issues
search
sherlock-audit
/
2023-10-looksrare-judging
6
stars
6
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
bareli - USE OF safetransferFrom instead of transferfrom.
#94
sherlock-admin
closed
1 year ago
0
phenom - Contracts are vulnerable to fee-on-transfer accounting-related issues
#93
sherlock-admin2
closed
1 year ago
1
phenom - Governance functions should be controlled by time locks
#92
sherlock-admin
closed
1 year ago
1
phenom - Unsafe use of transfer()/transferFrom() with IERC20
#91
sherlock-admin2
closed
1 year ago
0
phenom - Return values of transfer()/transferFrom() not checked
#90
sherlock-admin
closed
1 year ago
1
lil.eth - costToHeal() in InfiltrationPeriphery.sol allow easy sandwich and user paying more than healing cost
#89
sherlock-admin2
closed
12 months ago
8
phenom - Incorrect shift in the assembly code block
#88
sherlock-admin
closed
1 year ago
1
SilentDefendersOfDeFi - Unfair killing of Agents
#87
sherlock-admin2
closed
1 year ago
15
moneyversed - Unchecked arithmetic usage in `Infiltration`'s healing and escaping mechanism allows for direct bypass of >0.8.0 solidity's built-in checks due to `UnsafeMathUint256`
#86
sherlock-admin
closed
1 year ago
1
lil.eth - Bypass of MAX_MINT_PER_ADDRESS Limit due to no Premint Checks
#85
sherlock-admin2
closed
1 year ago
0
Tricko - Index values selected in `_woundRequestFulfilled()` are not uniformly distributed.
#84
sherlock-admin
opened
1 year ago
2
BoRonGod - Check in `fulfillRandomWords` is vulnerable in some specific situations
#83
sherlock-admin2
closed
1 year ago
1
devAnas - [M-01] Allows Unauthorized Healing Due to Missing Ownership Check
#82
sherlock-admin
closed
1 year ago
0
feelereth - Vulnerability where the escape reward distribution loop could still run even if there are 0 agents left, leading to division by 0 errors.
#81
sherlock-admin2
closed
1 year ago
1
enfrasico - Wrong use of VRF randomness can allow it to be exploited, allowing the exploiter to always win the game
#80
sherlock-admin
closed
1 year ago
36
BoRonGod - function `heal` is broken due to invalid approval
#79
sherlock-admin2
closed
1 year ago
1
0xGoodess - _woundRequestFulfilled is not a uniform distribution on a population with wounded samples
#78
sherlock-admin
closed
1 year ago
0
enfrasico - Lack of slippage for `heal()` can cause huge financial loss for users
#77
sherlock-admin2
closed
1 year ago
5
enfrasico - maximumAmountMintedPerAddress can be bypassed by anyone
#76
sherlock-admin
closed
1 year ago
2
feelereth - The secondaryPrizePoolShareBp function can return share amounts over 100% for certain inputs.
#75
sherlock-admin2
closed
1 year ago
1
feelereth - vulnerability that could allow an attacker to falsely claim a share of the secondary prize pool.
#74
sherlock-admin
closed
1 year ago
1
0xGoodess - heal can be Dossed by frontrunning - by competitor who just heal one of the victims agentsIds
#73
sherlock-admin2
closed
1 year ago
0
feelereth - frontrunLock is initially locked, but there's no check that it gets unlocked after startGame() is called. An error could leave it locked forever.
#72
sherlock-admin
closed
1 year ago
1
BoRonGod - `Transferfrom` is not protected by frontrun lock
#71
sherlock-admin2
closed
1 year ago
1
ast3ros - Re-wounding healed agents within the same round
#70
sherlock-admin
closed
1 year ago
0
stackangel22 - looksrare Audit Report
#69
sherlock-admin2
closed
1 year ago
0
836541 - Gas Limit for VRF's callbacks should be changeable
#68
sherlock-admin
closed
1 year ago
0
unix515 - Infiltration cannot receive native token
#67
sherlock-admin2
closed
1 year ago
1
Bauer - Front-running the escape option to receive rewards before agents get wounded
#66
sherlock-admin
closed
1 year ago
1
Weed0607 - The number of activeAgents could be zero and this will lead to loss of fund in the contract
#65
sherlock-admin2
closed
12 months ago
2
836541 - `startNewRound` gives VRF Service Provider the option to withhold fulfillments
#64
sherlock-admin
closed
1 year ago
1
JP_Courses - Infiltration::setMintPeriod() - Here `block.timestamp` should never be `== newMintEnd`, i.e. case `<= newMintEnd` is incorrect logic, should be `< newMintEnd`.
#63
sherlock-admin2
closed
1 year ago
1
mstpr-brainbot - If all agents are owned by the same owner then there is no point to play the game
#62
sherlock-admin
closed
1 year ago
2
mstpr-brainbot - Strategic escape can block healers
#61
sherlock-admin2
closed
1 year ago
0
newt - Because of missing slippage parameter, mint() can be front-runned
#60
sherlock-admin
closed
1 year ago
1
JP_Courses - `ETH` sent to InfiltrationPeriphery.sol via unintended routes may remain trapped.
#59
sherlock-admin2
closed
1 year ago
1
mstpr-brainbot - Race condition on escaping
#58
sherlock-admin
closed
1 year ago
3
klaus - heal - attacker can request heal to stop other users from trading NFTs
#57
sherlock-admin2
closed
12 months ago
3
cawfree - The winning agent continues to be transferrable even after the grand prize has been claimed.
#56
sherlock-admin
closed
1 year ago
3
Bauer - The calculation in the secondaryPrizePoolShareBp() function suffers from precision loss
#55
sherlock-admin2
closed
1 year ago
1
Bauer - Lack of inspection for quantity
#54
sherlock-admin
closed
1 year ago
0
cawfree - Calls to `InfiltrationPeriphery.sol#heal` may be frontrun to achieve poor price execution for an unsuspecting caller.
#53
sherlock-admin2
closed
1 year ago
0
cergyk - Minting can be easily sybilled by calling from multiple addresses
#52
sherlock-admin
closed
1 year ago
0
cergyk - Healing can be used to DOS sales on secondary markets of wounded agents
#51
sherlock-admin2
closed
1 year ago
0
cergyk - Weak randomness in _woundRequestFulfilled can be slightly manipulated
#50
sherlock-admin
closed
1 year ago
0
pontifex - Users have no option to heal agents with probability 99 percents
#49
sherlock-admin2
closed
1 year ago
1
vampyre - [H-01]Re-requesting randomness from VRF is a security anti-pattern
#48
sherlock-admin
closed
1 year ago
0
cergyk - A participant with enough active agents can force win for his wounded agents
#47
sherlock-admin2
closed
1 year ago
0
sil3th - Lack Of Ownership Verification in 'transferFrom' Function
#46
sherlock-admin
closed
1 year ago
1
sandNallani - A game can be started with just one player, which should be an invalid game
#45
sherlock-admin2
closed
1 year ago
0
Previous
Next