sherlock-audit 2024-05-tokensoft-distributor-contracts-update-judging issues

sherlock-audit / 2024-05-tokensoft-distributor-contracts-update-judging

3 stars 2 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Low 01 Stale Storage

#69 sherlock-admin2 closed 5 months ago
0
Misc low issues

#68 sherlock-admin3 closed 5 months ago
7
Albort - Because of rounding issues, users may not be able to withdraw airdrop tokens if their claim has been adjust()'ed upwards

#67 sherlock-admin2 closed 5 months ago
0
smbv-1923 - Rounding issue in tokensToVotes()

#66 sherlock-admin4 closed 5 months ago
0
Varun_05 - There is no way to change the SweepRecipient. Not even by the owner.

#65 sherlock-admin3 closed 5 months ago
0
Honour - `AdvancedDistributorInitializable::_executeClaim()` ignores the encoded vesting periods data

#64 sherlock-admin2 closed 5 months ago
0
Varun_05 - _executeClaim function hardcodes data field as zero which causes different issue.

#63 sherlock-admin4 closed 5 months ago
0
smbv-1923 - `Adjust()` would lead to loss of user's fund.

#62 sherlock-admin3 closed 5 months ago
23
0xboriskataa - `voteFactor`/`fractionDenominator` set to incorrect value

#61 sherlock-admin2 closed 5 months ago
0
Varun_05 - claim function in PerAddressContinuousVestingMerkleDistributor.sol hardcoded bytes(0) which allows user to claim tokens without any vesting period.

#60 sherlock-admin4 closed 5 months ago
0
Ironsidesec - `randomValue` can only be set once

#59 sherlock-admin3 closed 5 months ago
24
Honour - Incorrect vesting period data DOSes claiming of tokens

#58 sherlock-admin2 closed 5 months ago
0
Honour - Incorrect vesting period data DOSes claiming of tokens

#57 sherlock-admin4 closed 5 months ago
0
Varun_05 - claim function in PerAddressTrancheVestingMerkleDistributor.sol will always revert thus causing user to never claim their tokens.

#56 sherlock-admin3 closed 5 months ago
0
hunter_w3b - Lack of Access Control in deployDistributor Function

#55 sherlock-admin2 closed 5 months ago
8
Ironsidesec - `currentVotes` is not accounted for properly

#54 sherlock-admin4 closed 5 months ago
2
0xboriskataa - 0 data input might break functionality

#53 sherlock-admin3 closed 5 months ago
0
hunter_w3b - `_setPseudorandomValue` will not work properly for Arbitrum

#52 sherlock-admin2 closed 5 months ago
0
Varun_05 - Every user can claim all the tokens instantly without waiting for a vesting period to unlock the tokens because of hardcoded bytes32(0) passed in the claim function.

#51 sherlock-admin4 closed 5 months ago
0
0xboriskataa - Incorrect merkle proof check used for tranche vesting

#50 sherlock-admin3 closed 5 months ago
1
hunter_w3b - Claim Function Immediately Distributes Tokens without Start, End, and Cliff Calculation in `PerAddressContinuousVestingMerkle`

#49 sherlock-admin2 closed 5 months ago
0
aman - off by 1 case `diff < type(uint120).max` in adjust function

#48 sherlock-admin4 closed 5 months ago
1
bareli - zero amount transfer can fail.

#47 sherlock-admin3 closed 5 months ago
0
aman - The last index should be checked for fraction denominator

#46 sherlock-admin2 closed 5 months ago
26
aman - The `new bytes(0)` will result in revert for claim function

#45 sherlock-admin4 closed 5 months ago
0
samuraii77 - Owner funds could get locked

#44 sherlock-admin3 closed 5 months ago
0
ydlee - Users may suffer from loss of tokens if owner decreases their claimable tokens.

#43 sherlock-admin2 closed 5 months ago
0
Ironsidesec - `maxDelay` can be breached and causes DOS to most claimers

#42 sherlock-admin4 closed 5 months ago
3
Varun_05 - Wrong voteFactor is initilized in PerAddressContinuousVestingInitializable.sol

#41 sherlock-admin3 closed 5 months ago
14
samuraii77 - Incorrect require statement can cause user to be unable to claim

#40 sherlock-admin2 closed 5 months ago
14
hunter_w3b - Claim Function Fails in `PerAddressTrancheVestingMerkleDistributor` Due to Empty Data

#39 sherlock-admin4 closed 5 months ago
0
BiasedMerc - AdvancedDistributorInitializable::_executeClaim() doesn't allow to pass custom data parameter

#38 sherlock-admin3 closed 5 months ago
0
zraxx - Malicious users can gain more vote shares after `voteFactor` is changed.

#37 sherlock-admin2 closed 5 months ago
4
Ironsidesec - `ContinuousVesting` beneficiaries will have zero voting power initiallly

#36 sherlock-admin4 closed 5 months ago
0
Drynooo - claim parameters have no effect

#35 sherlock-admin3 closed 5 months ago
0
NoOne - Arithmetic Overflow and Underflow Vulnerabilities in `adjust` Function

#34 sherlock-admin2 closed 5 months ago
0
Bigsam - Vulnerability/Limitation in `adjust` Function

#33 sherlock-admin4 closed 5 months ago
0
Ironsidesec - AdvancedDistributorInitializable is sending 0 bytes to decode which causes DOS

#32 sherlock-admin3 closed 5 months ago
0
Drynooo - User balance is not updated when changing voteFactor

#31 sherlock-admin2 closed 5 months ago
21
BiasedMerc - AdvancedDistributor::adjust() only decreases token balance, but doesn't increase it when there is a claim amount increase

#30 sherlock-admin4 closed 5 months ago
0
samuraii77 - Users will not be able to claim their tokens

#29 sherlock-admin3 closed 5 months ago
0
samuraii77 - Users are unable to claim their tokens

#28 sherlock-admin2 closed 5 months ago
0
samuraii77 - Inconsistency in the allowed times for claiming

#27 sherlock-admin4 closed 5 months ago
0
Ironsidesec - PerAddressContinuousVestingMerkle.claim will always revert

#26 sherlock-admin3 closed 5 months ago
0
samuraii77 - Protocol makes wrong assumption that could cause integration mistakes

#25 sherlock-admin2 closed 5 months ago
0
merlin - The claim function in PerAddressContinuousVestingMerkle.sol will always fail due to incorrect decoding

#24 sherlock-admin4 closed 5 months ago
0
nfmelendez - Many distributor creation transaction with valid merkle root will revert because of a downcasting

#23 sherlock-admin3 closed 5 months ago
0
nfmelendez - no title

#22 sherlock-admin2 closed 5 months ago
0
1337web3 - High 01 DoS In Claiming

#21 sherlock-admin4 closed 5 months ago
0
BiasedMerc - PerAddressContinuousVestingMerkle::claim will revert due to bytes(0) data being passed to _executeClaim

#20 sherlock-admin3 closed 5 months ago
0