sherlock-audit 2024-08-flayer-judging issues

sherlock-audit / 2024-08-flayer-judging

2 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Limbooo - User is Unable to Reclaim Vote After Collection Shutdown is Canceled

#659 sherlock-admin2 opened 1 month ago
0
ComposableSecurity - The ownerOf function does not revert for invalid token IDs

#658 sherlock-admin3 opened 1 month ago
0
ComposableSecurity - Default royalty receiver can steal royalties of other receivers

#657 sherlock-admin2 opened 1 month ago
0
jsmi - The total supply of collection tokens will be decreased more and more.

#656 sherlock-admin3 opened 1 month ago
0
ComposableSecurity - The name() and symbol() functions are not compliant with the EIP-20 standard

#655 sherlock-admin2 opened 1 month ago
0
KungFuPanda - Whales can use CollectionShutdown.reclaimVote to inflate the voting first, and withdraw their portion after collectionLiquidation has been completed

#654 sherlock-admin3 opened 1 month ago
0
Audinarey - Users cannot unlock/repay their protected listing when the Locker is paused

#653 sherlock-admin2 opened 1 month ago
0
Ironsidesec - Collison attack on `l2CollectionAddress`

#652 sherlock-admin3 opened 1 month ago
0
zzykxx - `initializeCollection()` doesn't refund native tokens

#651 sherlock-admin2 opened 1 month ago
0
jo13 - Risk of NFT Loss Due to Pausable NFT Collections .

#650 sherlock-admin3 opened 1 month ago
0
ajayss - Initial Lister will permanently freeze listing for tokenIds such that it cannot be filled, relisted, modified and reserved

#649 sherlock-admin2 opened 1 month ago
0
zarkk01 - ```Listings::modifyListings()``` doesn't update the ```listing.created``` (when only the ```floorMultiple``` is modified) leading to double paying and wrong accountings.

#648 sherlock-admin3 opened 1 month ago
0
Feder - Any user calling the `Locker::initializeCollection` function will loose both their ERC721 tokens and the ETH (WETH) they provide.

#647 sherlock-admin2 opened 1 month ago
0
heeze - Royalties paid on L2 for ERC1155 tokens cannot be claimed

#646 sherlock-admin3 opened 1 month ago
0
0xjoi - M-8 exact balance check

#645 sherlock-admin2 opened 1 month ago
0
0xjoi - H-12 arbitrary-low-level-call

#644 sherlock-admin3 opened 1 month ago
0
zzykxx - Maximum borrowable amount in protected listings should be lower

#643 sherlock-admin2 opened 1 month ago
0
0xjoi - M-7 Dubious typecast

#642 sherlock-admin3 opened 1 month ago
0
0xNirix - Users will suffer unexpected liquidations and unfair interest charges on Protected Listings

#641 sherlock-admin2 opened 1 month ago
0
KungFuPanda - In ProtectedListings, listing.checkpoint is greater by 1 than it should be in case the _collection has already been checkpointed at least once during the same block.timestamp, leading to incorect health factor and unlockPrice calculations

#640 sherlock-admin3 opened 1 month ago
0
heeze - Contract cannot receive native token

#639 sherlock-admin2 opened 1 month ago
0
araj - `_distributeFees()` only checks for `donateThresholdMin` but not `donateThresholdMax`

#638 sherlock-admin3 opened 1 month ago
0
jecikpo - After reserving of a listing old owner can steal listing

#637 sherlock-admin2 opened 1 month ago
0
zzykxx - The total supply of collection tokens can change in-between starting a shutdown vote and executing it

#636 sherlock-admin3 opened 1 month ago
0
jo13 - Lack of Withdrawal Mechanism for Payable Functions in CollectionShutdown Contract

#635 sherlock-admin2 opened 1 month ago
0
0x3adeade - `initializeERC721Bridgable()` && `initializeERC1155Bridgable()` function in **moongate/src/InfernalRiftBelow.sol** can be set by anyone due to lack of access control.

#634 sherlock-admin3 opened 1 month ago
0
0xjoi - H-11 pess-nft-approve-warning

#633 sherlock-admin2 opened 1 month ago
0
0xNirix - Attacker can manipulate interest rates and force liquidations for protected listings, affecting legitimate users and protocol stability

#632 sherlock-admin3 opened 1 month ago
0
shaflow01 - Anyone can call `claimRoyalties` in `InfernalRiftBelow` contract

#631 sherlock-admin2 opened 1 month ago
0
Ragnarok - Price Manipulation Vulnerability in Listings Contract Leading to Buyer Overpayment

#630 sherlock-admin3 opened 1 month ago
0
0xdice91 - `InfernalRiftBelow::claimRoyalties()` does not support the claiming of royalties for `ERC1155` tokens.

#629 sherlock-admin2 opened 1 month ago
0
araj - Possible precision loss while calculating `compoundedFactor_` in TaxCalculator.sol

#628 sherlock-admin3 opened 1 month ago
0
0x_karaslavov - Incorrectly set `mint` variable in `InfernalRiftBelow::_thresholdCross1155` causes a revert, which prevents tokens from being transfered and minted

#627 sherlock-admin2 opened 1 month ago
0
0xjoi - H-10 pess-unprotected-initialize

#626 sherlock-admin3 opened 1 month ago
0
zarkk01 - Tax calculations on ```Listings::_resolveListingTax()``` will be wrong for all listings upon ```Locker::taxCalculator``` update.

#625 sherlock-admin2 opened 1 month ago
0
0xjoi - H-9 pess-unprotected-setter

#624 sherlock-admin3 opened 1 month ago
0
dimulski - The formula used in the calculateTax() leads to price discrepancies and listings with certain parameters can't be created

#623 sherlock-admin2 opened 1 month ago
0
0x3adeade - `setInfernalRiftBelow()` function in moongate/src/InfernalRiftAbove.sol can be set by anyone due to lack of access control.

#622 sherlock-admin3 opened 1 month ago
0
0xjoi - H-8 double-entry token exploit

#621 sherlock-admin2 opened 1 month ago
0
0xjoi - M-6 Solmate's SafeTransferLib does not check for token contract's existence

#620 sherlock-admin3 opened 1 month ago
0
xiao - The createListings function may cause a DoS attack due to the lack of array length limit

#619 sherlock-admin2 opened 1 month ago
0
g - Borrowers can bypass interest payments and pay off principal until 0.06 ether remains

#618 sherlock-admin3 opened 1 month ago
0
tvdung94 - Protocol will give much more money as fee to beneficiary than expected

#617 sherlock-admin2 opened 1 month ago
0
merlin - The absence of a `receive` function in the `ERC721Bridgable.sol` and `ERC1155Bridgable.sol` contracts

#616 sherlock-admin3 opened 1 month ago
0
Ironsidesec - Donation fees are sandwichable in one transaction

#615 sherlock-admin2 opened 1 month ago
0
t.aksoy - Manipulation of Unlock Price Through Position Adjustment Leading to Incorrect Interest Calculation

#614 sherlock-admin3 opened 1 month ago
0
cnsdkc007 - withdrawProtectedListing will Does not work

#613 sherlock-admin2 opened 1 month ago
0
araj - `ERC721Bridgable` & `ERC1155Bridgable` won't deploy on zkSync chain correctly

#612 sherlock-admin3 opened 1 month ago
0
zarkk01 - Anyone can redeem the ```canWithdrawAsset``` token by burning ```1``` ```CollectionToken``` while it is non-floor item leading to stealing it from lister of ```ProtectedListings```.

#611 sherlock-admin2 opened 1 month ago
0
g - FTokens are burned after `quorumVotes` are recorded making a portion of the shares unclaimable

#610 sherlock-admin3 opened 1 month ago
0

Previous Next