sherlock-audit 2024-06-boost-aa-wallet-judging issues

sherlock-audit / 2024-06-boost-aa-wallet-judging

3 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

pwning_dev - Unrestricted ERC1155 Token Transfers

#440 sherlock-admin2 opened 2 months ago
0
ParthMandale - `Boostcore::createBoost` in a certain case would lead to the creation of "junk boosts" whereas it should have reverted in that case.

#439 sherlock-admin4 opened 2 months ago
0
0xloophole - Potential Griefing Vulnerability in ERC20Incentive Contract

#438 sherlock-admin2 opened 2 months ago
0
Albort - Potential Identifier Collisions

#437 sherlock-admin4 opened 2 months ago
0
0xloophole - Missing Cross-Chain Replay Protection in SignerValidator

#436 sherlock-admin2 opened 2 months ago
0
krot-0025 - `CreateBoostAuth` address is not being tracked properly which is being used to create a Boost.

#435 sherlock-admin4 opened 2 months ago
0
0xloophole - Insufficient Handling of Rebasing Tokens in the Boost Protocol

#434 sherlock-admin2 opened 2 months ago
0
0xbrivan - Participants may be unable to claim the right incentives if the `incentiveQuantity` is not equal to the total number of incentives configured for a boost

#433 sherlock-admin4 opened 2 months ago
0
krot-0025 - No way to recover funds if the Boost owner address is compromised which leads to user [incentive/funds] getting compromised.

#432 sherlock-admin2 opened 2 months ago
0
RealMaushish - incentive owners can change the limit to zero at any period

#431 sherlock-admin4 opened 2 months ago
0
Albort - No Mechanism to Remove or Update Implementations

#430 sherlock-admin4 opened 2 months ago
0
Aymen0909 - `BoostCore` can never invoke `ERC20Incentive::drawRaffle`

#429 sherlock-admin4 opened 2 months ago
0
ge6a - Issue with rebasing tokens in ERC20Incentive

#428 sherlock-admin4 opened 2 months ago
0
krot-0025 - Improper handling of the `ERC20 FOT [Fee on Trasfer]` token leads to stuck of fund for the user.

#427 sherlock-admin4 opened 2 months ago
0
lola - CGDAIncentive: The logic for calculating cgdaParams.currentReward implies a range that can be bypassed in certain situations

#426 sherlock-admin4 opened 2 months ago
0
PranavGarg - Important onlyOwner protected functions in Incentives and Validators cannot be executed by BoostCore

#425 sherlock-admin4 opened 2 months ago
0
0xlookman - `BoostCore::_routeClaimFee` can be Dosed by any of the first Recipients before the `protocolFeeReceiver` during a claim leading to a loss of funds

#424 sherlock-admin4 opened 2 months ago
0
0xloophole - Insufficient Handling of Fee-on-Transfer Tokens in the Boost Protocol

#423 sherlock-admin4 opened 2 months ago
0
krot-0025 - `safeTransferFrom()` function didn't check the codesize of the token address which may leads to loss of funds.

#422 sherlock-admin4 opened 2 months ago
0
Albort - Predictable Clone Addresses Leading to Front-Running

#421 sherlock-admin4 opened 2 months ago
0
0xloophole - Insufficient Handling of Pausable Tokens in the Boost Protocol

#420 sherlock-admin4 opened 2 months ago
0
TessKimy - Fee on transfer tokens are not supported in boost protocol

#419 sherlock-admin4 opened 2 months ago
0
befree3x - `protocolFeeReceiver` can sometimes receive more fees than expected

#418 sherlock-admin4 opened 2 months ago
0
0xloophole - Unrestricted Validator Caller

#417 sherlock-admin4 opened 2 months ago
0
scyron6 - Users can lose funds if `claimFee` is lowered between them submitting a `claimIncentive` transaction and the transaction being confirmed

#416 sherlock-admin4 opened 2 months ago
0
Aymen0909 - `BoostCore` will be unable to invoke incentives `clawback` functions

#415 sherlock-admin3 opened 2 months ago
0
0xloophole - Allow List Bypass Due to Missing Context

#414 sherlock-admin2 opened 2 months ago
0
Ironsidesec - ERC20 and ERC1155 tokens can be pulled from anyone during budget allocation

#413 sherlock-admin4 opened 2 months ago
0
RealMaushish - Weird ERC 20 issues

#412 sherlock-admin3 opened 2 months ago
0
Aycozzynfada - The allocate function does not account for “fee on transfer” (FOT) tokens

#411 sherlock-admin2 opened 2 months ago
0
0xAadi - Improper Validation of Raffle Entries in `ERC20Incentive.clawback()` Allows Inaccurate Claim Tracking and Potential Exploits

#410 sherlock-admin4 opened 2 months ago
0
0xloophole - Potential for Action Replay

#409 sherlock-admin3 opened 2 months ago
0
denzi_ - `ERC20Incentive::drawRaffle()` does not set limit = 0 allowing further calls to claim to be accepted after the raffle is over.

#408 sherlock-admin2 opened 2 months ago
0
MrCrowNFT - Users not be able to claim incentives with referrer address if `(payload_.referralFee + BoostCore.sol::referralFee) > FEE_DENOMINATOR`

#407 sherlock-admin4 opened 2 months ago
0
denzi_ - Weak PRNG in `ERC20Incentive::drawRaffle()`

#406 sherlock-admin3 opened 2 months ago
0
0xlookman - Boost Creators can prevent the protocol from getting the Default 10% of the claim fee its supposed to receive

#405 sherlock-admin2 opened 2 months ago
0
0xsome - A referral farmer can take protocol fee share

#404 sherlock-admin4 opened 2 months ago
0
denzi_ - Malicious User can grief by frontrunning `ERC20Incentive::clawback()` function by calling `ERC20Incentive::claim()` to make the initial clawback call revert.

#403 sherlock-admin3 opened 2 months ago
0
ge6a - Unfair rewards in CGDAIncentive lead to loss of funds for some users

#402 sherlock-admin2 opened 2 months ago
0
Albort - Insufficient Validation of Implementations

#401 sherlock-admin4 opened 2 months ago
0
denzi_ - `CGDAIncentive::claim()` does not set `claimed[recipient] = true`

#400 sherlock-admin3 opened 2 months ago
0
AresAudits - Lack of Support for Fee on Transfer, Rebasing, and Tokens with Balance Modifications Outside of Transfers in ManagedBudget.sol

#399 sherlock-admin2 opened 2 months ago
0
Smacaud - push() doesn't return a reference

#398 sherlock-admin4 opened 2 months ago
0
0xloophole - Vulnerability in Incentive Claiming Logic

#397 sherlock-admin3 opened 2 months ago
0
scyron6 - Funds will be stuck if validator is set to address(0) and action does not support `AValidator` interface

#396 sherlock-admin2 opened 2 months ago
0
Albort - Lack of Access Control on Registration

#395 sherlock-admin4 opened 2 months ago
0
AresAudits - Incorrect Handling of Fee-on-Transfer Tokens in ManagedBudget

#394 sherlock-admin3 opened 2 months ago
0
Atharv - Protocol Fails to Handle Rebasing Tokens, Leading to Potential Reward Losses for users

#393 sherlock-admin2 opened 2 months ago
0
AresAudits - Incorrect Balance Check in `ERC20` Allocation Logic

#392 sherlock-admin4 opened 2 months ago
0
0xlookman - In `BoostCore` the protocol will get more or less than the intended percentage of the `ClaimFee`

#391 sherlock-admin3 opened 2 months ago
0

Previous Next