sherlock-audit 2024-01-telcoin-judging issues

sherlock-audit / 2024-01-telcoin-judging

6 stars 5 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Aamirusmani1552 - `CouncilMember::burn()` does not update states correctly leading to the loss of tokens to the council members.

#55 sherlock-admin2 closed 9 months ago
1
bareli - lock funds indefinitely or make challenging impractical due to challengePeriod .

#54 sherlock-admin closed 9 months ago
1
DMoore - Incorrect staking index handling inside topUp function of StakingRewardsManager contract

#53 sherlock-admin2 closed 9 months ago
1
bareli - No validation on proposeTransaction

#52 sherlock-admin closed 9 months ago
1
Ignite - DoS in _retrieve() function if the withdrawal from the Sablier is zero

#51 sherlock-admin2 closed 9 months ago
1
bareli - creation or loss of tokens

#50 sherlock-admin closed 9 months ago
2
fibonacci - `CouncilMember`: minting a new token is not possible after burning

#49 sherlock-admin2 closed 9 months ago
13
iberry - Don't _grantRole many "XXX_ROLE" within the initialize function of the StakingRewardsManager

#48 sherlock-admin closed 9 months ago
2
fibonacci - The `CouncilMember` contract DoS due to the `_retrieve` function revert

#47 sherlock-admin2 opened 9 months ago
20
Ignite - The mint() function may fail if the totalSupply() is equal to the number of already minted NFT

#46 sherlock-admin closed 9 months ago
1
Ignite - Design Flaw in burn() Function May Impact Functions Using balances Array

#45 sherlock-admin2 closed 9 months ago
1
Irissme - Incomplete Access Control in initialize Function

#44 sherlock-admin closed 9 months ago
2
Irissme - Missing Range Check in removeStakingRewardsContract Function

#43 sherlock-admin2 closed 9 months ago
4
Irissme - Lack of Security Check in recoverERC20FromStaking Function

#42 sherlock-admin closed 9 months ago
2
Irissme - Lack of Transaction Guard in topUp Function

#41 sherlock-admin2 closed 9 months ago
2
Irissme - Missing Address Validation in setRewardsDistribution Function

#40 sherlock-admin closed 9 months ago
1
Irissme - Missing Import for Ownable2Step Library

#39 sherlock-admin2 closed 9 months ago
2
CaptainCrypto - Inadequate Validation in proposeTransaction Function

#38 sherlock-admin closed 9 months ago
1
CaptainCrypto - Potential Reentrancy Vulnerability in batchTelcoin Function

#37 sherlock-admin2 closed 9 months ago
6
mstpr-brainbot - If any NFT except the last index is burnt, minting new NFT's are impossible

#36 sherlock-admin closed 9 months ago
5
mstpr-brainbot - Transfer and burn skips revoking previous allowance

#35 sherlock-admin2 closed 9 months ago
7
sobieski - Approvals are not cleared upon CouncilMember NFT transfers, allowing malicious holder to steal undue TELCOIN tokens

#34 sherlock-admin closed 9 months ago
1
IvanFitro - CouncilMember.sol :: Burning an NFT makes it impossible for some users to claim rewards.

#33 sherlock-admin2 closed 9 months ago
1
mstpr-brainbot - When governance burns an NFT, the claimable balances of other NFT can be mixed

#32 sherlock-admin closed 9 months ago
8
sobieski - Minting new CouncilMemeber NFTs is no longer possible after burning any but last of the NFTs

#31 sherlock-admin2 closed 9 months ago
1
sobieski - Burning CouncilMember NFTs locks the last minter from their balance

#30 sherlock-admin closed 9 months ago
1
0x_Sanzcy - `batchTelcoin` will revert if the `totalWithdrawl` is not equal to the `amount ` being sent

#29 sherlock-admin2 closed 9 months ago
1
0x_Sanzcy - `removeFromOffice` doesn't check if `to` is already a council member

#28 sherlock-admin closed 9 months ago
2
djanerch - Denial of Service because of looping over unbounded array

#27 sherlock-admin2 closed 9 months ago
1
ubl4nk - CouncilMember::burn is not correctly implemented

#26 sherlock-admin closed 9 months ago
1
0x_Sanzcy - `removeFromOffice` uses `_transfer` instead of `_safeTransfer`

#25 sherlock-admin2 closed 9 months ago
2
p-tsanev - TelcoinDistributor.sol - Pausing the contract would disable challenging transactions

#24 sherlock-admin closed 8 months ago
17
alexbabits - Owner must manually fund CouncilMember contract if everyone attempts to claim

#23 sherlock-admin2 closed 9 months ago
1
ubl4nk - Risk of locked assets due to use of _mint instead of _safeMint

#22 sherlock-admin closed 9 months ago
2
ubl4nk - Use safeTransferFrom instead of transferFrom

#21 sherlock-admin2 closed 9 months ago
14
p-tsanev - TelcoinDistributor.sol#proposeTransaction() - block-stuffing could allow unfair execution of proposals

#20 sherlock-admin closed 9 months ago
1
eeshenggoh - StakingRewardsManager can be DoS if not owner of StakingRewards

#19 sherlock-admin2 closed 9 months ago
2
IvanFitro - StakingRewardsManager.sol :: topUp() The tokens to fund the staking contracts are sended to an incorrect contracts.

#18 sherlock-admin closed 9 months ago
1
krkba - Reentrancy attack in `claim` function

#17 sherlock-admin2 closed 9 months ago
2
Aamirusmani1552 - `StakingRewardsManager::topUp(...)` Misallocates Funds to `StakingRewards` Contracts

#16 sherlock-admin opened 9 months ago
6
krkba - Potential Denail of Service in `removeStakingRewardsContract` function

#15 sherlock-admin2 closed 9 months ago
0
Kow - Removing any token with id less than the highest `tokenId` will block the holder from claiming their allocated TELCOIN and prevent further minting

#14 sherlock-admin closed 9 months ago
1
krkba - No check if `StakingRewards` contract is created successfuly and not equal zero

#13 sherlock-admin2 closed 9 months ago
1
alexbabits - Array swap and pop method during burn() leads to complete loss of user rewards and breaks mint()

#12 sherlock-admin closed 9 months ago
1
s1l3nt - Malicious member of the Governance Council can trigger a reentrancy attack

#11 sherlock-admin2 closed 9 months ago
2
s1l3nt - SUPPORT_ROLE is never assigned, loss of funds

#10 sherlock-admin closed 9 months ago
2
s1l3nt - Reward token can be more valuable than the staking token

#9 sherlock-admin2 closed 9 months ago
3
novaman33 - Unhandled return value of transferFrom in `topUp()` in `StakingRewardsManager.sol` can lead to users being denied their rewards

#8 sherlock-admin closed 9 months ago
4
s1l3nt - The owner of the TelcoinDistributor contract can freeze transactions/funds

#7 sherlock-admin2 closed 9 months ago
1
IvanFitro - CouncilMember.sol :: Burning a NFT impossibilities minting new NFTs (DOS).

#6 sherlock-admin closed 9 months ago
6

Previous Next