not Payable & Does Not Take msg.value
#863
sherlock-admin2
closed
11 months ago
1
pengun - CREATE3 is not available in the zkSync Era.
#862
sherlock-admin
opened
12 months ago
12
0xaghas - Missing zero address check on recipient address
#861
sherlock-admin2
closed
11 months ago
0
jah - a malicious user can stop other from receiving there fund
#860
sherlock-admin
closed
11 months ago
12
radevauditor - Potential Denial of Service (DoS) in Strategies due to Underfunded Pool During Distribution.
#859
sherlock-admin2
closed
11 months ago
1
gkrastenov - Lack of access control in setPoolActive function
#858
sherlock-admin
closed
11 months ago
0
honeymewn - Malicious recipient can unfairly get more funding in RFP strategies
#857
sherlock-admin2
closed
11 months ago
0
inzinko - Amount of Funds in pool inconsistent with expected amount
#856
sherlock-admin
closed
11 months ago
0
Tri-pathi - `_transferAmount` function of `Transfer` library doesn't check if enough value has been sent for transfer
#855
sherlock-admin2
closed
11 months ago
1
simon135 - since `_allocator.voiceCreidtsCastToReceipeints+=totalCredits` is wrong and will be infliated not like the spec
#854
sherlock-admin
closed
11 months ago
0
cats - Incompatibility With Fee-On-Transfer Tokens
#853
sherlock-admin2
closed
11 months ago
0
0xnirlin - Not using the upgradable variant of access control in upgradable contracts at multiple places.
#852
sherlock-admin
closed
11 months ago
12
gkrastenov - Possible Reentrancy attack
#851
sherlock-admin2
closed
11 months ago
1
0xaghas - Add default constructor that calls _disableInitializers()
#850
sherlock-admin
closed
11 months ago
1
AsenXDeth - Allo.sol#_fundPool
#849
sherlock-admin2
closed
11 months ago
0
0xRstStn - Checks Effects Interaction pattern not followed
#848
sherlock-admin
closed
11 months ago
1
Martians - Pool manager can reallocate the accepted Recipient
#847
sherlock-admin2
closed
11 months ago
1
0x00ffDa - A milestone with payout of 0 can block all further milestone distributions in a RFP allocation strategy
#846
sherlock-admin
closed
11 months ago
3
cats - Incompatibility With Rebasing Tokens
#845
sherlock-admin2
closed
11 months ago
1
jah - the rejected milestone can still take the milestone funds out
#844
sherlock-admin
closed
11 months ago
9
Hash01011122 - Gas Optimization for revert code lines to require code lines
#843
sherlock-admin2
closed
11 months ago
0
SV - Unregistered user can submit Upcoming Milestone
#842
sherlock-admin
closed
11 months ago
5
alexzoid - Fee-on-Transfer Tokens Issue in `_fundPool()`
#841
sherlock-admin2
closed
11 months ago
0
mitko1111 - missing checks for the token
#840
sherlock-admin
closed
11 months ago
0
dopeflamingo - When ```block.timestamp == allocationEndTime``` this can bypassed both ```onlyActiveAllocation()``` and ```onlyAfterAllocation()``` modifiers.
#839
sherlock-admin2
closed
10 months ago
9
Martians - Distribution of milestones which are NOT accepted
#838
sherlock-admin
closed
11 months ago
1
Previous
Next