issues
search
sherlock-audit
/
2024-04-titles-judging
6
stars
6
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
xiaoming90 - Incorrect assets will be charged during minting and creation of work.
#263
sherlock-admin4
closed
2 months ago
2
Kalogerone - Editions::mintBatch function will always revert
#262
sherlock-admin3
closed
2 months ago
5
xiaoming90 - Minting can be DOSed by any of the fee recipients
#261
sherlock-admin4
opened
3 months ago
5
ZanyBonzy - Functions requiring signatures will fail for EIP712 signers
#260
sherlock-admin3
closed
2 months ago
0
ZanyBonzy - Protocol doesn't validate that users send fees
#259
sherlock-admin4
closed
2 months ago
0
sammy - Updating the fee strategy using `setFeeStrategy()` does not update the royalty info, resulting in inconsistent royalty information
#258
sherlock-admin3
closed
2 months ago
0
sammy - The mint fees is sent to the old creator even after updating the creator with `transferWork()`
#257
sherlock-admin4
closed
2 months ago
1
nisedo - Cross-Chain Signature Replay Attack in `TitlesGraph.checkSignature()`
#256
sherlock-admin3
closed
2 months ago
1
nisedo - `Edition._refundExcess()` allows a malicious user to steal the entire Edition contract balance by only paying the minimum fee
#255
sherlock-admin4
closed
2 months ago
0
nisedo - `Edition.mintBatch()` uses `msg.value` in a for loop, allowing users to mint tokens for free
#254
sherlock-admin3
closed
2 months ago
5
bhilare_ - _refundExcess function won't refund users while minting a token for a given work.
#253
sherlock-admin4
closed
2 months ago
0
nisedo - Works with multiple attributions will result in royalty payments only for the first attribution
#252
sherlock-admin3
closed
2 months ago
0
threadmodeling - `TitlesCore._publish()` can be DOSd by consuming the user's allowance by frontrunning `FeeManager.collectCreationFee()`
#251
sherlock-admin4
closed
2 months ago
16
Lef - [M-02] Edition.sol:mint() #L228 user can mint and refer himself to avoid paying full fee
#250
sherlock-admin3
closed
2 months ago
0
techOptimizor - Intermediate value sent by the caller can be drained via reentrancy by a malicious creator , collectionReferrer or mint referrer
#249
sherlock-admin4
closed
2 months ago
1
zoyi - 0xSplits does not support zkSync
#248
sherlock-admin3
closed
2 months ago
0
Dots - User can mint the same work multiple times for the price of one
#247
sherlock-admin4
closed
2 months ago
6
zoyi - Contract will not work on Degen Network
#246
sherlock-admin3
closed
2 months ago
1
Dots - Edition.sol doesn't actually refunt excess ETH
#245
sherlock-admin4
closed
2 months ago
6
AgileJune - The user using Edition.sol::mintBatch(one token to multiple receivers) will avoid to pay expected mint Fee.
#244
sherlock-admin3
closed
2 months ago
5
caiosapy - EDITION_MANAGER_ROLE or EDITION_PUBLISHER_ROLE may spam an Edition with lots of unusable works.
#243
sherlock-admin4
closed
2 months ago
0
AgileJune - Edition.sol::mintBatch(multi-tokens to one receiver) will always revert because of wrong implementation to call FeeManager::collectMintFee
#242
sherlock-admin3
closed
2 months ago
5
cducrest-brainbot - Fee receivers can revert on receive to deny mints
#241
sherlock-admin4
closed
2 months ago
0
juan - Roles within any `Edition` contract can never be granted/revoked
#240
sherlock-admin3
closed
2 months ago
3
threadmodeling - Funds from users can be drained through frontrunning `FeeManager.collectMintFee` with arbitrary inputs
#239
sherlock-admin4
closed
2 months ago
1
_karanel - Deployment to several chains would fail due to incorrect Solidity version
#238
sherlock-admin3
closed
2 months ago
2
AgileJune - Edition.sol::mintBatch(multi-tokens to one receiver) will always revert with non-existed function calling of ERC-1155.
#237
sherlock-admin4
closed
2 months ago
0
eLSeR17 - [M-1] collectionReferrerShare is routed to the wrong address in FeeManager::_splitProtocolFee()
#236
sherlock-admin3
closed
2 months ago
0
threadmodeling - `mintBatch()` for 2+ iterations will use stored funds or will revert
#235
sherlock-admin4
closed
2 months ago
0
threadmodeling - `Edition._refundExcess`: misimplemented as funds aren't on `address(this)` but on `FEE_MANAGER`
#234
sherlock-admin3
closed
2 months ago
0
AgileJune - A new work publisher might lose the left ETH since of no refund functionality, which will be locked in FeeManger.
#233
sherlock-admin4
closed
2 months ago
0
threadmodeling - The full `msg.value` Ether amount is sent to the `feeManager` without refund even when fee amount is zero
#232
sherlock-admin3
closed
2 months ago
0
threadmodeling - `TitlesCore.createEdition()` will keep reverting until the admin's intervention due to an incomplete initialization
#231
sherlock-admin4
closed
2 months ago
0
fibonacci - TitlesGraph's acknowledge/unacknowledge edge functions DoS
#230
sherlock-admin3
closed
2 months ago
5
Enc3yptedDegen - Arbitrary transferFrom vulnerability
#229
sherlock-admin4
closed
2 months ago
0
fibonacci - TitlesGraph's acknowledge/unacknowledge edge functions are vulnerable to signature malleability
#228
sherlock-admin3
closed
2 months ago
6
Enc3yptedDegen - Faulty Division Operation that could lead to potential logical errors.
#227
sherlock-admin4
closed
2 months ago
1
Enc3yptedDegen - Faulty Division Operation that could lead to potential logical errors and the integrity of financial calculations within the contract.
#226
sherlock-admin3
closed
2 months ago
1
1337 - The EDITION_MINTER_ROLE can never be granted, making the promoMint function only callable by the owner or the EDITION_MANAGER_ROLE.
#225
sherlock-admin4
closed
2 months ago
1
Squilliam - [M-3] Unused return value from `GRAPH.createEdge` in `Edition.publish` (Incorrect Error Handling + Potential Inconsistency)
#224
sherlock-admin3
closed
2 months ago
0
0x73696d616f - `Edition::mintBatch(address[] calldata receivers_, ...)` calculates incorrect fees for minters
#223
sherlock-admin4
closed
2 months ago
0
0x73696d616f - Inconsistent `protocolShare` calculation in `FeeManager::_collectMintFee()` that will likely incentivize creators to pick lower mint fees
#222
sherlock-admin3
closed
2 months ago
15
0x486776 - Creating an edition not through `TitlesCore` can avoid paying the creation fee.
#221
sherlock-admin4
closed
2 months ago
0
0x73696d616f - `Edition` referrer never receives any fee, which goes to the `mint` referrer instead
#220
sherlock-admin3
closed
2 months ago
0
Squilliam - [M-2] Locked Ether Vulnerability in `TitlesGraph` Contract (Payable Functions without Withdrawal + Funds Permanently Locked)
#219
sherlock-admin4
closed
2 months ago
0
cryptic - Attacker can front-run `acknowledgeEdge` and `unacknowledgeEdge`, causing DoS
#218
sherlock-admin3
closed
2 months ago
0
brakeless - Collection referrers do not receive their allocation of the protocolShare
#217
sherlock-admin4
closed
2 months ago
6
cryptic - Minting batch tokens erroneously burns ETH from caller
#216
sherlock-admin3
closed
2 months ago
0
Yu3H0 - grantRoles and revokeRoles function in Edition contract doesn't work
#215
sherlock-admin4
closed
2 months ago
1
Yu3H0 - The mintBatch function spends only one share of the money to get multiple mint
#214
sherlock-admin3
closed
2 months ago
5
Previous
Next