-
Notifications
You must be signed in to change notification settings - Fork 0
Issues: sherlock-audit/2024-05-andromeda-ado-judging
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
J4X_ - Batch creation will break if vestings are opened to recipients
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#59
opened Jun 23, 2024 by
sherlock-admin4
J4X_ - Lockup of vestings or completion time can be bypassed due to missing check for staked tokens
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#58
opened Jun 23, 2024 by
sherlock-admin3
J4X_ - Staked tokens will get stuck after claim
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#57
opened Jun 23, 2024 by
sherlock-admin2
J4X_ - Changes of the A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
UnbondingTime
are not accounted for
Medium
#54
opened Jun 23, 2024 by
sherlock-admin2
J4X_ - Attacker can freeze users first rewards
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Disputed
The sponsor disputed this issue's validity
Won't Fix
The sponsor confirmed this issue will not be fixed
#50
opened Jun 23, 2024 by
sherlock-admin4
bin2chen - execute_claim() possible loss of accuracy or even inability to retrieve funds
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#49
opened Jun 23, 2024 by
sherlock-admin3
bin2chen - is_permissioned() It doesn't make sense to have permissions by default after Blacklisted expires.
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#47
opened Jun 23, 2024 by
sherlock-admin4
bin2chen - is_permissioned() may underflow
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#46
opened Jun 23, 2024 by
sherlock-admin3
bin2chen - verify_origin() previous_sender may be forged
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#45
opened Jun 23, 2024 by
sherlock-admin2
bin2chen - if Slash Validator occurs, UNSTAKING_QUEUE's unstake amount will not be accurate
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#44
opened Jun 23, 2024 by
sherlock-admin4
bin2chen - If WithdrawAddrEnabled = false, execute_claim() will fail
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#43
opened Jun 23, 2024 by
sherlock-admin3
bin2chen - when a validator is kicked out of the bonded validator set ,unstake funds will remain in the contract
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Disputed
The sponsor disputed this issue's validity
Won't Fix
The sponsor confirmed this issue will not be fixed
#41
opened Jun 23, 2024 by
sherlock-admin4
g - Calculating tax amount does not include taxes in This issue's escalations have been approved/rejected
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Won't Fix
The sponsor confirmed this issue will not be fixed
WasmMsg::Execute
messages
Escalation Resolved
#37
opened Jun 23, 2024 by
sherlock-admin3
g - Valid VFS paths with usernames can always fail validation
Escalation Resolved
This issue's escalations have been approved/rejected
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Disputed
The sponsor disputed this issue's validity
Won't Fix
The sponsor confirmed this issue will not be fixed
#30
opened Jun 23, 2024 by
sherlock-admin2
g - Permission checks will unnecessarily consume Limited uses
Escalation Resolved
This issue's escalations have been approved/rejected
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#27
opened Jun 23, 2024 by
sherlock-admin2
cu5t0mPe0 - the DEFAULTVALIDATOR cannot be changed
Escalation Resolved
This issue's escalations have been approved/rejected
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#18
opened Jun 23, 2024 by
sherlock-admin2
ProTip!
Find all open issues with in progress development work with linked:pr.