sherlock-audit 2024-02-radicalxchange-judging issues

sherlock-audit / 2024-02-radicalxchange-judging

3 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

neocrao - The winning bidder can close all bids and still win the token without paying anything. Furthermore, a very high bid will cause monetary loss to other bidders as they will need to cover the bidding fee.

#76 sherlock-admin3 closed 8 months ago
0
Aamirusmani1552 - Other bidders cannot place bid for `0` amount if the starting bid is `0`.

#75 sherlock-admin4 closed 8 months ago
1
0xboriskataa - Highest bidder can cancel bid and win auction for free

#74 sherlock-admin2 closed 8 months ago
0
tedox - Bidders can win auction without paying

#73 sherlock-admin3 closed 8 months ago
0
aycozynfada - initializeAuction() can be frontrun due to lack of access control

#72 sherlock-admin4 closed 8 months ago
0
zzykxx - Auction rounds cannot be closed if the fee distribution call reverts

#71 sherlock-admin2 closed 8 months ago
13
cocacola - Auction without repossessor can result in _closeAuction() revert

#70 sherlock-admin3 closed 8 months ago
0
AgileJune - Malicious user can win auction and become owner of tokenId without any collateral to pay original old owner.

#69 sherlock-admin4 closed 8 months ago
0
sandy - Highest bidder can cancel his bids and withdraw all the collateral using ``_cancelAllBids()`` function.

#68 sherlock-admin2 closed 8 months ago
0
pynschon - The highest bidder can get auctioned the NFT for free by canceling their bid and closing the auction.

#67 sherlock-admin3 closed 8 months ago
0
Tricko - Function `_cancelAllBids()` does not check if the bid being cancelled is the highest bid

#66 sherlock-admin4 closed 8 months ago
0
bareli - wrong value of 'auctionStartTime '

#65 sherlock-admin3 closed 8 months ago
0
FassiSecurity - User can cause art piece to always go to the repossessor

#64 sherlock-admin2 closed 8 months ago
0
bareli - cannot Initialize with owners once Initialize auction parameters

#63 sherlock-admin4 closed 8 months ago
0
FassiSecurity - Bidder can always win an auction for an amount less than his winning bid

#62 sherlock-admin3 closed 8 months ago
0
zzykxx - Repossessor will receive `bidAmount` of closing round

#61 sherlock-admin2 closed 8 months ago
0
0rpse - _cancelAllBids does not check if bid is the highest

#60 sherlock-admin3 closed 8 months ago
0
cu5t0mPe0 - User cannot bid with startingBid

#59 sherlock-admin2 closed 8 months ago
0
zzykxx - The license period needs to be waited to start a new round even if the previous round had no bidders

#58 sherlock-admin2 closed 8 months ago
0
zzykxx - Changing parameters while a round is ongoing can lead to unexpected behaviour

#57 sherlock-admin4 closed 8 months ago
0
theFirstElder - InitializeAuction function susceptible to front running as it lacks access Control

#56 sherlock-admin3 closed 8 months ago
1
offside0011 - _cancelAllBids does not check if the bidder is the highest bidder

#55 sherlock-admin3 closed 8 months ago
0
lamsy - initializeAuction Function can be front run

#54 sherlock-admin2 closed 8 months ago
1
cu5t0mPe0 - Users may not be able to claim their own amounts

#53 sherlock-admin2 closed 8 months ago
0
cu5t0mPe0 - Users may not be able to claim their own amounts

#52 sherlock-admin4 closed 8 months ago
0
ydlee - Token owner's collateral will not be refunded if no one bids in the next auction round.

#51 sherlock-admin2 closed 8 months ago
1
thank_you - Auction can't immediately restart when no bids were made for an auction

#50 sherlock-admin3 closed 8 months ago
0
0xbrivan - If the admin extends the auction length when it is in the extension-window period, the auction will not be extended because of a wrong logic in `_auctionEndTime`

#49 sherlock-admin2 closed 8 months ago
27
0xbrivan - The highest bidder can cancel his bid, leading to funds loss of other bidders when closing the auction

#48 sherlock-admin2 closed 8 months ago
0
gesha17 - Token can be transferred during an auction, which would make the closeAuction() function revert and lock the highest bidders collateral.

#47 sherlock-admin4 closed 8 months ago
0
cocacola - Bider can cancel the highest bid with cancelAllBids()

#46 sherlock-admin4 closed 8 months ago
0
mrBmbastic - missing checks in `_cancelAllBids()` let the highest bidder withdraw all his collateral

#45 sherlock-admin3 closed 8 months ago
0
ke1caM - User can cancel his bid and buy NFT only for feeAmount

#44 sherlock-admin2 closed 8 months ago
0
bareli - Denial of Service due to repeatedly placing new bids in "_placeBid".

#43 sherlock-admin2 closed 8 months ago
0
thank_you - Fee setter can brick placing bids with 0 fee denominator

#42 sherlock-admin3 closed 8 months ago
2
kuprum - `_cancelAllBids` allows to cancel the highest bid; can be exploited to steal all contract funds

#41 sherlock-admin3 closed 8 months ago
0
thank_you - Bidders can cancel their own bid when they are the highest bidder

#40 sherlock-admin2 closed 8 months ago
0
thank_you - Auction can't be extended when block.timestamp is at auction's end

#39 sherlock-admin4 closed 8 months ago
0
0xShitgem - Not implemented restriction inside `EnglishPeriodAuctionInternal::_cancelAllBids` leads to possibility of stealing funds by attacker

#38 sherlock-admin4 closed 8 months ago
0
Aamirusmani1552 - The highest bidder can cancel all of his bids and claim the Steward License for free

#37 sherlock-admin2 closed 8 months ago
0
FastTiger - An attacker can steal the "collection" for free by the incorrect handling of the `EnglishPeriodicAuctionInternal.sol#_cancelAllBids()` method.

#36 sherlock-admin4 closed 8 months ago
0
devAnas - Malicious Users Can Prolong Auction Duration, Preventing closeAuction Function from Executing

#35 sherlock-admin3 closed 8 months ago
1
fugazzi - Current owners have an unfair bidding leverage over other bidders

#34 sherlock-admin2 closed 8 months ago
0
zzykxx - Currently auctioned NFTs can be transferred to a different address in a specific edge case

#33 sherlock-admin4 opened 8 months ago
15
DMoore - Lack of checking highest bidder in _cancelAllBids lead to collateral-free highest bid

#32 sherlock-admin3 closed 8 months ago
0
sammy - Auction fails if the 'Honorarium Rate' is 0%

#31 sherlock-admin2 opened 8 months ago
29
SovaSlava - User could DOS auction

#30 sherlock-admin2 closed 8 months ago
0
fugazzi - Users can cancel the highest bid for the current round

#29 sherlock-admin4 closed 8 months ago
0
14si2o_Flint - Auction winnings are stuck in the contract when oldBidder == address(0) while the license has not yet been minted

#28 sherlock-admin3 closed 8 months ago
27
jasonxiale - malicious user can steal his collateral back after he wins the auction

#27 sherlock-admin2 closed 8 months ago
0

Previous Next