Skip to content

Issues: sherlock-audit/2024-05-andromeda-ado-judging

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

16 Open 65 Closed
16 Open 65 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

J4X_ - Batch creation will break if vestings are opened to recipients Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#59 opened Jun 23, 2024 by sherlock-admin4
2
J4X_ - Lockup of vestings or completion time can be bypassed due to missing check for staked tokens Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#58 opened Jun 23, 2024 by sherlock-admin3
14
J4X_ - Staked tokens will get stuck after claim Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#57 opened Jun 23, 2024 by sherlock-admin2
3
J4X_ - Changes of the UnbondingTime are not accounted for Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#54 opened Jun 23, 2024 by sherlock-admin2
3
J4X_ - Attacker can freeze users first rewards Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Disputed The sponsor disputed this issue's validity Won't Fix The sponsor confirmed this issue will not be fixed
#50 opened Jun 23, 2024 by sherlock-admin4
14
bin2chen - execute_claim() possible loss of accuracy or even inability to retrieve funds Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#49 opened Jun 23, 2024 by sherlock-admin3
2
bin2chen - is_permissioned() It doesn't make sense to have permissions by default after Blacklisted expires. Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#47 opened Jun 23, 2024 by sherlock-admin4
24
bin2chen - is_permissioned() may underflow Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#46 opened Jun 23, 2024 by sherlock-admin3
2
bin2chen - verify_origin() previous_sender may be forged Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#45 opened Jun 23, 2024 by sherlock-admin2
2
bin2chen - if Slash Validator occurs, UNSTAKING_QUEUE's unstake amount will not be accurate Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#44 opened Jun 23, 2024 by sherlock-admin4
3
bin2chen - If WithdrawAddrEnabled = false, execute_claim() will fail Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#43 opened Jun 23, 2024 by sherlock-admin3
8
bin2chen - when a validator is kicked out of the bonded validator set ,unstake funds will remain in the contract Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Disputed The sponsor disputed this issue's validity Won't Fix The sponsor confirmed this issue will not be fixed
#41 opened Jun 23, 2024 by sherlock-admin4
4
g - Calculating tax amount does not include taxes in WasmMsg::Execute messages Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#37 opened Jun 23, 2024 by sherlock-admin3
7
g - Valid VFS paths with usernames can always fail validation Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Disputed The sponsor disputed this issue's validity Won't Fix The sponsor confirmed this issue will not be fixed
#30 opened Jun 23, 2024 by sherlock-admin2
36
g - Permission checks will unnecessarily consume Limited uses Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#27 opened Jun 23, 2024 by sherlock-admin2
12
cu5t0mPe0 - the DEFAULTVALIDATOR cannot be changed Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#18 opened Jun 23, 2024 by sherlock-admin2
12
ProTip! Find all open issues with in progress development work with linked:pr.