sherlock-audit 2024-04-titles-judging issues

sherlock-audit / 2024-04-titles-judging

6 stars 6 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

xiaoming90 - Incorrect assets will be charged during minting and creation of work.

#263 sherlock-admin4 closed 2 months ago
2
Kalogerone - Editions::mintBatch function will always revert

#262 sherlock-admin3 closed 2 months ago
5
xiaoming90 - Minting can be DOSed by any of the fee recipients

#261 sherlock-admin4 opened 3 months ago
5
ZanyBonzy - Functions requiring signatures will fail for EIP712 signers

#260 sherlock-admin3 closed 2 months ago
0
ZanyBonzy - Protocol doesn't validate that users send fees

#259 sherlock-admin4 closed 2 months ago
0
sammy - Updating the fee strategy using `setFeeStrategy()` does not update the royalty info, resulting in inconsistent royalty information

#258 sherlock-admin3 closed 2 months ago
0
sammy - The mint fees is sent to the old creator even after updating the creator with `transferWork()`

#257 sherlock-admin4 closed 2 months ago
1
nisedo - Cross-Chain Signature Replay Attack in `TitlesGraph.checkSignature()`

#256 sherlock-admin3 closed 2 months ago
1
nisedo - `Edition._refundExcess()` allows a malicious user to steal the entire Edition contract balance by only paying the minimum fee

#255 sherlock-admin4 closed 2 months ago
0
nisedo - `Edition.mintBatch()` uses `msg.value` in a for loop, allowing users to mint tokens for free

#254 sherlock-admin3 closed 2 months ago
5
bhilare_ - _refundExcess function won't refund users while minting a token for a given work.

#253 sherlock-admin4 closed 2 months ago
0
nisedo - Works with multiple attributions will result in royalty payments only for the first attribution

#252 sherlock-admin3 closed 2 months ago
0
threadmodeling - `TitlesCore._publish()` can be DOSd by consuming the user's allowance by frontrunning `FeeManager.collectCreationFee()`

#251 sherlock-admin4 closed 2 months ago
16
Lef - [M-02] Edition.sol:mint() #L228 user can mint and refer himself to avoid paying full fee

#250 sherlock-admin3 closed 2 months ago
0
techOptimizor - Intermediate value sent by the caller can be drained via reentrancy by a malicious creator , collectionReferrer or mint referrer

#249 sherlock-admin4 closed 2 months ago
1
zoyi - 0xSplits does not support zkSync

#248 sherlock-admin3 closed 2 months ago
0
Dots - User can mint the same work multiple times for the price of one

#247 sherlock-admin4 closed 2 months ago
6
zoyi - Contract will not work on Degen Network

#246 sherlock-admin3 closed 2 months ago
1
Dots - Edition.sol doesn't actually refunt excess ETH

#245 sherlock-admin4 closed 2 months ago
6
AgileJune - The user using Edition.sol::mintBatch(one token to multiple receivers) will avoid to pay expected mint Fee.

#244 sherlock-admin3 closed 2 months ago
5
caiosapy - EDITION_MANAGER_ROLE or EDITION_PUBLISHER_ROLE may spam an Edition with lots of unusable works.

#243 sherlock-admin4 closed 2 months ago
0
AgileJune - Edition.sol::mintBatch(multi-tokens to one receiver) will always revert because of wrong implementation to call FeeManager::collectMintFee

#242 sherlock-admin3 closed 2 months ago
5
cducrest-brainbot - Fee receivers can revert on receive to deny mints

#241 sherlock-admin4 closed 2 months ago
0
juan - Roles within any `Edition` contract can never be granted/revoked

#240 sherlock-admin3 closed 2 months ago
3
threadmodeling - Funds from users can be drained through frontrunning `FeeManager.collectMintFee` with arbitrary inputs

#239 sherlock-admin4 closed 2 months ago
1
_karanel - Deployment to several chains would fail due to incorrect Solidity version

#238 sherlock-admin3 closed 2 months ago
2
AgileJune - Edition.sol::mintBatch(multi-tokens to one receiver) will always revert with non-existed function calling of ERC-1155.

#237 sherlock-admin4 closed 2 months ago
0
eLSeR17 - [M-1] collectionReferrerShare is routed to the wrong address in FeeManager::_splitProtocolFee()

#236 sherlock-admin3 closed 2 months ago
0
threadmodeling - `mintBatch()` for 2+ iterations will use stored funds or will revert

#235 sherlock-admin4 closed 2 months ago
0
threadmodeling - `Edition._refundExcess`: misimplemented as funds aren't on `address(this)` but on `FEE_MANAGER`

#234 sherlock-admin3 closed 2 months ago
0
AgileJune - A new work publisher might lose the left ETH since of no refund functionality, which will be locked in FeeManger.

#233 sherlock-admin4 closed 2 months ago
0
threadmodeling - The full `msg.value` Ether amount is sent to the `feeManager` without refund even when fee amount is zero

#232 sherlock-admin3 closed 2 months ago
0
threadmodeling - `TitlesCore.createEdition()` will keep reverting until the admin's intervention due to an incomplete initialization

#231 sherlock-admin4 closed 2 months ago
0
fibonacci - TitlesGraph's acknowledge/unacknowledge edge functions DoS

#230 sherlock-admin3 closed 2 months ago
5
Enc3yptedDegen - Arbitrary transferFrom vulnerability

#229 sherlock-admin4 closed 2 months ago
0
fibonacci - TitlesGraph's acknowledge/unacknowledge edge functions are vulnerable to signature malleability

#228 sherlock-admin3 closed 2 months ago
6
Enc3yptedDegen - Faulty Division Operation that could lead to potential logical errors.

#227 sherlock-admin4 closed 2 months ago
1
Enc3yptedDegen - Faulty Division Operation that could lead to potential logical errors and the integrity of financial calculations within the contract.

#226 sherlock-admin3 closed 2 months ago
1
1337 - The EDITION_MINTER_ROLE can never be granted, making the promoMint function only callable by the owner or the EDITION_MANAGER_ROLE.

#225 sherlock-admin4 closed 2 months ago
1
Squilliam - [M-3] Unused return value from `GRAPH.createEdge` in `Edition.publish` (Incorrect Error Handling + Potential Inconsistency)

#224 sherlock-admin3 closed 2 months ago
0
0x73696d616f - `Edition::mintBatch(address[] calldata receivers_, ...)` calculates incorrect fees for minters

#223 sherlock-admin4 closed 2 months ago
0
0x73696d616f - Inconsistent `protocolShare` calculation in `FeeManager::_collectMintFee()` that will likely incentivize creators to pick lower mint fees

#222 sherlock-admin3 closed 2 months ago
15
0x486776 - Creating an edition not through `TitlesCore` can avoid paying the creation fee.

#221 sherlock-admin4 closed 2 months ago
0
0x73696d616f - `Edition` referrer never receives any fee, which goes to the `mint` referrer instead

#220 sherlock-admin3 closed 2 months ago
0
Squilliam - [M-2] Locked Ether Vulnerability in `TitlesGraph` Contract (Payable Functions without Withdrawal + Funds Permanently Locked)

#219 sherlock-admin4 closed 2 months ago
0
cryptic - Attacker can front-run `acknowledgeEdge` and `unacknowledgeEdge`, causing DoS

#218 sherlock-admin3 closed 2 months ago
0
brakeless - Collection referrers do not receive their allocation of the protocolShare

#217 sherlock-admin4 closed 2 months ago
6
cryptic - Minting batch tokens erroneously burns ETH from caller

#216 sherlock-admin3 closed 2 months ago
0
Yu3H0 - grantRoles and revokeRoles function in Edition contract doesn't work

#215 sherlock-admin4 closed 2 months ago
1
Yu3H0 - The mintBatch function spends only one share of the money to get multiple mint

#214 sherlock-admin3 closed 2 months ago
5

Previous Next