Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

Issues: sherlock-audit/2023-02-openq-judging

14 Open 554 Closed
14 Open 554 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Jeiwan - Non-whitelisted tokens cannot be added if the limit of token addresses is filled with whitelisted ones Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#530 opened Feb 22, 2023 by github-actions bot
3
0x52 - Adversary can lock every deposit forever by making a deposit with _expiration = type(uint256).max Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#362 opened Feb 21, 2023 by github-actions bot
2
0x52 - Adversary can brick bounty payouts by calling fundBountyToken but funding it with an ERC721 token instead Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#352 opened Feb 21, 2023 by github-actions bot
7
unforgiven - when issuer set new winner by calling setTierWinner() code should reset invoice and supporting documents for that tier Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue Won't Fix The sponsor confirmed this issue will not be fixed
#297 opened Feb 21, 2023 by github-actions bot
5
0x52 - Tier winner can steal excess funds from tiered percentage bounty if any deposits are expired Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#275 opened Feb 21, 2023 by github-actions bot
7
0x52 - Adversary can permanently break percentage tier bounties by funding certain ERC20 tokens then refunding Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#267 opened Feb 21, 2023 by github-actions bot
7
0x52 - Adversary can permanently break reward distribution for percentage tier bounties by funding bounty then refunding after competition closes Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#266 opened Feb 21, 2023 by github-actions bot
3
0x52 - Adversary can block NFT distribution on tiered bounties by assigning the NFTs to unused tiers Medium A valid Medium severity issue Reward A payout will be made for this issue Won't Fix The sponsor confirmed this issue will not be fixed
#264 opened Feb 21, 2023 by github-actions bot
3
0x52 - Adversary can break any bounty they wish by depositing an NFT then refunding it Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#263 opened Feb 21, 2023 by github-actions bot
8
0x52 - Adversary can break NFT distribution by depositing up to max then refunding all of them Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#262 opened Feb 21, 2023 by github-actions bot
4
0x52 - Refunding logic with multiple deposits is first mover take all Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#257 opened Feb 21, 2023 by github-actions bot
3
clems4ever - Resizing the payout schedule with less items might revert Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#244 opened Feb 21, 2023 by github-actions bot
2
carrot - Refunds can be bricked by triggering OOG (out of gas) in DepositManager Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#77 opened Feb 21, 2023 by github-actions bot
3
carrot - Bounties can be broken by funding them with malicious ERC20 tokens Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#62 opened Feb 21, 2023 by github-actions bot
3
ProTip! Adding no:label will show everything without a label.