sherlock-audit 2024-08-winnables-raffles-judging issues

sherlock-audit / 2024-08-winnables-raffles-judging

6 stars 2 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

gkrastenov - Users can not claim their rewards if they use an account abstraction wallet

#594 sherlock-admin3 closed 3 months ago
0
PNS - `buytickets` function can be completely blocked under high demand

#593 sherlock-admin3 closed 3 months ago
1
Yanev - WinnablesPrizeManager.sol is susceptible to signature replay attacks in the case of a hard fork

#592 sherlock-admin3 closed 3 months ago
0
John_Femi - last raffle ticker buyer will never win the raffle

#591 sherlock-admin3 closed 3 months ago
0
MrPotatoMagic - Admin cannot remove an existing role in case of address compromise

#590 sherlock-admin3 closed 3 months ago
0
X1pherW0lf - `WinnablesTicketManager::refundPlayers` will revert half way before refunding all users

#589 sherlock-admin3 closed 3 months ago
0
rbserver - Executing `uint256(chainSelector << 160)` in `BaseCCIPContract._packCCIPContract` function equals 0 mistakenly, which allows unauthorized CCIP sender corresponding to unauthorized `message.sourceChainSelector` to call `WinnablesPrizeManager._ccipReceive` and `WinnablesTicketManager._ccipReceive` functions to change corresponding raffle's state unexpectedly, such as setting such raffle's winner to someone controlled by such unauthorized CCIP sender

#588 sherlock-admin3 closed 3 months ago
0
rsam_eth - `WinnablePrizeManager::claimPrize` is vulnerable to reentrancy attacks, allowing a raffle winner to drain `prizeManager`

#587 sherlock-admin3 closed 3 months ago
0
tdey - `WinnablesTicketManager::buyTickets` function doesn't checks for `msg.value=0` condition, one can buy tickets for free.

#586 sherlock-admin3 closed 3 months ago
0
0xjarix - Winner can steal prizes of other winners

#585 sherlock-admin3 closed 3 months ago
0
Silvermist - WinnablesTicketManager.col#buyTickets - Tickets buy logis is susceptible to signature replay attacks in the case of a hard fork

#584 sherlock-admin3 closed 3 months ago
0
roguereggiant - `_packCCIPContract` function zero out the chain selector unintentionally causing the address to call from any chain.

#583 sherlock-admin3 closed 3 months ago
0
Avci - attacker can prevent owner from withdrawing tokens

#582 sherlock-admin3 closed 3 months ago
1
Lfg - Frontrunning Vulnerability in `refundPlayers` Function in WinnablesTicketManager.sol Leading to Denial of Service

#581 sherlock-admin3 closed 3 months ago
0
0x0bserver - Admin Can Manipulate Raffle Outcomes by Minting Unlimited Tickets

#580 sherlock-admin3 closed 3 months ago
1
Besto - abi.encodePacked will affect the uri function

#579 sherlock-admin3 closed 3 months ago
0
gululu - A raffle with 100% win rate can be created.

#578 sherlock-admin3 closed 3 months ago
0
dinkras_ - DOS of the create raffle functionality

#577 sherlock-admin3 closed 3 months ago
0
Trident-Audits - Lack of access control in `WinnablesTicketManager::cancelRaffle` can cause DOS for the admin

#576 sherlock-admin3 closed 3 months ago
0
turvec - Attackers can prevent admin from withdrawing Link or any ERC20 tokens in the contract due to use of wrong operator

#575 sherlock-admin3 closed 3 months ago
1
Avci - hardcode empty `extraArgs` argument value in `BaseCCipSender.sol` contract

#574 sherlock-admin3 closed 3 months ago
1
darkart - {malicious user} will {drain} {the vault}

#573 sherlock-admin3 closed 3 months ago
0
dimi6oni - Unauthorized Prize Claim Due to Premature Asset Transfer in claimPrize Function

#572 sherlock-admin3 closed 3 months ago
0
dimi6oni - Incorrect Balance Check in Token Withdrawal Function Leads to Denial of Service

#571 sherlock-admin3 closed 3 months ago
1
AuditorPraise - ETH raffle type prize winner can drain WinnablesPrizeManager.sol's ETH balance

#570 sherlock-admin3 closed 3 months ago
0
dimi6oni - Unprotected Raffle Cancellation Enables Cross-Chain Timing Attacks and Protocol Disruption

#569 sherlock-admin3 closed 3 months ago
0
0xnolo - Incorrect Role Assignment Logic Will Mismanage User Roles

#568 sherlock-admin3 closed 3 months ago
0
wickie - [Low] `WinnablesPrizeManager.sol::claimPrize()` checks if msg.sender is winner or not after sending the prize.

#567 sherlock-admin3 closed 3 months ago
0
ni8mare - `_ccipReceive` in `WinnablesTicketManager` does not update the `RaffleStatus` to CANCELED.

#566 sherlock-admin3 closed 3 months ago
0
tofunmi - No authorized check for msg.sender and prizeManager param in propagateRaffleWinner during message propagation to the prizeManager

#565 sherlock-admin3 closed 3 months ago
0
dimi6oni - Inconsistent ETH Locking Mechanism Leading to Fund Lockup

#564 sherlock-admin3 closed 3 months ago
0
ogKapten - Unauthorized Actors Will Prevent the Raffle Winner from Claiming Their Prize

#563 sherlock-admin3 closed 3 months ago
0
dimi6oni - Unclaimed Prize Manipulation Leading to Indefinite Asset Lock

#562 sherlock-admin3 closed 3 months ago
0
0xAadi - Old Owners Retain Unauthorized Access to Critical Functions in `WinnablesPrizeManager` and `WinnablesTicket` Contracts

#561 sherlock-admin3 closed 3 months ago
0
zraxx - Users can use multiple accounts to bypass the function `_checkTicketPurchaseable`.

#560 sherlock-admin3 closed 3 months ago
0
Waydou - Potential for Locked ETH in the `WinnablesTicketManager`

#559 sherlock-admin3 closed 3 months ago
0
PratRed - Roles once assigned cannot be revoked.

#558 sherlock-admin3 closed 3 months ago
0
Oxsadeeq - An admin could withdraw a raffle's winner prize if the reward is an ERC20 Token.

#557 sherlock-admin3 closed 3 months ago
3
0xnolo - shouldDrawRaffle Function Always Returns True Due to Reverts in Internal Check

#556 sherlock-admin3 closed 3 months ago
0
Valenz - `WinnablesTicket::ownerOf` can get the wrong winner

#555 sherlock-admin3 closed 3 months ago
0
tdey - https://github.com/sherlock-audit/2024-08-winnables-raffles-tamoghna-dey/blob/81b28633d0f450e33a8b32976e17122418f5d47e/public-contracts/contracts/WinnablesTicketManager.sol#L347-L361

#554 sherlock-admin3 closed 3 months ago
0
Afriaudit - Inconsistent Role Management in `_setRole` Function Due to Ignored `status` Parameter

#553 sherlock-admin3 closed 3 months ago
0
smbv-1923 - Reentrancy Attack while calling `claimPrize()`

#552 sherlock-admin3 closed 3 months ago
0
Yanev - Possible DOS in refundPlayers()

#551 sherlock-admin3 closed 3 months ago
0
kuprum - A raffle may be guaranteed won, or canceled despite reaching maxTicketSupply, thus depriving users from winning it

#550 sherlock-admin3 closed 3 months ago
2
zraxx - The `raffle` can be drawn and cancelled at the same time, which violates uniqueness.

#549 sherlock-admin3 closed 3 months ago
2
ogKapten - Unauthorized Actors Will Permanently Lock the Raffle Prize for the Raffle Creator

#548 sherlock-admin3 closed 3 months ago
0
BlocSoc_Audits - [H-2] Possible Reentrancy in WinnablesPrizeManager::claimPrize()

#547 sherlock-admin3 closed 3 months ago
0
PNS - Attacker can block the winner from claiming the prize

#546 sherlock-admin3 closed 3 months ago
0
Paradox - CCIP message passing will break as exceptions are not handled gracefully

#545 sherlock-admin3 closed 3 months ago
17

Previous Next