sherlock-audit 2024-10-ethos-network-judging issues

sherlock-audit / 2024-10-ethos-network-judging

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

dobrevaleri - User is able to uninvite addresses even when contracts are paused

#237 sherlock-admin4 opened 2 weeks ago
0
dobrevaleri - Archived profile can still perform operations

#236 sherlock-admin3 opened 2 weeks ago
1
0xpetern - Lack of check if an address is compromised thereby allowing a malicious address to be invited

#235 sherlock-admin2 opened 2 weeks ago
0
0xmujahid002 - Simultaneous ERC20 and native ETH payments cause unexpected reverts, user confusion, and potential gas loss

#234 sherlock-admin4 opened 2 weeks ago
0
0xpetern - An attacker can use a single address to create numerous profiles for fraudulent purposes

#233 sherlock-admin3 opened 2 weeks ago
0
s0x0mtee - Deleted(Compromised) addresses can still invite users.

#232 sherlock-admin2 opened 2 weeks ago
0
justAWanderKid - Malicious Actor Can Permanently Ban Users Without Profiles by Registering and Immediately Unregistering Them, Preventing Future Interaction with Ethos Network

#231 sherlock-admin4 opened 2 weeks ago
0
ajayss - Anyone can bulkInviteAddresses() after registerAddress() to a random profile exhausting the invite limit

#230 sherlock-admin3 opened 2 weeks ago
0
Falendar - No one is able to claim Attestations

#229 sherlock-admin2 opened 2 weeks ago
0
ajayss - User can register an existing address in profile id to a profile id then delete one, allowing it to be removed and active at the same time

#228 sherlock-admin4 opened 2 weeks ago
0
y4y - Inconsistent permission check in `EthosReview::editReview` and `EthosReview::archiveReview`

#227 sherlock-admin3 opened 2 weeks ago
0
0xpetern - Inaccurate Profile Verification Logic Leads to Misclassification of Mock Profiles

#226 sherlock-admin2 opened 2 weeks ago
0
justAWanderKid - Lack of Active Status Check Allows Archived Profiles to Claim Attestations

#225 sherlock-admin4 opened 2 weeks ago
1
justAWanderKid - Mock Attestation is Able to Avoid Good/Bad Review Impact, Resulting in Attestation Reputation Reset

#224 sherlock-admin3 opened 2 weeks ago
0
LeFy - Reregistering an already deleted address is not implemented correctly

#223 sherlock-admin2 opened 2 weeks ago
0
dobrevaleri - Deleted address will still have full control over the profile.

#222 sherlock-admin4 opened 2 weeks ago
0
ajayss - Anyone can deleteAddressAtIndex() after registerAddress() to a random profile taking over the account.

#221 sherlock-admin3 opened 2 weeks ago
0
Shawler - Attacker Could Forge Service Attestation Identity Through Hash Collision

#220 sherlock-admin2 opened 2 weeks ago
0
justAWanderKid - Since Users Can Claim Each Others Attestations, Invalid User or Malicious Actor Can Claim an Attestation Does Not Belong to Them, To Damage Attestation Reputation

#219 sherlock-admin4 opened 2 weeks ago
0
DigiSafe - Missing signature expiration

#218 sherlock-admin3 opened 2 weeks ago
0
justAWanderKid - Possiblity of Unexpectedly Claiming an Existent Attestation Due to Hash Collision in Attestation Creation Process

#217 sherlock-admin2 opened 2 weeks ago
0
0xmujahid002 - Uninitialized reviews default to a negative score, potentially harming user reputation

#216 sherlock-admin4 opened 2 weeks ago
0
LeFy - Users can still do Self Review and can influence their reputation and credibility score

#215 sherlock-admin3 opened 2 weeks ago
0
justAWanderKid - Review Author is Allowed to Leave Self Reviews Due to Missing Validation in `EthosReview::_validateReviewDetails()` Leading to Breaking the Core Invariant

#214 sherlock-admin2 opened 2 weeks ago
0
0xmujahid002 - Lack of Target Contract Verification in `EthosDiscussion.sol` allows unauthorized replies to non-Ethos contracts

#213 sherlock-admin4 opened 2 weeks ago
0
heeze - Only the author address of a review can restore and archive the review.

#212 sherlock-admin3 opened 2 weeks ago
0
0xSolus - Arbitrary code execution

#211 sherlock-admin2 opened 2 weeks ago
0
pkqs90 - SafeERC20 should be used to transfer tokens in EthosReview

#210 sherlock-admin4 opened 2 weeks ago
0
pkqs90 - `EthosDiscussion#addReply()` does not check if targetContract is an EthosContract.

#209 sherlock-admin3 opened 2 weeks ago
0
pkqs90 - Users can review their own address/attestation, then later add it to their own profileId.

#208 sherlock-admin2 opened 2 weeks ago
0
pkqs90 - EthosVote does not implement `targetExistsAndAllowedForId()` function

#207 sherlock-admin4 opened 2 weeks ago
0
pkqs90 - Corruptible Upgradability Pattern

#206 sherlock-admin3 opened 2 weeks ago
0
pkqs90 - EthosReview `reviewIdsBySubjectAddress()` function returns incorrect result if address is registered to another profileId.

#205 sherlock-admin2 opened 2 weeks ago
0
pkqs90 - EthosReview `reviewIdsBySubjectAttestationHash()/reviewsByAttestationHashInRange()` functions returns incorrect result if attestation is claimed.

#204 sherlock-admin4 opened 2 weeks ago
0
pkqs90 - `EthosProfile#deleteAddressAtIndex()` should implement an address check to avoid removing the wrong address.

#203 sherlock-admin3 opened 2 weeks ago
0
pkqs90 - `EthosProfile#registerAddress()` does not check for duplicate addresses.

#202 sherlock-admin2 opened 2 weeks ago
0
pkqs90 - Address is still marked as compromised when registered back by `registerAddress`.

#201 sherlock-admin4 opened 2 weeks ago
0
pkqs90 - EthosReview payment does not check if msg.value is zero if price is zero for native Eth.

#200 sherlock-admin3 opened 2 weeks ago
0
0xSolus - Inconsistent logic for `targetExistsAndAllowedForId()`

#199 sherlock-admin2 opened 2 weeks ago
0
pkqs90 - `attestationById[]` does not change accordingly when Attestation is updated.

#198 sherlock-admin4 opened 2 weeks ago
0
pkqs90 - `EthosProfile#uninviteUser()` is not guarded by `whenNotPaused`

#197 sherlock-admin3 opened 2 weeks ago
0
pkqs90 - Attestation Hash Collision

#196 sherlock-admin2 opened 2 weeks ago
0
pkqs90 - Archived ProfileIds can still perform multiple actions in Ethos system.

#195 sherlock-admin4 opened 2 weeks ago
0
0xSolus - Archives profile should only be allowed to restore their profile.

#194 sherlock-admin3 opened 2 weeks ago
0
0xSolus - Use call instead of transfer for withdrawals.

#193 sherlock-admin2 opened 2 weeks ago
0
justAWanderKid - Malicious Actor Can Hijack Any Profile and Compromise Remaining Users Of the Same Profile, Preventing Them from Interacting with Ethos Network And Taking Advantage of Profile Reputation For Malicious Purposes

#192 sherlock-admin4 opened 2 weeks ago
0
Mahi_Vasisth - Missing _doesReplyExist Check in repliesByAuthorInRange and directRepliesInRange Functions

#191 sherlock-admin3 opened 2 weeks ago
0
Mahi_Vasisth - USE CALL INSTEAD OF TRANSFER

#190 sherlock-admin2 opened 2 weeks ago
0
justAWanderKid - Inviter Has Ability to Make Invitee Profile Creation Fail and Revert

#189 sherlock-admin4 opened 2 weeks ago
0
LeFy - deleteAddressAtIndex() adds the wrong address to the removedAddresses[] list

#188 sherlock-admin3 opened 2 weeks ago
0

Previous Next