Skip to content
This repository has been archived by the owner on Jun 11, 2023. It is now read-only.

Issues: sherlock-audit/2023-02-hats-judging

Clear current search query, filters, and sorts
17 Open 28 Closed
17 Open 28 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

unforgiven - attacker can perform malicious transactions in the safe because reentrancy is not implemented correctly in the checkTransaction() and checkAfterExecution() function in HSG Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue
#124 opened Mar 9, 2023 by sherlock-admin
3
minhtrng - Owners can be swapped even though they still wear their signer hats Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability HSG Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#118 opened Mar 9, 2023 by sherlock-admin
2
unforgiven - middle level admins can steal child trees because function unlinkTopHatFromTree() is callable by them Escalation Resolved This issue's escalations have been approved/rejected Fix Approved Hats.sol Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#116 opened Mar 9, 2023 by sherlock-admin
12
unforgiven - Unbound recursive function call can use unlimited gas and break hats operation Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Hats.sol Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#96 opened Mar 9, 2023 by sherlock-admin
7
cducrest-brainbot - Usage of HSG for existing safe can brick safe Fix Approved HSG Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#93 opened Mar 9, 2023 by sherlock-admin
5
cccz - The Hats contract needs to override the ERC1155.balanceOfBatch function Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Hats.sol Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#85 opened Mar 9, 2023 by sherlock-admin
4
Allarious - [Medium][Outdated State] _removeSigner incorrectly updates signerCount and safe threshold Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability HSG Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#79 opened Mar 9, 2023 by sherlock-admin
3
obront - Can get around hats per level constraints using phantom levels Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Hats.sol Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#47 opened Mar 9, 2023 by sherlock-admin
10
obront - Safe threshold can be set above target threshold, causing transactions to revert Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability HSG Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#44 opened Mar 9, 2023 by sherlock-admin
2
obront - If signer gate is deployed to safe with more than 5 existing modules, safe will be bricked Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability HSG Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#43 opened Mar 9, 2023 by sherlock-admin
4
obront - If a hat is owned by address(0), phony signatures will be accepted by the safe Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability HSG Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#39 opened Mar 9, 2023 by sherlock-admin
3
obront - Swap Signer fails if final owner is invalid due to off by one error in loop Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability HSG Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#38 opened Mar 9, 2023 by sherlock-admin
2
obront - targetThreshold can be set below minThreshold, violating important invariant Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability HSG Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#36 opened Mar 9, 2023 by sherlock-admin
2
obront - Changing hat toggle address can lead to unexpected changes in status Escalation Resolved This issue's escalations have been approved/rejected Fix Approved Hats.sol Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#34 opened Mar 9, 2023 by sherlock-admin
8
obront - Owners of linkedin tophats cannot have eligibility revoked Fix Approved Hats.sol Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#33 opened Mar 9, 2023 by sherlock-admin
4
carrot - Hats can be overwritten Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Hats.sol Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#11 opened Mar 9, 2023 by sherlock-admin
3
roguereddwarf - Hats.uri function can be DOSed by providing large details or imageURI string or cause large gas fees Fix Approved Hats.sol Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#2 opened Mar 9, 2023 by sherlock-admin
4
ProTip! Find all open issues with in progress development work with linked:pr.