sherlock-audit 2024-01-rio-vesting-escrow-judging issues

sherlock-audit / 2024-01-rio-vesting-escrow-judging

3 stars 2 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

aman - [M-1] Vesting Schedule has not check with current Time , which may result in setting the time for vesting in past.

#72 sherlock-admin closed 9 months ago
0
ArmedGoose - The whole escrow balance can be withdrawn prematurely if used with double entry point tokens

#71 sherlock-admin2 closed 9 months ago
1
0xGreyWolf - Missing `block.timestamp` validation check for parameter `vestingStart` in `VestingEscrowFactory::deployVestingContract()` will deploy an inutile contract.

#70 sherlock-admin closed 9 months ago
1
0x_Scar - Owner should not renounce itself

#69 sherlock-admin2 closed 9 months ago
2
0x_Scar - The VestingEscrow can be reinitialized over and over again

#68 sherlock-admin closed 9 months ago
2
bitsurfer - `vestingStart` can be set to far back date, less than block.timestamp, resulting locked, claimable, vested amount manipulation

#67 sherlock-admin2 closed 9 months ago
1
0x_Scar - Block Re-org attack in VestingEscrowFactory

#66 sherlock-admin closed 9 months ago
1
Shaheen - `revokeAll` is useless without delay mechanism on `claim()`, as the recipient can frontrun revokeAll TRX to withdraw unclaimed tokens

#65 sherlock-admin2 closed 9 months ago
1
itsabinashb - VestingEscrow::Unauthorised voting

#64 sherlock-admin closed 9 months ago
1
IllIllI - Calls to `revokeAll()` can be front-run

#63 sherlock-admin2 closed 9 months ago
2
IllIllI - Escrow recipients can steal the vesting tokens if they have multiple entrypoints

#62 sherlock-admin closed 9 months ago
3
IllIllI - Users can steal voting power from the initial delegatee

#61 sherlock-admin2 closed 9 months ago
2
IllIllI - Vaults can be bricked by `selfdestruct()`ing implementations, using forged immutable args

#60 sherlock-admin opened 9 months ago
9
fugazzi - VestingEscrow implementation can be destroyed bricking all deployed instances

#59 sherlock-admin2 closed 9 months ago
1
0xJayPi - revokeAll() can be frontrun resulting on recovering less tokens than expected

#58 sherlock-admin closed 9 months ago
1
Shaheen - Voting Escrow Recipient can increase his voting power or regain his voting power after claiming all the vested tokens

#57 sherlock-admin2 closed 9 months ago
14
nslavchev - Issue M-1: If the recipient or the owner gets blacklisted by an asset contract they won't be able to recover the ERC20s locked in a contract

#56 sherlock-admin closed 9 months ago
1
zzykxx - Calls to `revokeAll()` in `VestingEscrow.sol` can be frontrun

#55 sherlock-admin2 closed 9 months ago
1
Bbash - `recoverEther` function fails if the recipient is a smart contract with no fallback function in `VestingEscrow.sol`

#54 sherlock-admin closed 9 months ago
2
itsabinashb - VestingEscrow::user can claim token after vesting for minimum time

#53 sherlock-admin2 closed 9 months ago
2
ZanyBonzy - Risk of vampire attack on the protocol.

#52 sherlock-admin closed 9 months ago
1
itsabinashb - VestingEscrow::user can maliciously increase voting power of delegatee

#51 sherlock-admin2 closed 9 months ago
7
KeyKiril - No validation check might cause negative impact on the state of the contract in the `claim` function

#50 sherlock-admin closed 9 months ago
2
rvierdiiev - VestingEscrow.revokeAll function can be frontrunned

#49 sherlock-admin2 closed 9 months ago
2
rvierdiiev - Governor.castVoteWithReasonAndParams function is not available

#48 sherlock-admin closed 9 months ago
0
bhilare_ - Recipients can claim all tokens not in intended pattern, if startTime mistakenly is set to past.

#47 sherlock-admin2 closed 9 months ago
1
fibonacci - A recipient can withdraw all funds before the end of the vesting period in case of using a token with multiple addresses

#46 sherlock-admin closed 9 months ago
1
fibonacci - The functions `VestingEscrow::vote` and `VestingEscrow::voteWithReason` do not return results

#45 sherlock-admin2 closed 9 months ago
1
itsabinashb - VotingEscrow::duplicate proposal ID

#44 sherlock-admin closed 9 months ago
3
almurhasan - abi.encodePacked allows hash collision.

#43 sherlock-admin2 closed 9 months ago
1
almurhasan - Recipient can’t claim vested tokens due to precision loss.

#42 sherlock-admin closed 9 months ago
1
almurhasan - abi.encodePacked allows hash collision.

#41 sherlock-admin2 closed 9 months ago
2
0xhashiman - Bad Implementation of Vote Casting in OZVotingAdaptor

#40 sherlock-admin closed 9 months ago
2
0xhashiman - Unauthorized Token Claim in VestingEscrow.sol

#39 sherlock-admin2 closed 9 months ago
2
0xhashiman - Unchecked Return Value in Low-Level Calls

#38 sherlock-admin closed 9 months ago
1
0xhashiman - Missing Access Control on recoverEther() and recoverERC20()

#37 sherlock-admin2 closed 9 months ago
0
eta - Missing Validation in `VestingEscrowFactory::constructor`, Optimize Setter Function In `VestingEscrowFactory` contract and Use Ownable2Step in the `OZVotingAdaptor` contract

#36 sherlock-admin closed 9 months ago
0
thank_you - Revoking unvested tokens revokes unrealized cliff tokens

#35 sherlock-admin2 closed 9 months ago
2
eta - Access Control Misconfiguration in `VestingEscrow::revokeUnvested`

#34 sherlock-admin closed 9 months ago
1
itsabinashb - VotingEscrow::claim() is not working as expected

#33 sherlock-admin2 closed 9 months ago
1
matejdb - Arithmetic underflow occurs in function return statement

#32 sherlock-admin closed 9 months ago
1
Bbash - `recoverERC20` function will fail if the recipient address gets blacklisted in `VestingEscrow.sol`

#31 sherlock-admin2 closed 9 months ago
2
0xMAKEOUTHILL - User can get instant access to `vesting token` without actually waiting for the vesting period to conclude

#30 sherlock-admin closed 9 months ago
1
eeshenggoh - Malicious attacker able to front run revoke functions and transfer tokens before it happens

#29 sherlock-admin2 closed 9 months ago
1
zzykxx - Arbitrary `delegatecall` in the `VestingEscrow.sol` implementation

#28 sherlock-admin closed 9 months ago
1
Breeje - Recipient can `claim` all vested token instantly if token used is Proxied Token

#27 sherlock-admin2 closed 9 months ago
1
Irissme - Lack of Reentrancy Protection in the revokeAll Function

#26 sherlock-admin closed 9 months ago
2
Irissme - The VestingEscrow contract lacks proper validation.

#25 sherlock-admin2 closed 9 months ago
0
Irissme - Lack of Verification for Factory Address in VestingEscrow's initialize Function

#24 sherlock-admin closed 9 months ago
1
Krace - `VestingEscrow` cannot work properly with multiple addresses token

#23 sherlock-admin2 closed 9 months ago
2

Previous Next