issues
search
sherlock-audit
/
2024-01-telcoin-judging
6
stars
5
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
ravikiran.web3 - TelcoinDistributor::challengeTransaction() will block the transaction permanently
#155
sherlock-admin2
closed
6 months ago
1
zzykxx - `challengeTransaction()` should be callable when the protocol is paused
#154
sherlock-admin
closed
6 months ago
1
bigbick123456789000 - Unchecked Transfer in `topUp` Function
#153
sherlock-admin2
closed
6 months ago
1
ravikiran.web3 - SafeGuard::checkTransaction() function is not designed with gas efficiency, the implementation can result in DOS if nonces grow very large.
#152
sherlock-admin
closed
6 months ago
1
rvierdiiev - SafeGuard.checkTransaction may revert with out of gas
#151
sherlock-admin2
closed
6 months ago
1
zzykxx - `removeFromOffice()` can be frontrun by council member
#150
sherlock-admin
closed
6 months ago
2
bigbick123456789000 - Incorrect `TELCOIN` Distribution Calculation in `_retrieve` Function
#149
sherlock-admin2
closed
6 months ago
1
bigbick123456789000 - Risk of transaction revert in `batchTelcoin` function since the contract doesn't approve spending of Telcoin tokens
#148
sherlock-admin
closed
6 months ago
2
VAD37 - `StakingRewardsManager.sol` have `BUILDER_ROLE` operation remove staking contracts may interfere with `EXECUTOR_ROLE` operation. Causing wrong config and rewards setup
#147
sherlock-admin2
closed
6 months ago
2
VAD37 - `StakingRewardsManager.sol` function `topUp()` does not use array index or `indices` to setup config
#146
sherlock-admin
closed
6 months ago
1
0xadrii - Pausing the TelcoinDistributor can prevent the challenge period mechanism from functioning properly
#145
sherlock-admin2
closed
6 months ago
1
0xadrii - Denial of service in mint() after burning an NFT
#144
sherlock-admin
closed
6 months ago
1
0xadrii - The current burning logic is flawed
#143
sherlock-admin2
closed
6 months ago
1
0xadrii - Malicious individual council members can challenge ALL transactions without restriction, making them able to prevent ANY transaction from being executed
#142
sherlock-admin
closed
6 months ago
2
Sabit - A malicious user can withdraw tokens mistakenly sent to contract and also set reward duration because of wrong use of "onlyOwner" modifier
#141
sherlock-admin2
closed
6 months ago
1
0xadrii - Functions calling _retrieve() more than once will always revert
#140
sherlock-admin
closed
6 months ago
3
0xadrii - Wrong parameter when retrieving causes a complete DoS of the protocol
#139
sherlock-admin2
opened
6 months ago
6
Sabit - Anyone can call the createStakingRewards function because of wrong "onlyOwner" implementation
#138
sherlock-admin
closed
6 months ago
2
CL001 - TELCOIN can be drained if members claim() dust amount
#137
sherlock-admin2
closed
6 months ago
1
Sabit - Anyone can call vetoTransaction function as "onlyOwner" is not implemented correctly
#136
sherlock-admin
closed
6 months ago
1
ginlee - All Telcoin may get lost for the users using the account abstraction wallet
#135
sherlock-admin2
closed
6 months ago
2
Krace - Minting new tokens becomes permanently impossible unless the last NFT is burned
#134
sherlock-admin
closed
6 months ago
1
0xC - Potential overflow in `TelcoinDistributor` contract's `proposeTransaction` function
#133
sherlock-admin2
closed
6 months ago
2
ginlee - Two different transactions can result in the same transactionHash
#132
sherlock-admin
closed
6 months ago
3
Tricko - `CouncilMember._retrieve()` will revert due to improper use of the `_target` variable.
#131
sherlock-admin2
closed
6 months ago
1
Krace - The owner of the last NFT is ineligible to claim his TELCOIN if other NFTs have been burned
#130
sherlock-admin
closed
6 months ago
1
cryptonoob - A malicious user can use block stuffing to avoid challenging his proposed transactions
#129
sherlock-admin2
closed
6 months ago
1
eeshenggoh - Missing fallback() in Safe Guard incase of Safe upgrade causing the Safe to be locked
#128
sherlock-admin
closed
6 months ago
13
cryptonoob - TelcoinDistributor.sol setChallengePeriod allows to bypass constructor's restriction
#127
sherlock-admin2
closed
6 months ago
4
0xAnmol - __AccessControl_init` is not called on initialize
#126
sherlock-admin
closed
6 months ago
2
cryptonoob - Missing event for TelcoinDistributor.sol's executeTransaction
#125
sherlock-admin2
closed
6 months ago
2
0xC - Negative `challengePeriod` can be assigned in the constructor of `TelcoinDistributor` contract
#124
sherlock-admin
closed
6 months ago
2
Tricko - `whenNotPaused` modifier in `TelcoinDistributor.challengeTransaction()` facilitates the execution of malicious proposals.
#123
sherlock-admin2
closed
6 months ago
1
0xAnmol - The First CouncilNFT holder can drain all the tokens from sablier
#122
sherlock-admin
closed
6 months ago
2
araj - Use if-revert instead of require statement to save gas
#121
sherlock-admin2
closed
6 months ago
2
eeshenggoh - If one contract has sufficient reward other contracts cannot receive tokens
#120
sherlock-admin
closed
6 months ago
5
araj - Improper input validation in `telcoinDistributor::proposeTransaction`
#119
sherlock-admin2
closed
6 months ago
1
Tricko - Holder of `CouncilMember` NFT can DoS the `CouncilMember` contract.
#118
sherlock-admin
closed
6 months ago
1
eeshenggoh - Council Member may lose tokens if not meant to receive ERC721 tokens.
#117
sherlock-admin2
closed
6 months ago
1
araj - A council member loss all his funds when a token is burned
#116
sherlock-admin
closed
6 months ago
1
fibonacci - `StakingRewardsManager`: incorrect `StakingRewards` contracts top up
#115
sherlock-admin2
closed
6 months ago
1
eeshenggoh - Adding stake contract with different rewards tokens will cause tokens to be stuck
#114
sherlock-admin
closed
6 months ago
3
eeshenggoh - Telcoin uses RBAC method for access control and did not add roles to admin roles
#113
sherlock-admin2
closed
6 months ago
3
Tricko - Funds can be lost when changing stream parameters in `CouncilMember` contract.
#112
sherlock-admin
closed
6 months ago
7
eeshenggoh - Overinflated rewards updated due to flaw in calling SablierV2ProxyTarget
#111
sherlock-admin2
closed
6 months ago
1
fnanni - Guard is wrongly implemented and will freeze the Safe forever once the first transaction hash is vetoed
#110
sherlock-admin
closed
6 months ago
6
0xmystery - Balance array misalignment and DoS on the next mint after calling CouncilMember.burn()
#109
sherlock-admin2
closed
6 months ago
1
Tricko - `CouncilMember` does not implements `supportsInterface()` correctly.
#108
sherlock-admin
closed
6 months ago
4
Arz - Minting a new council member NFT will not work after burning one
#107
sherlock-admin2
closed
6 months ago
1
Arz - Burning the CouncilMember token will break the contract
#106
sherlock-admin
closed
6 months ago
1
Previous
Next