sherlock-audit 2024-06-allora-judging issues

sherlock-audit / 2024-06-allora-judging

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

0x416 - the decay rate can be applied multiple times

#137 sherlock-admin2 closed 4 months ago
2
0x416 - Does not check if the key exists when iterate over the map

#136 sherlock-admin4 closed 4 months ago
1
0x416 - Non-deterministic approach to iterate over the map can result in inconsistent state between nodes and validators

#135 sherlock-admin3 closed 4 months ago
2
abdulsamijay - Unauthorized Stake Remove Cancellation of Reputors or Workers by any user

#134 sherlock-admin2 closed 4 months ago
1
abdulsamijay - Unauthorized Stake & DelegateStake Removal of Reputers or Worker by any User

#133 sherlock-admin4 closed 4 months ago
1
stonejiajia - MustNewDecFromString Causing Critical ABCI Panics in Cosmos Blockchain

#132 sherlock-admin3 closed 4 months ago
4
0x416 - Lack of error handling when making blockless api call

#131 sherlock-admin2 opened 4 months ago
2
abdulsamijay - Unauthorized Deregistration of Reputers and Workers

#130 sherlock-admin4 closed 4 months ago
3
imsrybr0 - Broken invariant : the sum of all (delegateRewardsPerShare * delegated stake - reward debt) = the balance of the /x/bank AlloraPendingRewardForDelegatorAccountName module account when when distributing delegate stakers rewards

#129 sherlock-admin3 opened 4 months ago
12
0x416 - Lack of authorization when calling blockless API

#128 sherlock-admin2 closed 4 months ago
8
imsrybr0 - Broken invariant : the sum of all (delegateRewardsPerShare * delegated stake - reward debt) = the balance of the /x/bank AlloraPendingRewardForDelegatorAccountName module account when calculating reputer and delegator rewards

#127 sherlock-admin4 closed 4 months ago
2
stonejiajia - Security Issues Report: Potential Panics in ABCI Methods

#126 sherlock-admin3 closed 4 months ago
0
lemonmon - `allora-inference-base::SendWorkerModeData` sets nonce from the peer's blockHeight

#125 sherlock-admin2 closed 4 months ago
1
lemonmon - The worker and reputer's payload may be tampered due to lack of check for the pubkey's ownership

#124 sherlock-admin4 opened 4 months ago
1
lemonmon - `msg_server_registerations::Register` will overwrite reputerInfo, which can be used to sabotage other reputers

#123 sherlock-admin3 closed 4 months ago
2
lemonmon - `msg_server_demand::FundTopic` passes incorrect additional fee, potentially activate a topic incorrectly

#122 sherlock-admin2 closed 4 months ago
2
lemonmon - `msg_server_stake::AddStake` calculates the weight incorrectly resulting in incorrect activation of a topic

#121 sherlock-admin4 opened 4 months ago
9
0x3b - `GetForecastScoresUntilBlock` can get more score samples than the max allowed

#120 sherlock-admin3 opened 4 months ago
1
abdulsamijay - Negative Stake & DelegateStek Amounts Causes Runtime Panic

#119 sherlock-admin2 closed 4 months ago
9
abdulsamijay - Loss of Delegated Rewards Due to Malicious Reputer Deregistration

#118 sherlock-admin4 closed 4 months ago
2
imsrybr0 - SafeApplyFuncOnAllActiveEpochEndingTopics processes two more pages than the desired max topic page

#117 sherlock-admin3 opened 4 months ago
2
abdulsamijay - Removing Negative amounts in Stake & DelegateStake leads to chain halt

#116 sherlock-admin2 closed 4 months ago
2
imsrybr0 - Pagination is wrong in GetIdsOfActiveTopics

#115 sherlock-admin4 closed 4 months ago
45
0x3b - `DripTopicFeeRevenue` drips the internal `topicFeeRevenue` and not the one provided by `GetCurrentTopicWeight`

#114 sherlock-admin3 opened 4 months ago
1
LZ_security - Malicious Whitelist Admin can prevent itself from being deleted

#113 sherlock-admin2 closed 4 months ago
1
LZ_security - Malicious Reputer cause emissions/msgserver/InsertBulkReputerPayload to fail

#112 sherlock-admin4 opened 4 months ago
30
zigtur - Anyone can overwrite Reputer and Worker info attached to a LibP2PKey

#111 sherlock-admin3 opened 4 months ago
2
LZ_security - The issue of SLOW ABCI METHODS has not been resolved.

#110 sherlock-admin2 opened 4 months ago
3
LZ_security - Reputer can DoS emissions/msgserver/InsertBulkReputerPayload

#109 sherlock-admin4 closed 4 months ago
9
zigtur - Failed stake removals and failed delegate stake removals are not replayable

#108 sherlock-admin3 closed 4 months ago
2
LZ_security - The malicious node may not execute the http request

#107 sherlock-admin2 opened 4 months ago
2
0x3b - Actors can game the withdraw waiting time

#106 sherlock-admin4 closed 3 months ago
14
LZ_security - When a single node(blockless server) is attacked, the entire chain is attacked.

#105 sherlock-admin3 closed 4 months ago
2
0x3b - math miscalculation artificially deflates scores

#104 sherlock-admin2 opened 4 months ago
1
LZ_security - keeper/AddReputerNonce or AddWorkerNonce When the Nonce reaches the maximum value, an error occurs

#103 sherlock-admin4 closed 4 months ago
9
pks_ - Malicious delegators can get more rewards than they should

#102 sherlock-admin3 closed 4 months ago
2
pks_ - Malicious users can prevent node processing normal transactions with many remove delegate stake spam txs

#101 sherlock-admin2 closed 4 months ago
1
pks_ - Unlimited topic parameters size when creating topic can cause node DoS

#100 sherlock-admin4 closed 4 months ago
3
LZ_security - By transferring uallo tokens to another chain via IBC, the reward amount is affected.

#99 sherlock-admin3 closed 4 months ago
3
404Notfound - Insecure Implementation of Transaction Validation

#98 sherlock-admin2 closed 4 months ago
0
LZ_security - topic_rewards/SafeApplyFuncOnAllActiveEpochEndingTopics used the wrong parameters

#97 sherlock-admin4 opened 4 months ago
22
LZ_security - The SelectTopNWorkerNonces function lacks a sorting algorithm internally.

#96 sherlock-admin3 opened 4 months ago
1
carrotsmuggler - Topics wont activate even with a sufficient stake

#95 sherlock-admin2 opened 4 months ago
2
carrotsmuggler - Anyone can overwrite reputer `p2pkey` values

#94 sherlock-admin4 closed 4 months ago
2
0x3b - coefficients math mistakenly calculates the coefficient diff with the same value

#93 sherlock-admin3 opened 4 months ago
2
0x3b - If old coefficient is bigger than the new one then the reputer has it's coeff reduced more than it should

#92 sherlock-admin2 opened 4 months ago
3
LZ_security - emissions/keeper/GetIdsOfActiveTopics may always return empty array []

#91 sherlock-admin4 opened 4 months ago
3
imsrybr0 - Non deterministic iteration over maps in inference synthesis

#90 sherlock-admin3 closed 4 months ago
2
404Notfound - Missing export `CoreTeamAddresses` in `x/emissions` module

#89 sherlock-admin2 opened 4 months ago
2
LZ_security - InsertBulkReputerPayload can be DoS

#88 sherlock-admin4 opened 4 months ago
1