sherlock-audit 2024-03-zap-protocol-judging issues

sherlock-audit / 2024-03-zap-protocol-judging

3 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

s1ce - `block.timestamp = params.privateStart` case is messed up

#197 sherlock-admin2 closed 7 months ago
0
s1ce - User can get large allocation without depositing much money

#196 sherlock-admin4 closed 7 months ago
0
0xblackskull - Missing access control in Admin::destroyInstance

#195 sherlock-admin3 closed 7 months ago
0
xiao - Some state variables are not set during initialize

#194 sherlock-admin2 closed 7 months ago
0
merlin - The user can receive too much refundTaxAmount than their deposit tax amount

#193 sherlock-admin4 closed 7 months ago
8
w42d3n - Empty Payable Fallback in TokenSale.sol

#192 sherlock-admin3 closed 7 months ago
0
Tri-pathi - `state.totalPrivateSold` and `state.totalSupplyInValue` don't have same units so comparison will result in unexpected behavior

#191 sherlock-admin2 closed 7 months ago
5
s1ce - `TokenSale` share is `uint120` while amount is `uint128`

#190 sherlock-admin4 closed 7 months ago
0
Varun_05 - UpdateVestingPoints should not be allowed because slightiest of error can cause some users to not claim their tokens

#189 sherlock-admin3 closed 7 months ago
2
w42d3n - Locked Ether in TokenSale.sol contract

#188 sherlock-admin2 closed 7 months ago
0
gkrastenovaudit - Everyone can destroy Incoming TokenSale

#187 sherlock-admin4 closed 7 months ago
0
0xhashiman - Reentrancy possible in Vesting.sol

#186 sherlock-admin3 closed 7 months ago
0
turvec - maxAllocation is given double decimal precision of 10 ** 18, leading to accounting issues

#185 sherlock-admin2 closed 7 months ago
0
s1ce - Reentrancy allows attacker to drain contract through repeated calls through `claim` in `Vesting.sol`

#184 sherlock-admin4 closed 7 months ago
0
s1ce - `updateUserDeposit` function in `Vesting.sol` doesnt work for ETH

#183 sherlock-admin3 closed 7 months ago
0
gkrastenovaudit - Wrongly hard-coded address

#182 sherlock-admin2 closed 7 months ago
0
no - Operator using wrong _instance in `Admin::addToBlackList` Whether intentional or unintentional can cause denial-of-service

#181 sherlock-admin4 closed 7 months ago
0
s1ce - `left > 0` check inside `claim` in `TokenSale.sol` leads to unexpected consequences

#180 sherlock-admin3 closed 7 months ago
7
merlin - TokenSale.deposit function is not working correctly

#179 sherlock-admin2 closed 7 months ago
0
turvec - Missing unwhitelist functionality

#178 sherlock-admin4 closed 7 months ago
0
Kirkeelee - deposit(uint256) function in TokenSale.sol will always revert.

#177 sherlock-admin3 closed 7 months ago
0
nilay27 - `TokenSale::Claim()`, Incorrect Handling of Token Decimals Leading to Funds Lock

#176 sherlock-admin2 closed 7 months ago
2
s1ce - Inconsistency with tax calculation and refunds

#175 sherlock-admin4 closed 7 months ago
2
s1ce - `admin.blockClaim` is used incorrectly

#174 sherlock-admin3 closed 7 months ago
0
s1ce - `destroyInstance` in `Admin.sol` lacks proper access control

#173 sherlock-admin2 closed 7 months ago
0
s1ce - `calculateMaxAllocation` computes max allocation incorrectly

#172 sherlock-admin4 closed 7 months ago
0
s1ce - Issue with checking levels in staking contracts allows users to stake at highest level/tier, receive allocation, then unstake

#171 sherlock-admin3 closed 7 months ago
1
dipp - Users are able to claim more tokens than they are entitled to by calling Vesting.claim multiple times.

#170 sherlock-admin2 closed 7 months ago
2
cheatcode - Potential Denial of Service Block Gas Limit will be Exceeded

#169 sherlock-admin4 closed 7 months ago
0
dipp - Reentrancy in `Vesting:claim` allows an attacker to steal tokens

#168 sherlock-admin3 closed 7 months ago
0
ZdravkoHr. - Users able to deposit over maxAllocation because of wrong implementation of `TokenSale.calculateMaxAllocation()`

#167 sherlock-admin2 closed 7 months ago
0
no - Reentrancy in `Vesting::claim()` allows draining Vesting pool

#166 sherlock-admin4 closed 7 months ago
0
BengalCatBalu - Unprotected Initialize Function

#165 sherlock-admin3 closed 7 months ago
0
0xhashiman - Using non upgradeable version of AccessControl.

#164 sherlock-admin2 closed 7 months ago
0
bareli - using PCT_BASE in '_processPrivate' for USDC instead of 10^6.

#163 sherlock-admin4 closed 7 months ago
0
audithare - Capped admin payout and unfair user claim and tax computation due to unsafe truncation of `TokenSale.totalPrivateSold`

#162 sherlock-admin3 closed 7 months ago
0
GatewayGuardians - TokenSale::calculateMaxAllocation Incorrect return statements

#161 sherlock-admin2 closed 7 months ago
0
bareli - Unhandled return value of transferFrom in createPoolNew

#160 sherlock-admin4 closed 7 months ago
0
Varun_05 - Users can get back their whole taxAmount whenever state.totalPrivateSold > (state.totalSupplyInValue)

#159 sherlock-admin3 closed 7 months ago
14
Silvermist - TokenSale.sol#calculateMaxAllocation() Incorrect return values

#158 sherlock-admin2 closed 7 months ago
17
turvec - Reentrancy in Vesting.sol:claim() will allow users to drain the contract due to executing .call() on user's address before setting s.index = uint128(i)

#157 sherlock-admin4 opened 7 months ago
28
GatewayGuardians - Admin::destroyInstance missing authorisation

#156 sherlock-admin3 closed 7 months ago
0
404666 - No access control on `createPoolNew`

#155 sherlock-admin2 closed 7 months ago
0
audithare - Blacklisted users allowed to claim USDC

#154 sherlock-admin4 closed 7 months ago
0
HonorLt - Incorrect claim index and update

#153 sherlock-admin3 closed 7 months ago
0
ZdravkoHr. - Max allocations can be bypassed with multiple addresses because of guaranteed allocations

#152 sherlock-admin2 opened 7 months ago
31
merlin - Anyone can destroy TokenSale instance before pool started

#151 sherlock-admin4 closed 7 months ago
0
no - Lack of access control for `Admin::destroyInstance()`

#150 sherlock-admin3 closed 7 months ago
0
DimaKush - Reentrancy vulnerability in claim() function allow malicious user to drain funds from Vesting contract

#149 sherlock-admin2 closed 7 months ago
0
HonorLt - Only 18 decimal tokens are supported

#148 sherlock-admin4 closed 7 months ago
0