sherlock-audit 2024-08-winnables-raffles-judging issues

sherlock-audit / 2024-08-winnables-raffles-judging

6 stars 2 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Creamy Scarlet Cottonmouth - "uint64 chainSelector" may affect "function _packCCIPContract" in contract "BaseCCIPContract" and the like.

#644 sherlock-admin4 closed 3 months ago
1
Crazy Porcelain Mole - In `WinnablesTicketManager::createRaffle()`, `minTickets` can be greater than `maxTickets`.

#643 sherlock-admin4 closed 3 months ago
1
Brave Mahogany Lizard - `BaseCCIPSender::_sendCCIPMessage` expects return value but none returned .

#642 sherlock-admin4 closed 3 months ago
0
Straight Hotpink Wolverine - Incorrect Balance Comparison in withdrawTokens Function

#641 sherlock-admin4 closed 3 months ago
1
Fancy Raisin Gorilla - The function `shouldCancelRaffle` in the contract `WinnablesTicketManager.sol` always returns true

#640 sherlock-admin4 closed 3 months ago
0
Fancy Raisin Gorilla - `shouldDrawRaffle` in `WinnablesTicketManager.sol` always returns true

#639 sherlock-admin4 closed 3 months ago
0
Raspy Spruce Parrot - Admins cannot partially withdraw tokens from `WinnablesTicketManager`

#638 sherlock-admin4 closed 3 months ago
1
Gorgeous Tweed Moose - Lack of Pause Mechanism in Case of Emergency

#637 sherlock-admin4 closed 3 months ago
0
Deep Flint Finch - Discrepancy in shouldCancelRaffle and shouldDrawRaffle functions

#636 sherlock-admin4 closed 3 months ago
1
Rich Marigold Swan - [Info] ChainId is not used in signatures, which could lead to replay attacks if WinnablesTicketManager

#635 sherlock-admin4 closed 3 months ago
0
Vast Pastel Trout - BaseCCIPReceiver will return the error InvalidRouter with wrong data

#634 sherlock-admin4 closed 3 months ago
0
Daring Parchment Goblin - Admin could not withdraw tokens below contract balance in `WinnablesTicketManager` contract

#633 sherlock-admin4 closed 3 months ago
1
Rural Midnight Snail - Unused Error Messages in `IWinnables` and `IWinnablesTicketManager` Interfaces, and Missing `Ownable` Implementation in `WinnablesPrizeManager.sol`

#632 sherlock-admin4 closed 3 months ago
1
Raspy Spruce Parrot - Winner may not receive his NFT prize

#631 sherlock-admin4 closed 3 months ago
0
Young Watermelon Starling - unused import

#630 sherlock-admin4 closed 3 months ago
1
Square Felt Puppy - {Admin} Could {LoseOwnerShip} of {WinnablesTicket}

#629 sherlock-admin4 closed 3 months ago
0
Salty Lemon Cod - withdrawTokens() will fail in most cases due to incorrect if condition statement

#628 sherlock-admin4 closed 3 months ago
1
Bald Sky Alligator - Empty `extraArgs` in `BaseCCIPSender` contract will cause CCIP messages to fail when the network is highly congested

#627 sherlock-admin4 closed 3 months ago
1
Keen Cloth Crab - MaximumFee limit can be bypassed

#626 sherlock-admin4 closed 3 months ago
0
Keen Cloth Crab - Authentication bypass in BasicToken

#625 sherlock-admin4 closed 3 months ago
0
Cheery Tangerine Bear - Keeping sufficient LINK Tokens in the contract does not guarantee the successful retrieval of VRF

#624 sherlock-admin4 closed 3 months ago
0
Lone Peanut Swallow - Fixed extraArgs in BaseCCIPSender.sol compromises compatibility with future CCIP upgrades

#623 sherlock-admin4 closed 3 months ago
1
Lone Peanut Swallow - Incorrect check in `WinnablesTicketManager.withdrawTokens`

#622 sherlock-admin4 closed 3 months ago
1
Cheery Tangerine Bear - Lack of constraints on edge cases

#621 sherlock-admin4 closed 3 months ago
1
Agreeable Wooden Unicorn - Ticket is purchasable at block.timestamp == raffle.endsAt

#620 sherlock-admin4 closed 3 months ago
1
Bald Sky Alligator - Admins can only withdraw LINK or ERC20 tokens from WinnablesTicketManager contract with the exact amount of the tokens belong to this contract

#619 sherlock-admin4 closed 3 months ago
1
Polite Pewter Goldfish - transferOwnership should be split into two separate functions

#618 sherlock-admin3 closed 3 months ago
0
Early Iron Hamster - Inconsistent Sanity Check in `lockNFT` and `claimPrize` Functions - 0xaliyah

#617 sherlock-admin3 closed 3 months ago
0
Spare Opaque Cottonmouth - Not handled return value of `approve()`

#616 sherlock-admin3 closed 3 months ago
1
MrPotatoMagic - Reentrancy in claimPrize() allows malicious winner to steal ETH

#615 sherlock-admin3 closed 2 months ago
0
denzi_ - Account Abstraction Wallets are unable to claim rewards

#614 sherlock-admin3 closed 2 months ago
0
0x0bserver - Admin Can Exploit Raffle System to Steal Funds and Block Prize Claims

#613 sherlock-admin3 closed 2 months ago
1
John_Femi - Claimed raffle can still be cancelled and Vice-Versa

#612 sherlock-admin3 closed 2 months ago
0
dinkras_ - last second raffle cancel

#611 sherlock-admin3 closed 2 months ago
4
anonimoux2k - Missing validation on minTickets and maxTickets in createRaffle function

#610 sherlock-admin3 closed 3 months ago
1
Trident-Audits - Incompatibility with smart accounts will cause prizes to be stuck for raffle winners

#609 sherlock-admin3 closed 2 months ago
1
roguereggiant - The implementation of _packCCIPContract and _ccipReceive allows message receiving from chains with same chain id where one might not be configured.

#608 sherlock-admin3 closed 2 months ago
0
anj20 - An attacker will steal funds from the contract by exploiting a reentrancy vulnerability

#607 sherlock-admin3 closed 2 months ago
0
MrPotatoMagic - Users using multisigs or AA wallets would lose their raffle prize

#606 sherlock-admin3 closed 2 months ago
0
vinica_boy - H-2: Admin can prevent winners from withdrawing his prize

#605 sherlock-admin3 closed 2 months ago
1
Besto - Function "_SendETH" will not be able to send ETH to the relevant account.

#604 sherlock-admin3 closed 2 months ago
0
Lfg - Wrong Validation Check on `withdrawTokens` Function in WinnablesTicketManager.sol

#603 sherlock-admin3 closed 2 months ago
1
ni8mare - Winner prize can be sent to the wrong address on destination chain when account abstraction wallets are used

#602 sherlock-admin3 closed 2 months ago
0
turvec - Attackers can cancel raffles that reaches minTicketsThreshold due to using > instead of >=

#601 sherlock-admin3 closed 2 months ago
1
gululu - WinnablesTicketManager::buyTickets` function doesn't checks for `msg.value=0` condition, one can buy tickets for free.

#600 sherlock-admin3 closed 2 months ago
0
denzi_ - Denial of Service Vulnerability in Raffle Cancellation Logic

#599 sherlock-admin3 closed 2 months ago
0
denzi_ - Reentrancy Vulnerability in `WinnablesPrizeManager::claimPrize()` Function

#598 sherlock-admin3 closed 2 months ago
0
denzi_ - Irreversible Role Assignment in Roles.sol

#597 sherlock-admin3 closed 2 months ago
0
denzi_ - Incorrect Bit Shifting in `BaseCCIPContract::_packCCIPContract()` Function

#596 sherlock-admin3 closed 2 months ago
0
durov - A malicious admin can exploit the system

#595 sherlock-admin3 closed 2 months ago
1