Skip to content
This repository has been archived by the owner on Jun 11, 2023. It is now read-only.

Issues: sherlock-audit/2023-02-hats-judging

Clear current search query, filters, and sorts
24 Open 7 Closed
24 Open 7 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

minhtrng - Owners can be swapped even though they still wear their signer hats Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability HSG Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#118 opened Mar 9, 2023 by sherlock-admin
2
unforgiven - middle level admins can steal child trees because function unlinkTopHatFromTree() is callable by them Escalation Resolved This issue's escalations have been approved/rejected Fix Approved Hats.sol Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#116 opened Mar 9, 2023 by sherlock-admin
12
unforgiven - Unbound recursive function call can use unlimited gas and break hats operation Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Hats.sol Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#96 opened Mar 9, 2023 by sherlock-admin
7
cducrest-brainbot - Usage of HSG for existing safe can brick safe Fix Approved HSG Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#93 opened Mar 9, 2023 by sherlock-admin
5
cccz - The Hats contract needs to override the ERC1155.balanceOfBatch function Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Hats.sol Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#85 opened Mar 9, 2023 by sherlock-admin
4
Allarious - [Medium][Outdated State] _removeSigner incorrectly updates signerCount and safe threshold Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability HSG Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#79 opened Mar 9, 2023 by sherlock-admin
3
roguereddwarf - HatsSignerGate + MultiHatsSignerGate: more than maxSignatures can be claimed which leads to DOS in reconcileSignerCount Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Fix Approved High A valid High severity issue HSG Reward A payout will be made for this issue Will Fix The sponsor confirmed this issue will be fixed
#51 opened Mar 9, 2023 by sherlock-admin
5
roguereddwarf - HatsSignerGateBase: valid signer threshold can be bypassed because HSG checks signatures differently from Safe which allows exploitation Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue HSG Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#50 opened Mar 9, 2023 by sherlock-admin
3
obront - Signers can brick safe by adding unlimited additional signers while avoiding checks Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue HSG Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#48 opened Mar 9, 2023 by sherlock-admin
3
obront - Can get around hats per level constraints using phantom levels Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Hats.sol Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#47 opened Mar 9, 2023 by sherlock-admin
10
obront - Other module can add owners to safe that push us above maxSigners, bricking safe Escalation Resolved This issue's escalations have been approved/rejected Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue HSG Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#46 opened Mar 9, 2023 by sherlock-admin
8
obront - Safe threshold can be set above target threshold, causing transactions to revert Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability HSG Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#44 opened Mar 9, 2023 by sherlock-admin
2
obront - If signer gate is deployed to safe with more than 5 existing modules, safe will be bricked Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability HSG Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#43 opened Mar 9, 2023 by sherlock-admin
4
obront - If another module adds a module, the safe will be bricked Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue HSG Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#42 opened Mar 9, 2023 by sherlock-admin
4
obront - Signers can bypass checks to add new modules to a safe by abusing reentrancy Escalation Resolved This issue's escalations have been approved/rejected Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue HSG Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#41 opened Mar 9, 2023 by sherlock-admin
7
obront - If a hat is owned by address(0), phony signatures will be accepted by the safe Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability HSG Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#39 opened Mar 9, 2023 by sherlock-admin
3
obront - Swap Signer fails if final owner is invalid due to off by one error in loop Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability HSG Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#38 opened Mar 9, 2023 by sherlock-admin
2
obront - Safe can be bricked because threshold is updated with validSignerCount instead of newThreshold Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue HSG Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#37 opened Mar 9, 2023 by sherlock-admin
2
obront - targetThreshold can be set below minThreshold, violating important invariant Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability HSG Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#36 opened Mar 9, 2023 by sherlock-admin
2
obront - Unlinked tophat retains linkedTreeRequests, can be rugged Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Hats.sol High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#35 opened Mar 9, 2023 by sherlock-admin
2
obront - Changing hat toggle address can lead to unexpected changes in status Escalation Resolved This issue's escalations have been approved/rejected Fix Approved Hats.sol Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#34 opened Mar 9, 2023 by sherlock-admin
8
obront - Owners of linkedin tophats cannot have eligibility revoked Fix Approved Hats.sol Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#33 opened Mar 9, 2023 by sherlock-admin
4
carrot - Hats can be overwritten Fix Approved Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Hats.sol Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#11 opened Mar 9, 2023 by sherlock-admin
3
roguereddwarf - Hats.uri function can be DOSed by providing large details or imageURI string or cause large gas fees Fix Approved Hats.sol Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#2 opened Mar 9, 2023 by sherlock-admin
4
ProTip! Updated in the last three days: updated:>2024-09-20.