sherlock-audit 2024-10-ethos-network-judging issues

sherlock-audit / 2024-10-ethos-network-judging

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

056Security - `abi.encodePacked` Allows Hash Collision in `EthosAttestation::getServiceAndAccountHash`

#287 sherlock-admin3 opened 2 weeks ago
0
0xBhumii - `Compromised Address` Voting in `EthosVote` Contract leading to damage of user reputation

#286 sherlock-admin2 opened 2 weeks ago
0
dobrevaleri - Transfering attestation to another profile will leave the reviews for the attestation in the old profile

#285 sherlock-admin4 opened 2 weeks ago
0
pashap9990 - Admins cannot pause or unpause contracts

#284 sherlock-admin3 opened 2 weeks ago
0
aycozyOx - Lack of Access Control in registerAddress Function of EthosProfile.sol

#283 sherlock-admin2 opened 2 weeks ago
0
Bozho - Compromised addresses can interact with the whole system and grief other users

#282 sherlock-admin4 opened 2 weeks ago
0
IzuMan - `EthosAttestation:: _keccakForCreateAttestation` Can Be Manipulated

#281 sherlock-admin3 opened 2 weeks ago
1
PNS - `EthosVoten` `EthosDiscussion` are not compatible with the used contract upgrade mechanism

#280 sherlock-admin2 opened 2 weeks ago
0
056Security - Deleted(Compromised) user can freely interact with almost every function in the `EthosProfile` contract as well as with the rest of the contract in the Ethos network

#279 sherlock-admin4 opened 2 weeks ago
0
LeFy - Using Pausable instead of PausableUpgradeable in a UUPSUpgradeable contract can lead to issues

#278 sherlock-admin3 opened 2 weeks ago
0
sakibcy - No check if review exists or not on `editReview` of `EthosReview`

#277 sherlock-admin2 opened 2 weeks ago
0
0xBhumii - Replay Attack Risk in `SignatureVerifier` Contract for `Ethos Network`

#276 sherlock-admin4 opened 2 weeks ago
0
ajayss - Attacker will clog the protocol with arbitrary amount of profiles

#275 sherlock-admin3 opened 2 weeks ago
0
pashap9990 - past reviews will be lost when attestation claim for another profile

#274 sherlock-admin2 opened 2 weeks ago
0
y4y - It's possible to sybil attack `EthosProfile::createProfile`

#273 sherlock-admin4 opened 2 weeks ago
0
0xBhumii - Unrestricted Uninviting from `Archived` or `Compromised` Profiles in `EthosProfile` Contract

#272 sherlock-admin3 opened 2 weeks ago
0
s0x0mtee - Deleted(Compromised) addresses can still uninvite users.

#271 sherlock-admin2 opened 2 weeks ago
0
heeze - No check to ensure the targetContract is a valid Ethos contract

#270 sherlock-admin4 opened 2 weeks ago
0
0xBhumii - `Bulk Invites` May Cause Transaction Reverts in `EthosProfile` Contract

#269 sherlock-admin3 opened 2 weeks ago
0
PNS - Corruptible Upgradability Pattern

#268 sherlock-admin2 opened 2 weeks ago
0
pashap9990 - votesInRangeFor will be reverted because of out of gas error

#267 sherlock-admin4 opened 2 weeks ago
0
DenTonylifer - Lack of access control in registerAddress() function

#266 sherlock-admin3 opened 2 weeks ago
0
durov - `_deleteAddressAtIndexFromArray()` pushes wrong address to `removedAddresses` array

#265 sherlock-admin2 opened 2 weeks ago
0
s0x0mtee - Attacker can add a `reply` even if not registered and can also reply to an `invalid` target by setting the `targetContract` parameter to a mallicious contract where the checks for `targetContract` will be validated.

#264 sherlock-admin4 opened 2 weeks ago
0
0xBhumii - Unauthorized `Invites` from `Compromised Addresses` Threaten User Credibility in `EthosProfile` Contract

#263 sherlock-admin3 opened 2 weeks ago
0
aycozyOx - Incorrect Address removal Handling in _deleteAddressAtIndexFromArray() of EthosProfile.sol

#262 sherlock-admin2 opened 2 weeks ago
0
ajayss - User will not be able to add reply to the contract EthosDiscussion

#261 sherlock-admin4 opened 2 weeks ago
0
y4y - Attestation can be forced restored out of archive in `EthosAttestation::_claimAttestation`

#260 sherlock-admin3 opened 2 weeks ago
0
056Security - User reviews can be edited by anyone in the profile breaking function invariant

#259 sherlock-admin2 opened 2 weeks ago
0
0xBhumii - Lack of `Compromised Address` Check Allows Unauthorized Replies in `EthosDiscussion` contract

#258 sherlock-admin4 opened 2 weeks ago
0
Dliteofficial - Griefing: A compromised address within a profile could invite additional addresses, potentially maxing out the profile's total allowed invites.

#257 sherlock-admin3 opened 2 weeks ago
0
aycozyOx - Failure to Handle Token Transfer with safeTransfer in _handlePayment Function

#256 sherlock-admin2 opened 2 weeks ago
0
goluu - Preventing Inconsistent State in Contract Address Mapping: Fixing Bypass and Duplication Vulnerabilities

#255 sherlock-admin4 opened 2 weeks ago
0
0xlookman - 0xlookman: Using own but unregistered attestation users can review their own profiles.

#254 sherlock-admin3 opened 2 weeks ago
0
s0x0mtee - Anyone can register themselves or any address to any profile and delete the address of the owners of those profiles (including Owner's profile) they choose without even having a profile.

#253 sherlock-admin2 opened 2 weeks ago
0
dobrevaleri - Claiming attestation or address of mock profile to an existing profile will remove the reviews, votes and discussions associated with it

#252 sherlock-admin4 opened 2 weeks ago
0
goluu - Fixing DoS Vulnerability in Ether Withdrawal: Replacing .transfer with .call to Prevent Fund Locking

#251 sherlock-admin3 opened 2 weeks ago
0
justAWanderKid - Malicious User Can Block Other Members of the Same Profile from Interacting with the Ethos Network by Continuously Archiving the Profile Whenever is Restored

#250 sherlock-admin2 opened 2 weeks ago
0
pashap9990 - last address always will be pushed to removedAddress instead of proper index

#249 sherlock-admin4 opened 2 weeks ago
0
0xmujahid002 - Potential Underflow via `_modifyVote` function in `EthosVote` Contract

#248 sherlock-admin3 opened 2 weeks ago
0
056Security - mocked,archived profiles could archive attestations

#247 sherlock-admin2 opened 2 weeks ago
1
heeze - The `EthosProfile::uninviteUser` function does not check if the contract is paused.

#246 sherlock-admin4 opened 2 weeks ago
0
LeFy - A malicious compromised address of a profile can claim malicious attestations to a profile

#245 sherlock-admin3 opened 2 weeks ago
0
0xmujahid002 - Use of `.transfer` can cause Ether withdrawal failures, leading to funds being stuck in the contract

#244 sherlock-admin2 opened 2 weeks ago
0
LeFy - No evidence check while registering an address lets anyone claim any addresses

#243 sherlock-admin4 opened 2 weeks ago
0
s0x0mtee - Deleted addresses can reregister themselves and can also register other addresses

#242 sherlock-admin3 opened 2 weeks ago
0
dobrevaleri - User can submit infinite number of reviews

#241 sherlock-admin2 opened 2 weeks ago
0
nikhil840096 - Registered User Can Block New Addresses from Creating Profiles on Ethos.

#240 sherlock-admin4 opened 2 weeks ago
0
Falendar - Missing `whenNotPaused` modifier in `uninviteUser`

#239 sherlock-admin3 opened 2 weeks ago
0
justAWanderKid - Malicious Actor Can Prevent Inviter from Sending Invitations Indefinitely by Registering and Unregistering Invitee Before Invitation Is Sent

#238 sherlock-admin2 opened 2 weeks ago
0

Previous Next