sherlock-audit 2024-06-boost-aa-wallet-judging issues

sherlock-audit / 2024-06-boost-aa-wallet-judging

3 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Shaggy Cherry Otter - createBoost function does not validate the number of incentives added

#490 sherlock-admin2 closed 1 month ago
0
Odd Cedar Mantis - Lack of Direct Access Control in _transferFungible() Lead to Unauthorized Fund Transfers Through Calling Functions

#489 sherlock-admin2 closed 1 month ago
0
Odd Cedar Mantis - Missing Bounds Checking in getBoost() Function

#488 sherlock-admin2 closed 1 month ago
0
Shaggy Cherry Otter - BoostRegistry does not check if base implementation is registered before deploying clones

#487 sherlock-admin2 closed 1 month ago
0
Spare Merlot Manatee - Avoid state initialization in the constructor of the implementation contract

#486 sherlock-admin2 closed 1 month ago
1
Spare Merlot Manatee - Avoid shadowing state variables

#485 sherlock-admin2 closed 1 month ago
1
Macho Mocha Donkey - Lack of Open Access Mechanism in Boost Initialization

#484 sherlock-admin2 closed 1 month ago
0
Macho Mocha Donkey - Precision Loss in Fee Distribution Favoring Protocol Fee Receiver in `BoostCore.sol::_routeClaimFee`

#483 sherlock-admin2 closed 1 month ago
0
Macho Mocha Donkey - Replace safeTransferFrom with trySafeTransferFrom for Improved Error Handling in Token Transfers

#482 sherlock-admin2 closed 1 month ago
0
Macho Mocha Donkey - Incorrect Revert Data Length in IncentiveBits Library

#481 sherlock-admin2 closed 1 month ago
0
Long Snowy Jaguar - Avoid Redundant Address Checks

#480 sherlock-admin2 closed 1 month ago
0
Macho Mocha Donkey - There is no ownership renouncement, and the admin acts as a single point of failure for the contract.

#479 sherlock-admin2 closed 1 month ago
0
Long Snowy Jaguar - Report on Use of Unchecked for Safe Math in Solidity

#478 sherlock-admin2 closed 1 month ago
0
Macho Mocha Donkey - The assert() function in `BoostCore.sol::_makeIncentives` might cause a panic.

#477 sherlock-admin2 closed 1 month ago
1
Stable Teal Wolf - ### [L-1] Redundant Code Removal and Magic Number Replacement in `ERC20VariableIncentive` contract.

#476 sherlock-admin2 closed 1 month ago
1
Dancing Ruby Bee - Redundant or Ineffective Constructor Code: Unexecuted reward = 1 Initialization

#475 sherlock-admin2 closed 1 month ago
1
Dancing Ruby Bee - Missing Length Check in `initialize` Function for `authorized` and `roles` Arrays

#474 sherlock-admin2 closed 1 month ago
0
Lone Corduroy Tadpole - CGDAIncentive.sol claims is not used and can be remove to reduce gas used

#473 sherlock-admin2 closed 1 month ago
0
Lone Corduroy Tadpole - Points.sol base contract does not disable initializer functions

#472 sherlock-admin2 closed 1 month ago
0
Lone Corduroy Tadpole - ERC1155Incentive: clawback can collect more as limit

#471 sherlock-admin2 closed 1 month ago
1
Smooth Brick Dachshund - Incorrect parameter name

#470 sherlock-admin2 closed 1 month ago
1
0x539.eth - Random Generation Can Be Manipulated

#469 sherlock-admin4 opened 1 month ago
0
pwning_dev - Balance Check Before Transfer

#468 sherlock-admin2 opened 1 month ago
0
Minato7namikazi - Incorrect Incentive Initialization in BoostCore!

#467 sherlock-admin4 opened 1 month ago
0
Aymen0909 - `claimed[claimTarget]` not recorded in `CGDAIncentive::claim`

#466 sherlock-admin2 opened 1 month ago
0
SovaSlava - User could validate one action twice, using malleable hash

#465 sherlock-admin4 opened 1 month ago
0
Minato7namikazi - ETH Locked in Budget Contract in the protocol

#464 sherlock-admin2 opened 1 month ago
0
0x539.eth - Wrong Calculation Of Current Reward

#463 sherlock-admin4 opened 1 month ago
0
scyron6 - `clawback` is not callable on provided incentive contracts because owner is set to BoostCore address

#462 sherlock-admin2 opened 1 month ago
0
ge6a - Missing max participants check

#461 sherlock-admin4 opened 1 month ago
0
denzi_ - The incentive contracts are not compatible with rebasing/deflationary/inflationary tokens

#460 sherlock-admin2 opened 1 month ago
0
0xloophole - Incorrect Claim Fee Distribution

#459 sherlock-admin4 opened 1 month ago
0
Albort - Uninitialized immutable variable

#458 sherlock-admin2 opened 1 month ago
0
pwning_dev - Reward Depletion in clawback (RAFFLE strategy)

#457 sherlock-admin4 opened 1 month ago
0
PranavGarg - Incorrect fee calculation logic in boost claim function

#456 sherlock-admin2 opened 1 month ago
0
RealMaushish - Unbounded loop can lead to a dos

#455 sherlock-admin4 opened 1 month ago
0
Ironsidesec - Immutable `VALIDATOR` state is never set in the constructor

#454 sherlock-admin2 opened 1 month ago
0
TessKimy - Valid signatures can be used to claim other incentives

#453 sherlock-admin4 opened 1 month ago
0
pwning_dev - Insecure Randomness in drawRaffle

#452 sherlock-admin2 opened 1 month ago
0
AresAudits - Signature Malleability Issue in validate Function

#451 sherlock-admin4 opened 1 month ago
0
Aymen0909 - Incorrect distribution of `claimFee` in `BoostCore::_routeClaimFee`

#450 sherlock-admin2 opened 1 month ago
0
RealMaushish - Incorrect casting in `SignerValidator.sol`

#449 sherlock-admin4 opened 1 month ago
0
SovaSlava - Signature replay attack, due to missing chainID value in EIP712 TYPEHASH

#448 sherlock-admin2 opened 1 month ago
0
PranavGarg - maxParticipants and protocolFee are unused in BoostCore contract

#447 sherlock-admin4 opened 1 month ago
0
0xloophole - Incorrect Reward Decay Calculation in CGDAIncentive

#446 sherlock-admin2 opened 1 month ago
0
Albort - Reliance on `supportsInterface` for Security

#445 sherlock-admin4 opened 1 month ago
0
0xloophole - Incorrect Validation in SignerValidator

#444 sherlock-admin2 opened 1 month ago
0
Ironsidesec - Claim status is checked but never updated on `CGDAIncentive.claim`

#443 sherlock-admin4 opened 1 month ago
0
0xloophole - Predictable Randomness in ERC20Incentive Raffle

#442 sherlock-admin2 opened 1 month ago
0
ZanyBonzy - Users can claim multiple times

#441 sherlock-admin4 opened 1 month ago
0