issues
search
sherlock-audit
/
2024-05-andromeda-ado-judging
1
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
g - Vested funds can be unavailable on claiming
#81
sherlock-admin2
closed
3 months ago
0
g - Outaded versions of ADO contracts are considered valid senders
#80
sherlock-admin4
closed
3 months ago
6
g - App Components can use older ADO versions
#79
sherlock-admin3
closed
3 months ago
6
forgebyola - Lack of fund validation allows a user to bloat the message queue with empty stake messages
#78
sherlock-admin2
closed
3 months ago
0
g - Module registration lacks validation and can DOS ADO contracts
#77
sherlock-admin4
closed
3 months ago
0
4b - `crates.io:andromeda-vesting::instantiate()` does not validate `msg`
#76
sherlock-admin3
closed
3 months ago
0
g - Merging Bank messages turns them into fire-and-forget
#75
sherlock-admin2
closed
3 months ago
1
4b - `amount_available` can underflow in `claim_batch`
#74
sherlock-admin4
closed
3 months ago
0
g - Payment transactions succeed even when recipient transfers fail
#73
sherlock-admin3
closed
3 months ago
3
4b - Result type not propagated and returned explicitly
#72
sherlock-admin2
closed
3 months ago
0
4b - In `withdraw.rs::remove_withdrawable_token` error is not propagated
#71
sherlock-admin4
closed
3 months ago
0
bin2chen - execute_withdraw_fund() Funds arrive at End-Block, so the time judgment should be > instead of >=
#70
sherlock-admin3
closed
2 months ago
5
bin2chen - set_permission() using string splicing may cause key conflicts
#69
sherlock-admin2
closed
2 months ago
6
0xR360 - Delegate, Redelegate, Undelegate and Withdraw rewards functionality might break in the vesting contract
#68
sherlock-admin4
closed
3 months ago
5
0xR360 - Claim functionality might break in validator-staking contract
#67
sherlock-admin3
closed
3 months ago
5
Yashar - Stakers Funds Will Be Permanently Locked Within the Contract if a Validator is Tombstoned
#66
sherlock-admin2
closed
3 months ago
0
Yashar - Lack of Denomination Validation in `execute_stake` Function Allows Stakers to Stake Arbitrary Coins and Undermines Reward Fairness
#65
sherlock-admin4
closed
3 months ago
8
g - Recipients are unable to claim their vested funds
#64
sherlock-admin3
closed
3 months ago
6
g - Invalid recipient can break claiming of vested funds
#63
sherlock-admin2
closed
3 months ago
0
g - Only the last message in the AMP packet is handled in ADO Contracts
#62
sherlock-admin4
closed
3 months ago
0
g - Minting and batch minting auth can be bypassed by anyone
#61
sherlock-admin3
closed
3 months ago
0
g - Permissioned actions can not be disabled
#60
sherlock-admin2
closed
3 months ago
6
J4X_ - Batch creation will break if vestings are opened to recipients
#59
sherlock-admin4
opened
3 months ago
2
J4X_ - Lockup of vestings or completion time can be bypassed due to missing check for staked tokens
#58
sherlock-admin3
opened
3 months ago
14
J4X_ - Staked tokens will get stuck after claim
#57
sherlock-admin2
opened
3 months ago
3
J4X_ - Slashing of Unbondings is not accounted for and can lead to DOS of withdrawals
#56
sherlock-admin4
closed
3 months ago
0
J4X_ - Slashing allows users to bypass the lockup period of vestings
#55
sherlock-admin3
closed
2 months ago
20
J4X_ - Changes of the `UnbondingTime` are not accounted for
#54
sherlock-admin2
opened
3 months ago
3
J4X_ - Staked tokens can never be retrieved due to old `cosmos-sdk` version on targeted chains
#53
sherlock-admin4
closed
3 months ago
7
J4X_ - Rewards will get stuck if `withdrawaddrenabled` is set to false on the target chain
#52
sherlock-admin3
closed
3 months ago
17
J4X_ - Un-bonding will lead to staked tokens getting stuck
#51
sherlock-admin2
closed
3 months ago
0
J4X_ - Attacker can freeze users first rewards
#50
sherlock-admin4
opened
3 months ago
14
bin2chen - execute_claim() possible loss of accuracy or even inability to retrieve funds
#49
sherlock-admin3
opened
3 months ago
2
bin2chen - claim_batch() last_claimed_release_time is set too large when the balance is not enough
#48
sherlock-admin2
closed
3 months ago
5
bin2chen - is_permissioned() It doesn't make sense to have permissions by default after Blacklisted expires.
#47
sherlock-admin4
opened
3 months ago
24
bin2chen - is_permissioned() may underflow
#46
sherlock-admin3
opened
3 months ago
2
bin2chen - verify_origin() previous_sender may be forged
#45
sherlock-admin2
opened
3 months ago
2
bin2chen - if Slash Validator occurs, UNSTAKING_QUEUE's unstake amount will not be accurate
#44
sherlock-admin4
opened
3 months ago
3
bin2chen - If WithdrawAddrEnabled = false, execute_claim() will fail
#43
sherlock-admin3
opened
3 months ago
8
bin2chen - execute_stake() without setting DistributionMsg::SetWithdrawAddress, partial reward may remain in the contract
#42
sherlock-admin2
closed
2 months ago
3
bin2chen - when a validator is kicked out of the bonded validator set ,unstake funds will remain in the contract
#41
sherlock-admin4
opened
3 months ago
4
jollytesimal.eth - The test_execute_withdraw_native function: Improper Error Handling in execute_withdraw Leads to Panic (Error Handling Vulnerability).
#40
sherlock-admin3
closed
3 months ago
0
jollytesimal.eth - Logic Error in execute_start_sale: Unhandled None start_time Causes Contract Failure (Panicking on None start_time with Some duration
#39
sherlock-admin2
closed
3 months ago
0
g - Auction ADO allows non-payment of taxes
#38
sherlock-admin4
closed
3 months ago
0
g - Calculating tax amount does not include taxes in `WasmMsg::Execute` messages
#37
sherlock-admin3
opened
3 months ago
7
skinneomeje - Lack of validation of recipient address could lead to lock of funds in andromeda-vesting contract
#36
sherlock-admin2
closed
3 months ago
0
g - Flat-rate fees can break `OnFundsTransfer` hooks
#35
sherlock-admin4
closed
3 months ago
7
g - Creating a batch with invalid release amount locks funds permanently in Vesting ADO
#34
sherlock-admin3
closed
3 months ago
0
g - Registering usernames can be used to hijack paths with app contracts
#33
sherlock-admin2
closed
3 months ago
9
g - Valid VFS paths with "~" can fail validation
#32
sherlock-admin4
closed
3 months ago
0
Next