issues
search
sherlock-audit
/
2024-03-nouns-dao-2-judging
1
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
auditsbyradev - The uint96 Overflow Issue Preventing New Auction Initiations (Auction ID Limitation)
#52
sherlock-admin2
closed
5 months ago
1
hyh - Eligibility of cancelled proposals makes it possible for `proposalEligibilityQuorumBps` controlling actor to create multiple eligible proposals, stealing rewards from all others
#51
sherlock-admin4
opened
5 months ago
6
auditsbyradev - `NounsDAOProposals.sol` contract: Description and Transactions of proposals can be changed post-submission
#50
sherlock-admin3
closed
5 months ago
2
bareli - DOS can happen.
#49
sherlock-admin2
closed
5 months ago
1
jasonxiale - user who doesn't have vote power can votes
#48
sherlock-admin4
closed
5 months ago
1
auditsbyradev - Vulnerable versions of packages are being used (Cryptographic Vulnerabilities in Nouns DAO Protocol Due to Outdated node-forge Dependencies)
#47
sherlock-admin3
closed
5 months ago
2
hyh - Rewards can be stolen from other proposals and votes by extending auction revenue period with the help of bogus proposals
#46
sherlock-admin2
opened
5 months ago
6
bareli - Storage collision
#45
sherlock-admin4
closed
5 months ago
1
auditsbyradev - `NounsDAOLogicV4.sol` contract - Proposal with canceled signature can be executed
#44
sherlock-admin3
closed
5 months ago
1
bareli - Bid can go on to infinite as we can use createBid to add bid in Buffertime.
#43
sherlock-admin2
closed
5 months ago
1
hyh - Public gas refunds with low bar conditions for both proposal and auction reward allocations allow gas reward funds overspending
#42
sherlock-admin4
closed
5 months ago
2
auditsbyradev - NFT doesn't handle hard forks. Ensuring NFT Ownership Clarity Across Blockchain Hard Forks in Nouns DAO Protocol.
#41
sherlock-admin3
closed
5 months ago
1
bareli - Incorrect WETH Handling
#40
sherlock-admin2
closed
5 months ago
1
auditsbyradev - Due to premature `forkEscrow` updates, the user will lose their escrow nouns
#39
sherlock-admin4
closed
5 months ago
17
0rpse - Uneven distribution of rewards in updateRewardsForProposalWritingAndVoting
#38
sherlock-admin3
closed
5 months ago
1
auditsbyradev - `NounsDAOProposals.sol` - The `GRACE_PERIOD` adjustments can lead to reactivate and execute expired Pproposals
#37
sherlock-admin2
closed
5 months ago
18
auditsbyradev - `NounsAuctionHouseV2.sol` - If `reservedPrice` is changed through an active auction, the auction still can be settled. This will result in losses for the NFT owner or auction bidder
#36
sherlock-admin4
closed
5 months ago
4
gkelis - Not winning bid funds refund is not checked for success or failure, so that any previous bid `_auction.amount` can be lost.
#35
sherlock-admin3
closed
5 months ago
1
auditsbyradev - `NounsAuctionHouseV2.sol` - Auction parameters are not individually cached for each auction
#34
sherlock-admin2
closed
5 months ago
1
ether_sky - Users may not be able to claim tokens from escrow in the forked DAO.
#33
sherlock-admin4
closed
5 months ago
4
hyh - Rewards can be allocated for less than minimal reward period with the help of bogus proposal
#32
sherlock-admin3
opened
5 months ago
7
auditsbyradev - `NounsAuctionHouseV2.sol#_createAuction()` - Any revert caused by minting will not be captured
#31
sherlock-admin2
closed
5 months ago
1
ether_sky - There is no functionality to set quorumVotesBPS.
#30
sherlock-admin4
closed
5 months ago
1
ether_sky - Users may call the updateRewardsForProposalWritingAndVoting function with incorrect parameters for votingClientIds.
#29
sherlock-admin3
closed
5 months ago
3
ether_sky - The stateInternal function mistakenly identifies proposals as expired when the grace period concludes.
#28
sherlock-admin2
closed
5 months ago
1
MohammedRizwan - `Rewards.sol` has utilized vulnerable openzeppelin `4.1.0` UUPS implementation which has critical vulnerability
#27
sherlock-admin4
closed
5 months ago
26
ether_sky - An important proposal can expire during the forking period.
#26
sherlock-admin3
closed
5 months ago
1
gkelis - Winning bid funds transfer is not checked for success or failure, so that the `_auction.amount` can be lost.
#25
sherlock-admin2
closed
5 months ago
1
ether_sky - A proposer can use the same signature for multiple proposals.
#24
sherlock-admin4
closed
5 months ago
3
MohammedRizwan - `OwnableUpgradeable` is not initialized in `NounsAuctionHousePreV2Migrations.sol`
#23
sherlock-admin3
closed
5 months ago
2
Dliteofficial - Absence of penalties for erroneus clients as client could frontrun disapproval, takes out rewards before he could be prevented from doing so
#22
sherlock-admin2
closed
5 months ago
14
Dliteofficial - Proposal Submission, voting and auction rewards update could become really expensive in gas terms due to too many registered clients, approved or not
#21
sherlock-admin4
closed
5 months ago
12
Dliteofficial - Unapproved clients could start earning Proposal submission and/or voting rewards
#20
sherlock-admin3
closed
5 months ago
1
Dliteofficial - Unapproved clients could start earning client auction rewards
#19
sherlock-admin2
closed
5 months ago
1
thisvishalsingh - Potential `nextTokenId` Overflow in `registerClient` Function
#18
sherlock-admin4
closed
5 months ago
2
danlipert - Invalid client ID votes lower the rewards given to valid proposal voters
#17
sherlock-admin3
closed
5 months ago
2
hyh - Setting `nextProposalIdToReward` to the current proposal artificially lowers first proposal and voting rewards
#16
sherlock-admin2
closed
5 months ago
4
hyh - Reward recording can be manipulated to steal from other proposers and voters
#15
sherlock-admin4
closed
5 months ago
12
jasonxiale - `Rewards.getVotingClientIds` doesn't consistent with `Rewards.updateRewardsForProposalWritingAndVoting`
#14
sherlock-admin3
closed
5 months ago
27
jasonxiale - `Rewards.updateRewardsForProposalWritingAndVoting` might consume too much gas
#13
sherlock-admin2
closed
5 months ago
1
miaowu - The upper limit of clientID of `Reward::registerClient` is type(uint32).max. This value is not large enough and can be reached by attackers by creating a large number of accounts, so that the clientID created by others will be revert
#12
sherlock-admin4
closed
5 months ago
7
Myrault - DOS in Rewards::registerClient
#11
sherlock-admin3
closed
5 months ago
3
miaowu - The `newvotingdelay` of `NounsDAOAdmin::_setVotingDelay` cannot meet the needs mentioned in the comments
#10
sherlock-admin2
closed
5 months ago
1
Krace - The auction duration is significantly shorter than expected when the contract is paused
#9
sherlock-admin4
closed
5 months ago
2
DenTonylifer - Voter can be rewarded for 0 votes in proposals
#8
sherlock-admin3
closed
5 months ago
4
DenTonylifer - Some voters will not be rewarded
#7
sherlock-admin2
closed
5 months ago
2
DenTonylifer - "NounsDAOVotes.sol": gas griefing
#6
sherlock-admin4
closed
5 months ago
2
thank_you - Temporary DOS of payment delays for proposal rewards
#5
sherlock-admin3
closed
5 months ago
19
FassiSecurity - Gas Refunds can be lost
#4
sherlock-admin2
closed
5 months ago
1
DenTonylifer - Unable to set the minimum proposal threshold
#3
sherlock-admin4
closed
5 months ago
1
Next