sherlock-audit 2024-10-ethos-network-judging issues

sherlock-audit / 2024-10-ethos-network-judging

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Scrawny Neon Python - `_doesReplyExist` Should call at first on `editReply` function of `EthosDiscussion`

#337 sherlock-admin4 closed 1 week ago
0
Dry Yellow Canary - AccessControlEnumerable will have storage collisions with UUPS

#336 sherlock-admin2 closed 1 week ago
0
Scrawny Neon Python - `archiveAttestation` should revert if already archived

#335 sherlock-admin3 closed 1 week ago
0
Jovial Tan Donkey - Wrong storage of removed addresses in EthosProfile causes confusion.

#334 sherlock-admin4 closed 1 week ago
1
Jovial Tan Donkey - Wrong storage of Reply in EthosDiscussion.sol

#333 sherlock-admin2 closed 1 week ago
0
Acrobatic Burlap Lizard - ContractAddressManager:getContractAddressForName() should revert if contract is not found

#332 sherlock-admin3 closed 1 week ago
0
Acrobatic Burlap Lizard - Function `targetExistsAndAllowedForId()` returns unnecessary the same doubled values

#331 sherlock-admin4 closed 1 week ago
0
Acrobatic Burlap Lizard - Function `EthosProfile:bulkInviteAddresses()`wastes a lot of gas

#330 sherlock-admin2 closed 1 week ago
0
Acrobatic Burlap Lizard - Hardcoded values could lead to errors

#329 sherlock-admin3 closed 1 week ago
0
Acrobatic Burlap Lizard - Value in InteractionControl.sol:removeControlledContractName() can be calculated before to save gas

#328 sherlock-admin4 closed 1 week ago
0
Acrobatic Burlap Lizard - Upgrade to Solidity 0.8.28

#327 sherlock-admin2 closed 1 week ago
0
Acrobatic Burlap Lizard - Contract Common.sol should be a library

#326 sherlock-admin3 closed 1 week ago
0
Acrobatic Burlap Lizard - Argument `randValue` of EthosAttestation.sol:createAttestation() is useless

#325 sherlock-admin4 closed 1 week ago
0
Acrobatic Burlap Lizard - Argument `uint256 profileId ` of EthosAttestation.sol:createAttestation() is useless

#324 sherlock-admin2 closed 1 week ago
0
Soft Tangerine Kitten - Unnecessary internal function call in 'modifyVote' function costs gas inefficiency

#323 sherlock-admin3 closed 1 week ago
0
Puny Obsidian Beaver - Incorrect `revert` parameter may lead to confusions

#322 sherlock-admin4 closed 1 week ago
0
Little Mandarin Chameleon - Non-upgradeable contracts inherited

#321 sherlock-admin2 closed 1 week ago
0
Melodic Peanut Anteater - pausableUpgradable from oppenzeppline must be used.

#320 sherlock-admin4 opened 1 week ago
0
Scrawny Neon Python - Anybody can register their address with a particular `profileId`

#319 sherlock-admin3 opened 1 week ago
1
Basic Pebble Haddock - Review authors should be able to archive and restore reviews from any address that belongs to the profile

#318 sherlock-admin2 opened 1 week ago
0
Precise Sapphire Mole - Some Users may get less invites than other after setDefaultNumberOfInvites is called

#317 sherlock-admin4 opened 1 week ago
0
Melodic Peanut Anteater - The incorrect address is removed in _deleteAddressAtIndexFromArray()

#316 sherlock-admin3 opened 1 week ago
0
Large Amber Camel - use safetransfer instead of transfer

#315 sherlock-admin2 opened 1 week ago
0
Electric Satin Koala - EthosProfile which contains multiple address cannot work with `archiveReview() and `restoreReview()`

#314 sherlock-admin4 opened 1 week ago
0
Dry Yellow Canary - User may have his transfer failed when paying price for review

#313 sherlock-admin3 opened 1 week ago
0
Dry Yellow Canary - User will get same hash when attestation details are modified slightly

#312 sherlock-admin2 opened 1 week ago
0
Precise Sapphire Mole - Potential Hash Collision will cause overwrite of attestation

#311 sherlock-admin4 opened 1 week ago
0
Passive Mahogany Porpoise - The incorrect counting of profile addresses wrongly limits their total number

#310 sherlock-admin3 opened 1 week ago
1
Bumpy Taupe Lobster - Anyone with a profile will have unlimited number of invites and can swing votes in their favor

#309 sherlock-admin4 closed 1 week ago
0
Jovial Chambray Sparrow - a re-registred address will count double in the sum of checkMaxAddresses

#308 sherlock-admin3 opened 1 week ago
0
Passive Mahogany Porpoise - Re-registering an address does not remove it from the compromised list

#307 sherlock-admin2 opened 1 week ago
0
Main Watermelon Octopus - There’s an error in the _deleteAddressAtIndexFromArray function

#306 sherlock-admin4 opened 1 week ago
1
Silly Grape Bear - Unauthorized `Attestations` Allowed for Archived Profiles in `EthosAttestation` Contract

#305 sherlock-admin3 opened 1 week ago
0
Proud Frost Alligator - Attestation Reviews does not properly handle the case when attestation ownership has changed

#304 sherlock-admin2 opened 1 week ago
0
Digital Umber Mustang - `attestationById` does not get updated when attestations are claimed in `EthosAttestation`

#303 sherlock-admin4 opened 1 week ago
0
Tart Coral Jay - There is no restriction on the number of invitees in the param in bulkInviteAddresses function in EthosProfile contract which could lead to out of bound gas issue.

#302 sherlock-admin3 opened 1 week ago
0
Passive Mahogany Porpoise - A compromised address does not lose any ability to perform actions on behalf of the profile

#301 sherlock-admin2 opened 1 week ago
0
Quaint Nylon Caterpillar - When a mock address is registered to another user, it loses its reviews, votes, and comments

#300 sherlock-admin4 opened 1 week ago
0
Electric Satin Koala - Wrong address gets deleted in `_deleteAddressAtIndexFromArray()`

#299 sherlock-admin3 opened 1 week ago
0
Tart Coral Jay - Signature entered in createAttestation function in EthosAttestation contract could lead to anyone using signature for malicious purpose for other profileId

#298 sherlock-admin2 opened 1 week ago
0
Proud Frost Alligator - Lack of proper validations in EthosDiscussion.sol lets a compromised address to add malicious replys on user's behalf

#297 sherlock-admin4 opened 1 week ago
0
Expert Ruby Yeti - Upgrades might cause storage collision

#296 sherlock-admin3 opened 1 week ago
0
Passive Mahogany Porpoise - An incorrectly identified author will not be able to archive or restore reviews

#295 sherlock-admin2 opened 1 week ago
1
Silly Grape Bear - Use of `transfe`r Instead of `safeTransfer` in `EthosReview` Contract can cause problems in some cases

#294 sherlock-admin4 opened 1 week ago
0
Tart Coral Jay - Hash collision due to use of abi.encodePacked() in registerAddress function will cause anyone to use signature for different profileId then the one it is signed for

#293 sherlock-admin3 opened 1 week ago
0
Basic Pebble Haddock - Compromised accounts can use the profile freely

#292 sherlock-admin2 opened 1 week ago
0
Tame Burlap Loris - _deleteAddressAtIndexFromArray() is broken

#291 sherlock-admin4 opened 1 week ago
0
Jovial Chambray Sparrow - self review is possible if a user review an attestation before claiming it .

#290 sherlock-admin3 opened 1 week ago
0
Future Merlot Cobra - `replyCount` starts at zero will create data inconsistency across Ethos Network

#289 sherlock-admin2 opened 1 week ago
0
Proud Frost Alligator - Lack of delete or compromised functionality for attestations can be exploited

#288 sherlock-admin4 opened 1 week ago
0