issues
search
sherlock-audit
/
2024-06-boost-aa-wallet-judging
3
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Shaggy Cherry Otter - createBoost function does not validate the number of incentives added
#490
sherlock-admin2
closed
2 months ago
0
Odd Cedar Mantis - Lack of Direct Access Control in _transferFungible() Lead to Unauthorized Fund Transfers Through Calling Functions
#489
sherlock-admin2
closed
2 months ago
0
Odd Cedar Mantis - Missing Bounds Checking in getBoost() Function
#488
sherlock-admin2
closed
2 months ago
0
Shaggy Cherry Otter - BoostRegistry does not check if base implementation is registered before deploying clones
#487
sherlock-admin2
closed
2 months ago
0
Spare Merlot Manatee - Avoid state initialization in the constructor of the implementation contract
#486
sherlock-admin2
closed
2 months ago
1
Spare Merlot Manatee - Avoid shadowing state variables
#485
sherlock-admin2
closed
2 months ago
1
Macho Mocha Donkey - Lack of Open Access Mechanism in Boost Initialization
#484
sherlock-admin2
closed
2 months ago
0
Macho Mocha Donkey - Precision Loss in Fee Distribution Favoring Protocol Fee Receiver in `BoostCore.sol::_routeClaimFee`
#483
sherlock-admin2
closed
2 months ago
0
Macho Mocha Donkey - Replace safeTransferFrom with trySafeTransferFrom for Improved Error Handling in Token Transfers
#482
sherlock-admin2
closed
2 months ago
0
Macho Mocha Donkey - Incorrect Revert Data Length in IncentiveBits Library
#481
sherlock-admin2
closed
2 months ago
0
Long Snowy Jaguar - Avoid Redundant Address Checks
#480
sherlock-admin2
closed
2 months ago
0
Macho Mocha Donkey - There is no ownership renouncement, and the admin acts as a single point of failure for the contract.
#479
sherlock-admin2
closed
2 months ago
0
Long Snowy Jaguar - Report on Use of Unchecked for Safe Math in Solidity
#478
sherlock-admin2
closed
2 months ago
0
Macho Mocha Donkey - The assert() function in `BoostCore.sol::_makeIncentives` might cause a panic.
#477
sherlock-admin2
closed
2 months ago
1
Stable Teal Wolf - ### [L-1] Redundant Code Removal and Magic Number Replacement in `ERC20VariableIncentive` contract.
#476
sherlock-admin2
closed
2 months ago
1
Dancing Ruby Bee - Redundant or Ineffective Constructor Code: Unexecuted reward = 1 Initialization
#475
sherlock-admin2
closed
2 months ago
1
Dancing Ruby Bee - Missing Length Check in `initialize` Function for `authorized` and `roles` Arrays
#474
sherlock-admin2
closed
2 months ago
0
Lone Corduroy Tadpole - CGDAIncentive.sol claims is not used and can be remove to reduce gas used
#473
sherlock-admin2
closed
2 months ago
0
Lone Corduroy Tadpole - Points.sol base contract does not disable initializer functions
#472
sherlock-admin2
closed
2 months ago
0
Lone Corduroy Tadpole - ERC1155Incentive: clawback can collect more as limit
#471
sherlock-admin2
closed
2 months ago
1
Smooth Brick Dachshund - Incorrect parameter name
#470
sherlock-admin2
closed
2 months ago
1
0x539.eth - Random Generation Can Be Manipulated
#469
sherlock-admin4
opened
2 months ago
0
pwning_dev - Balance Check Before Transfer
#468
sherlock-admin2
opened
2 months ago
0
Minato7namikazi - Incorrect Incentive Initialization in BoostCore!
#467
sherlock-admin4
opened
2 months ago
0
Aymen0909 - `claimed[claimTarget]` not recorded in `CGDAIncentive::claim`
#466
sherlock-admin2
opened
2 months ago
0
SovaSlava - User could validate one action twice, using malleable hash
#465
sherlock-admin4
opened
2 months ago
0
Minato7namikazi - ETH Locked in Budget Contract in the protocol
#464
sherlock-admin2
opened
2 months ago
0
0x539.eth - Wrong Calculation Of Current Reward
#463
sherlock-admin4
opened
2 months ago
0
scyron6 - `clawback` is not callable on provided incentive contracts because owner is set to BoostCore address
#462
sherlock-admin2
opened
2 months ago
0
ge6a - Missing max participants check
#461
sherlock-admin4
opened
2 months ago
0
denzi_ - The incentive contracts are not compatible with rebasing/deflationary/inflationary tokens
#460
sherlock-admin2
opened
2 months ago
0
0xloophole - Incorrect Claim Fee Distribution
#459
sherlock-admin4
opened
2 months ago
0
Albort - Uninitialized immutable variable
#458
sherlock-admin2
opened
2 months ago
0
pwning_dev - Reward Depletion in clawback (RAFFLE strategy)
#457
sherlock-admin4
opened
2 months ago
0
PranavGarg - Incorrect fee calculation logic in boost claim function
#456
sherlock-admin2
opened
2 months ago
0
RealMaushish - Unbounded loop can lead to a dos
#455
sherlock-admin4
opened
2 months ago
0
Ironsidesec - Immutable `VALIDATOR` state is never set in the constructor
#454
sherlock-admin2
opened
2 months ago
0
TessKimy - Valid signatures can be used to claim other incentives
#453
sherlock-admin4
opened
2 months ago
0
pwning_dev - Insecure Randomness in drawRaffle
#452
sherlock-admin2
opened
2 months ago
0
AresAudits - Signature Malleability Issue in validate Function
#451
sherlock-admin4
opened
2 months ago
0
Aymen0909 - Incorrect distribution of `claimFee` in `BoostCore::_routeClaimFee`
#450
sherlock-admin2
opened
2 months ago
0
RealMaushish - Incorrect casting in `SignerValidator.sol`
#449
sherlock-admin4
opened
2 months ago
0
SovaSlava - Signature replay attack, due to missing chainID value in EIP712 TYPEHASH
#448
sherlock-admin2
opened
2 months ago
0
PranavGarg - maxParticipants and protocolFee are unused in BoostCore contract
#447
sherlock-admin4
opened
2 months ago
0
0xloophole - Incorrect Reward Decay Calculation in CGDAIncentive
#446
sherlock-admin2
opened
2 months ago
0
Albort - Reliance on `supportsInterface` for Security
#445
sherlock-admin4
opened
2 months ago
0
0xloophole - Incorrect Validation in SignerValidator
#444
sherlock-admin2
opened
2 months ago
0
Ironsidesec - Claim status is checked but never updated on `CGDAIncentive.claim`
#443
sherlock-admin4
opened
2 months ago
0
0xloophole - Predictable Randomness in ERC20Incentive Raffle
#442
sherlock-admin2
opened
2 months ago
0
ZanyBonzy - Users can claim multiple times
#441
sherlock-admin4
opened
2 months ago
0
Next