sherlock-audit 2024-01-looksrare-judging issues

sherlock-audit / 2024-01-looksrare-judging

3 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

kgothatso - ` YoloV2 :: rolloverETH` User can get selected after they moved eth to another rounds and cause a Dos attack

#162 sherlock-admin2 closed 7 months ago
1
unforgiven - user can deposit into the future rounds and fix the wrong price for the ERC20 and ERC721 tokens

#161 sherlock-admin closed 7 months ago
0
Kaiziron - Unlike ERC20, where users can specify an amount to minimize the loss in rounding down during division, users participating with NFT suffer loss

#160 sherlock-admin2 closed 7 months ago
0
0xMAKEOUTHILL - User can get free entries to rounds

#159 sherlock-admin closed 7 months ago
0
kgothatso - `YoloV2 :: cancelAfterRandomnessRequest` the function can be called by anyone to cancel a found and cause a DOS attack

#158 sherlock-admin2 closed 7 months ago
0
PTolev - Due to the failure of just a single transfer, users will be unable to `withdrawDeposits` or `claimPrizes` for any of the funds.

#157 sherlock-admin closed 7 months ago
2
unforgiven - unnecessary rounding error when depositing ERC721 may cause loss for users and contract won't support low value ERC721 tokens

#156 sherlock-admin2 closed 7 months ago
0
unforgiven - there is no slippage protection when depositing ERC20 or ERC721 tokens

#155 sherlock-admin closed 7 months ago
0
mert_eren - with depositETHIntoMultipleRounds can deposit 0 eth to rounds and it can effect the winner of round

#154 sherlock-admin2 closed 7 months ago
0
bareli - wrong subtraction

#153 sherlock-admin closed 7 months ago
1
jasonxiale - `YoloV2.depositETHIntoMultipleRounds` lacks of checking if `amounts` containing **0 value** element

#152 sherlock-admin2 closed 7 months ago
0
unforgiven - unfair opportunities because price of assets is fixed for a round while the price changes during a round

#151 sherlock-admin closed 7 months ago
0
mert_eren - ERC-20 tokens can be used like ERC-721

#150 sherlock-admin2 closed 7 months ago
0
ge6a - User may loose their prize because of low minimumRequestConfirmations

#149 sherlock-admin closed 7 months ago
0
jasonxiale - `YoloV2.cancel(uint256 numberOfRounds)` should add a `startRoundId` parameter or expiration time

#148 sherlock-admin2 closed 7 months ago
1
franfran20 - VRF ` Min Request Confirmations` Fixed At 3 in contract which is < Depth Of Chain ReOrgs For Chain To Be Deployed On

#147 sherlock-admin closed 7 months ago
0
bareli - _unsafeSubtract can led to error

#146 sherlock-admin2 closed 7 months ago
1
PTolev - Anyone can `cancelAfterRandomnessRequest`

#145 sherlock-admin closed 7 months ago
0
unforgiven - attacker can DOS or manipulate rounds deposits count by depositing 0 ETH with depositETHIntoMultipleRounds()

#144 sherlock-admin2 closed 7 months ago
0
ast3ros - The protocol fee can be wrongly calculated.

#143 sherlock-admin closed 7 months ago
1
ast3ros - Inadequate minimum request confirmations

#142 sherlock-admin2 closed 7 months ago
0
ast3ros - Missing check for validity of timestamp

#141 sherlock-admin closed 7 months ago
8
ast3ros - Malious users can drain the prize from the winner

#140 sherlock-admin2 closed 7 months ago
0
franfran20 - VRF `Request Confirmations` Fixed At 3 in contract which is < Depth Of Chain ReOrgs For Chain To Be Deployed On

#139 sherlock-admin closed 7 months ago
0
KingNFT - Attackers can deposit nothing to win round

#138 sherlock-admin2 closed 7 months ago
0
pontifex - The number of deposits for future rounds may exceed `MAXIMUM_NUMBER_OF_DEPOSITS_PER_ROUND`

#137 sherlock-admin closed 7 months ago
0
unforgiven - attacker can DOS and LOCK users tokens because function depositETHIntoMultipleRounds() doesn't check MAXIMUM_NUMBER_OF_DEPOSITS_PER_ROUND

#136 sherlock-admin2 closed 7 months ago
0
pontifex - Users can deposit zero values

#135 sherlock-admin closed 7 months ago
0
franfran20 - `depositETHIntoMultipleRounds` can render admin functions `updateMaximumNumberOfParticipantsPerRound`, `updateValuePerEntry` and `updateProtocolFeeBp` useless

#134 sherlock-admin2 closed 7 months ago
2
dimulski - A malicious user can game the system to increase his chances of winning a round

#133 sherlock-admin closed 7 months ago
0
0xMAKEOUTHILL - A ready to be withdrawn round can be forcefully extended by a single user

#132 sherlock-admin2 closed 7 months ago
0
unforgiven - users can't specify round ID in depositETHIntoMultipleRounds and rollover function their deposits may put into different rounds and cause them loss

#131 sherlock-admin closed 7 months ago
6
dany.armstrong90 - Distribution of entries to users is wrong.

#130 sherlock-admin2 closed 7 months ago
0
dany.armstrong90 - An attacker can steal other users' entries and dominate a round.

#129 sherlock-admin closed 7 months ago
0
unforgiven - attacker can deposit ERC20 and ERC721 tokens with wrong type and receive huge amount of entries

#128 sherlock-admin2 closed 7 months ago
10
0rpse - depositETHIntoMultipleRounds lets users deposit 0 ether leading to losses by participation

#127 sherlock-admin closed 7 months ago
0
HSP - Reservoir collection bid-ask midpoint price can be set as floor price in a round

#126 sherlock-admin2 closed 7 months ago
0
Anubis - Potential Reentrancy in ERC-20 Transfers

#125 sherlock-admin closed 7 months ago
1
Anubis - Unpredictable Gas Usage in Loops

#124 sherlock-admin2 closed 7 months ago
1
0xMAKEOUTHILL - The whole protocol can become temporary DDOS'ed for the whole `roundDuration`

#123 sherlock-admin closed 7 months ago
0
mgf15 - UNISWAP_V3_FACTORY vault hardcoded swap router address

#122 sherlock-admin2 closed 7 months ago
0
KingNFT - The protocol might suffer badly negtive ROI due to lack of base fee

#121 sherlock-admin closed 7 months ago
0
Anubis - Unchecked External Call in deposit Function

#120 sherlock-admin2 closed 7 months ago
1
s1ce - Round can be opened even if the contract is paused

#119 sherlock-admin closed 7 months ago
0
s1ce - In `depositETHIntoMultipleRounds`, cutoff time is set even if nothing is deposited

#118 sherlock-admin2 closed 7 months ago
0
s1ce - Zero entries in `depositETHIntoMultipleRounds` allows for malicious exploiter to profit

#117 sherlock-admin closed 7 months ago
0
s1ce - _depositETH does not check against MAXIMUM_NUMBER_OF_DEPOSITS_PER_ROUND

#116 sherlock-admin2 closed 7 months ago
0
Anubis - Unchecked Return Value in **cancelAfterRandomnessRequest**

#115 sherlock-admin closed 7 months ago
1
Anubis - Improper Access Control in **cancel** Function

#114 sherlock-admin2 closed 7 months ago
1
Anubis - Missing Validation on User Deposits Leading to Potential Denial of Service

#113 sherlock-admin closed 7 months ago
1