sherlock-audit 2023-09-Gitcoin-judging issues

sherlock-audit / 2023-09-Gitcoin-judging

11 stars 7 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Tri-pathi - Protocol accounts incorrect amount in the distribution strategy for fee on transfer tokens

#837 sherlock-admin2 closed 1 year ago
0
tsvetanovv - The protocol doesn't have support for fee-on-transfer types of ERC20 tokens

#836 sherlock-admin closed 1 year ago
0
shirochan - Distribution is possible during allocation

#835 sherlock-admin2 closed 1 year ago
0
gkrastenov - Not paying the fee during funding

#834 sherlock-admin closed 1 year ago
0
Vagner - Allocations in `DonationVotingMerkleDistributionDirectTransferStrategy.sol` or `DonationVotingMerkleDistributionVaultStrategy.sol` can be manipulated to distribute more tokens to specific recepients

#833 sherlock-admin2 closed 1 year ago
8
radevauditor - Uninitialized Allocator Bypasses `maxVoiceCreditsPerAllocator` Limit

#832 sherlock-admin closed 1 year ago
1
mitko1111 - base fee can be set to more than 100%

#831 sherlock-admin2 closed 1 year ago
0
pengun - Anyone can change the pool status of RFPSimpleStrategy

#830 sherlock-admin closed 1 year ago
0
dany.armstrong90 - Function `_distribute` of `RFPSimpleStrategy.sol` would be reverted due to the coding error.

#829 sherlock-admin2 closed 1 year ago
0
fides - Profile owners can set pending ownership for themselves in the same block/timeframe a new owner accepts ownership at `updateProfilePendingOwner`

#828 sherlock-admin closed 1 year ago
1
vagrant - funding pools with Fee-on-Transfer will lead to an incorrect increase in poolAmount value

#827 sherlock-admin2 closed 1 year ago
0
alexzoid - `baseFee` Issue in `_createPool()` Method

#826 sherlock-admin closed 1 year ago
1
inspecktor - The _fundPool() call may not be available for some tokens

#825 sherlock-admin2 closed 1 year ago
1
osmanozdemir1 - The protocol doesn't work as expected with fee-on-transfer tokens

#824 sherlock-admin closed 1 year ago
0
inspecktor - Using tokens with a transfer fee may result in the loss of funds of recent users

#823 sherlock-admin2 closed 1 year ago
0
ace13567 - Pool managers can update the recipient's status at their discretion.

#822 sherlock-admin closed 1 year ago
0
simon135 - `allocator.voiceCerdits` is not used in `QVSimpleStrategy` which the alloactor can vote unlimited times

#821 sherlock-admin2 closed 1 year ago
0
inspecktor - The Allo.sol contract only assumes the use of tokens with decimals = 1e18

#820 sherlock-admin closed 1 year ago
0
Tri-pathi - `Allo.createPool` reverts on incorrect check for base fee, even when the perfect base fee is transferred

#819 sherlock-admin2 closed 1 year ago
1
alexxander - Allo pool funding can avoid paying percent fee

#818 sherlock-admin closed 1 year ago
1
SBSecurity - Setting useRegistryAnchor to true will result in `recipientAddress` always be address(0) in RfpSimpleStrategy

#817 sherlock-admin2 closed 1 year ago
0
inspecktor - An attacker can manipulate the maxBid, useRegistryAnchor, metadataRequired parameter in RFPSimpleStrategy.sol

#816 sherlock-admin closed 1 year ago
1
BenRai - When allocating native tokens in `DonationVotingMerkleDistributionVaultStrategy` any native token that exceeds the amount specified for funding is not returned

#815 sherlock-admin2 closed 1 year ago
1
inzinko - Allocator not utilizing there allocated voice credit could lead to imbalance

#814 sherlock-admin closed 1 year ago
1
mitko1111 - wrong input to transfer function

#813 sherlock-admin2 closed 1 year ago
0
GimelSec - Should avoid zero amount transfer in `allo._fundPool`

#812 sherlock-admin closed 1 year ago
0
inspecktor - An attacker can change the minimum number of votes required to accept a recipient

#811 sherlock-admin2 closed 1 year ago
1
dopeflamingo - ```allocator.voiceCredits``` is not changed anywhere

#810 sherlock-admin closed 1 year ago
1
shtesesamoubiq - The calculation can round to 0 in `_distribute` in `RFPSimpleStrategy.sol`

#809 sherlock-admin2 closed 1 year ago
0
mitko1111 - Every one can change the flag of the pool

#808 sherlock-admin closed 1 year ago
0
simon135 - since `poolAmount` in `_distribute#QVbaseStrategy` is not updated it can cause reverts and break in functionillity

#807 sherlock-admin2 closed 1 year ago
1
Tri-pathi - User can transfer any number of Native tokens without actually transferring tokens

#806 sherlock-admin closed 1 year ago
1
0xarno - Missing Check for `milestoneStatus == Status.Pending` in the `_distribute` Function in `RFPSimpleStrategy.sol`

#805 sherlock-admin2 closed 1 year ago
1
BenRai - For all strategies, if the recipient address is a contract that can not handle the pool tokens, the pool tokens will be lost for ever

#804 sherlock-admin closed 1 year ago
1
radevauditor - Vulnerability after updating of pool timestamps in the `QVBaseStrategy` strategy that can result in `funds being stuck`

#803 sherlock-admin2 closed 1 year ago
1
osmanozdemir1 - Anyone can claim on behalf of others in the `DonationVotingMerkleDistributionVaultStrategy::claim()`

#802 sherlock-admin closed 1 year ago
1
0x00ffDa - Recipients may be excluded despite receiving enough "Accepted" reviews in quadratic voting allocation strategies

#801 sherlock-admin2 closed 1 year ago
0
shtesesamoubiq - There is no check if the milestone is rejected in _distribute in `RFPSimpleStrategy.sol`

#800 sherlock-admin closed 1 year ago
1
pinalikefruit - Anyone can be set the pool to active or inactive in RFPSimpleStrategy

#799 sherlock-admin2 closed 1 year ago
0
Vagner - `_registerRecipient` in the `RFPSimpleStrategy.sol` will revert 100% if `useRegistryAnchor` is true

#798 sherlock-admin closed 1 year ago
0
inzinko - Multiple Recipient can submit the same milestone and get paid

#797 sherlock-admin2 closed 1 year ago
1
ast3ros - User Registration Failure When useRegistryAnchor is Enabled

#796 sherlock-admin closed 1 year ago
0
0xarno - Incorrect Check in `_distribute` Function in `RFPSimpleStrategy.sol` Leads to Reversion of Valid Distributions

#795 sherlock-admin2 closed 1 year ago
0
ast3ros - Unrestricted setPoolActive Function

#794 sherlock-admin closed 1 year ago
0
ast3ros - Unrestricted Initialize Function

#793 sherlock-admin2 closed 1 year ago
1
ast3ros - Funding During Distribution Can Skew Allocation Amounts

#792 sherlock-admin closed 1 year ago
3
ast3ros - Absence of Withdraw Function in QVBaseStrategy

#791 sherlock-admin2 closed 1 year ago
11
GimelSec - `RFPSimpleStrategy.setMilestones` can only be called once

#790 sherlock-admin closed 1 year ago
1
ast3ros - Minimum Review Threshold Fails to Function Properly

#789 sherlock-admin2 closed 1 year ago
0
ast3ros - Lack of Support for Fee-on-Transfer Tokens

#788 sherlock-admin closed 1 year ago
0

Previous Next