issues
search
sherlock-audit
/
2024-04-titles-judging
1
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
`collectMintFee()` allows attackers to drain users' ERC20 tokens
#463
sherlock-admin4
closed
1 month ago
0
Inefficient Payment Structure in _splitProtocolFee Function
#462
sherlock-admin3
closed
1 month ago
0
Unnecessary Check in collectCreationFee Function
#461
sherlock-admin4
closed
1 month ago
0
User can drain the native coin
#460
sherlock-admin3
closed
1 month ago
0
Lack of Immutability for feeManager and graph Variables in TitlesCore Contract
#459
sherlock-admin4
closed
1 month ago
0
Protcol fees not properly constrained
#458
sherlock-admin3
closed
1 month ago
0
MAX_BPS of FeeManager may not match Solady's ERC2981 _feeDenominator() dimension
#457
sherlock-admin4
closed
1 month ago
0
[I-1] - Magic Numbers in FeeManager.sol
#456
sherlock-admin3
closed
1 month ago
0
alexzoid - Front-Running Vulnerability in `revokeRoles` Function
#455
sherlock-admin4
closed
1 month ago
0
CodeWasp - TitlesGraph does not check chainId
#454
sherlock-admin3
closed
1 month ago
5
i3arba - `Edition.sol::mint` and `TitlesCore.sol::createEdition` allows user to input and Creators to input his own address as referer cuting the protocol income.
#453
sherlock-admin4
closed
1 month ago
0
CodeWasp - TitlesGraph does not save acknowledgement
#452
sherlock-admin3
closed
1 month ago
0
me_na0mi - TitlesGraph is not upgradeable
#451
sherlock-admin4
closed
1 month ago
0
smbv-1923 - Attacker would frontrun user's transaction and steal user's excessive ETH
#450
sherlock-admin3
closed
1 month ago
0
w42d3n - Potential Overflows in Fee Calculation
#449
sherlock-admin4
closed
1 month ago
0
aycozzy - _refundExcess can fail allowing next minter to refund others users remaining tokens
#448
sherlock-admin3
closed
1 month ago
0
azanux - The two mintBatch functions of the Editions contract are not working
#447
sherlock-admin4
closed
1 month ago
5
Topmark - Strategy Royalty Bps would Go Below the Minimum Allowed
#446
sherlock-admin3
closed
1 month ago
0
alexzoid - Incompatibility of Upgradeability Pattern in TitlesGraph Contract
#445
sherlock-admin4
opened
2 months ago
11
0xlucky - msg.value used in for loop in mintBatch() will throw error
#444
sherlock-admin3
closed
1 month ago
5
CodeWasp - `FeeManager._buildSharesAndTargets` loss of precision
#443
sherlock-admin4
closed
1 month ago
0
i3arba - `Edition.sol::mintBatch` allows anyone to mint any amout of NFTs paying the fee only one time.
#442
sherlock-admin3
closed
1 month ago
0
PratRed - No Protection of Uninitialized Implementation Contracts From Attacker
#441
sherlock-admin4
closed
1 month ago
0
me_na0mi - Protocol won't work on zkSync
#440
sherlock-admin3
closed
1 month ago
0
w42d3n - Unprotected Token Metadata Update
#439
sherlock-admin4
closed
1 month ago
0
0x73696d616f - `Edition::transferWork()` does not change the fee receiver to the new `creator`
#438
sherlock-admin3
closed
1 month ago
1
alexzoid - Inflexibility in `ADMIN_ROLE` Address Configuration in FeeManager Contract
#437
sherlock-admin4
closed
1 month ago
5
den_sosnovskyi - `Edition::mintWithComment` should emit author of the work, not receiver of the token
#436
sherlock-admin3
closed
1 month ago
1
recursiveEth - Title: Incorrect Emitter Address in Comment Event Emission
#435
sherlock-admin4
closed
1 month ago
1
CodeWasp - `FeeManager._buildSharesAndTargets` attributions truncation leads to loss of fee payments
#434
sherlock-admin3
closed
1 month ago
0
BengalCatBalu - Incorrect realization of `Edition.sol::mintBatch`
#433
sherlock-admin4
closed
1 month ago
0
ZdravkoHr. - `FeeManager.collectMintFee` may be used to steal tokens
#432
sherlock-admin3
closed
1 month ago
5
ComposableSecurity - The user can avoid paying fees for minting tokens
#431
sherlock-admin4
closed
1 month ago
0
ComposableSecurity - Invalid collection referrer leading to his loss
#430
sherlock-admin3
closed
1 month ago
5
ComposableSecurity - Lack of protection from signature malleability
#429
sherlock-admin4
closed
1 month ago
5
w42d3n - Reentrancy Vulnerabilities in TitlesCore.sol
#428
sherlock-admin3
closed
1 month ago
0
alexzoid - Incorrect Fee Handling in Batch Minting
#427
sherlock-admin4
closed
1 month ago
5
ComposableSecurity - Unvalidated `mintFee` that leads to stealing from `FeeManager`
#426
sherlock-admin3
closed
1 month ago
9
ComposableSecurity - Unprotected `collectMintFee` function that leads to stealing funds from `FeeManager`
#425
sherlock-admin4
closed
1 month ago
13
avoloder - The user can add themselves as a referrer and receive fees, even though they are not a genuine referrer
#424
sherlock-admin3
closed
1 month ago
0
nisedo - Improper Role Validation in `TitlesCore.publish()`
#423
sherlock-admin4
closed
1 month ago
0
ComposableSecurity - Updated strategy is not reflected in royalty
#422
sherlock-admin3
closed
1 month ago
0
den_sosnovskyi - `Edition::mint` function can mint any amount of tokens by anyone
#421
sherlock-admin4
closed
1 month ago
0
recursiveEth - Title: Failure to Update Edge Acknowledgment Status in Storage
#420
sherlock-admin3
closed
1 month ago
0
ComposableSecurity - The `_refundExcess` function does not work as whole `msg.value` is forwarder to `FeeManager`
#419
sherlock-admin4
closed
1 month ago
5
ComposableSecurity - The `mintBatch` function with multiple tokenIds always reverts
#418
sherlock-admin3
closed
1 month ago
5
ComposableSecurity - Message digest does not include the type of operation
#417
sherlock-admin4
closed
1 month ago
6
ComposableSecurity - Malicious collection referrer can brick edition
#416
sherlock-admin3
closed
1 month ago
13
maushish - Lack of proper cross-chain EIP-712 parameters could lead to wrong edges getting acknowledged.
#415
sherlock-admin4
closed
1 month ago
1
alexzoid - Broken Refund Mechanism in Edition Contract
#414
sherlock-admin3
closed
1 month ago
5
Next