issues
search
sherlock-audit
/
2024-01-rio-vesting-escrow-judging
3
stars
2
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
aman - [M-1] Vesting Schedule has not check with current Time , which may result in setting the time for vesting in past.
#72
sherlock-admin
closed
9 months ago
0
ArmedGoose - The whole escrow balance can be withdrawn prematurely if used with double entry point tokens
#71
sherlock-admin2
closed
9 months ago
1
0xGreyWolf - Missing `block.timestamp` validation check for parameter `vestingStart` in `VestingEscrowFactory::deployVestingContract()` will deploy an inutile contract.
#70
sherlock-admin
closed
9 months ago
1
0x_Scar - Owner should not renounce itself
#69
sherlock-admin2
closed
9 months ago
2
0x_Scar - The VestingEscrow can be reinitialized over and over again
#68
sherlock-admin
closed
9 months ago
2
bitsurfer - `vestingStart` can be set to far back date, less than block.timestamp, resulting locked, claimable, vested amount manipulation
#67
sherlock-admin2
closed
9 months ago
1
0x_Scar - Block Re-org attack in VestingEscrowFactory
#66
sherlock-admin
closed
9 months ago
1
Shaheen - `revokeAll` is useless without delay mechanism on `claim()`, as the recipient can frontrun revokeAll TRX to withdraw unclaimed tokens
#65
sherlock-admin2
closed
9 months ago
1
itsabinashb - VestingEscrow::Unauthorised voting
#64
sherlock-admin
closed
9 months ago
1
IllIllI - Calls to `revokeAll()` can be front-run
#63
sherlock-admin2
closed
9 months ago
2
IllIllI - Escrow recipients can steal the vesting tokens if they have multiple entrypoints
#62
sherlock-admin
closed
9 months ago
3
IllIllI - Users can steal voting power from the initial delegatee
#61
sherlock-admin2
closed
9 months ago
2
IllIllI - Vaults can be bricked by `selfdestruct()`ing implementations, using forged immutable args
#60
sherlock-admin
opened
9 months ago
9
fugazzi - VestingEscrow implementation can be destroyed bricking all deployed instances
#59
sherlock-admin2
closed
9 months ago
1
0xJayPi - revokeAll() can be frontrun resulting on recovering less tokens than expected
#58
sherlock-admin
closed
9 months ago
1
Shaheen - Voting Escrow Recipient can increase his voting power or regain his voting power after claiming all the vested tokens
#57
sherlock-admin2
closed
9 months ago
14
nslavchev - Issue M-1: If the recipient or the owner gets blacklisted by an asset contract they won't be able to recover the ERC20s locked in a contract
#56
sherlock-admin
closed
9 months ago
1
zzykxx - Calls to `revokeAll()` in `VestingEscrow.sol` can be frontrun
#55
sherlock-admin2
closed
9 months ago
1
Bbash - `recoverEther` function fails if the recipient is a smart contract with no fallback function in `VestingEscrow.sol`
#54
sherlock-admin
closed
9 months ago
2
itsabinashb - VestingEscrow::user can claim token after vesting for minimum time
#53
sherlock-admin2
closed
9 months ago
2
ZanyBonzy - Risk of vampire attack on the protocol.
#52
sherlock-admin
closed
9 months ago
1
itsabinashb - VestingEscrow::user can maliciously increase voting power of delegatee
#51
sherlock-admin2
closed
9 months ago
7
KeyKiril - No validation check might cause negative impact on the state of the contract in the `claim` function
#50
sherlock-admin
closed
9 months ago
2
rvierdiiev - VestingEscrow.revokeAll function can be frontrunned
#49
sherlock-admin2
closed
9 months ago
2
rvierdiiev - Governor.castVoteWithReasonAndParams function is not available
#48
sherlock-admin
closed
9 months ago
0
bhilare_ - Recipients can claim all tokens not in intended pattern, if startTime mistakenly is set to past.
#47
sherlock-admin2
closed
9 months ago
1
fibonacci - A recipient can withdraw all funds before the end of the vesting period in case of using a token with multiple addresses
#46
sherlock-admin
closed
9 months ago
1
fibonacci - The functions `VestingEscrow::vote` and `VestingEscrow::voteWithReason` do not return results
#45
sherlock-admin2
closed
9 months ago
1
itsabinashb - VotingEscrow::duplicate proposal ID
#44
sherlock-admin
closed
9 months ago
3
almurhasan - abi.encodePacked allows hash collision.
#43
sherlock-admin2
closed
9 months ago
1
almurhasan - Recipient can’t claim vested tokens due to precision loss.
#42
sherlock-admin
closed
9 months ago
1
almurhasan - abi.encodePacked allows hash collision.
#41
sherlock-admin2
closed
9 months ago
2
0xhashiman - Bad Implementation of Vote Casting in OZVotingAdaptor
#40
sherlock-admin
closed
9 months ago
2
0xhashiman - Unauthorized Token Claim in VestingEscrow.sol
#39
sherlock-admin2
closed
9 months ago
2
0xhashiman - Unchecked Return Value in Low-Level Calls
#38
sherlock-admin
closed
9 months ago
1
0xhashiman - Missing Access Control on recoverEther() and recoverERC20()
#37
sherlock-admin2
closed
9 months ago
0
eta - Missing Validation in `VestingEscrowFactory::constructor`, Optimize Setter Function In `VestingEscrowFactory` contract and Use Ownable2Step in the `OZVotingAdaptor` contract
#36
sherlock-admin
closed
9 months ago
0
thank_you - Revoking unvested tokens revokes unrealized cliff tokens
#35
sherlock-admin2
closed
9 months ago
2
eta - Access Control Misconfiguration in `VestingEscrow::revokeUnvested`
#34
sherlock-admin
closed
9 months ago
1
itsabinashb - VotingEscrow::claim() is not working as expected
#33
sherlock-admin2
closed
9 months ago
1
matejdb - Arithmetic underflow occurs in function return statement
#32
sherlock-admin
closed
9 months ago
1
Bbash - `recoverERC20` function will fail if the recipient address gets blacklisted in `VestingEscrow.sol`
#31
sherlock-admin2
closed
9 months ago
2
0xMAKEOUTHILL - User can get instant access to `vesting token` without actually waiting for the vesting period to conclude
#30
sherlock-admin
closed
9 months ago
1
eeshenggoh - Malicious attacker able to front run revoke functions and transfer tokens before it happens
#29
sherlock-admin2
closed
9 months ago
1
zzykxx - Arbitrary `delegatecall` in the `VestingEscrow.sol` implementation
#28
sherlock-admin
closed
9 months ago
1
Breeje - Recipient can `claim` all vested token instantly if token used is Proxied Token
#27
sherlock-admin2
closed
9 months ago
1
Irissme - Lack of Reentrancy Protection in the revokeAll Function
#26
sherlock-admin
closed
9 months ago
2
Irissme - The VestingEscrow contract lacks proper validation.
#25
sherlock-admin2
closed
9 months ago
0
Irissme - Lack of Verification for Factory Address in VestingEscrow's initialize Function
#24
sherlock-admin
closed
9 months ago
1
Krace - `VestingEscrow` cannot work properly with multiple addresses token
#23
sherlock-admin2
closed
9 months ago
2
Previous
Next