Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

List public vulnerabilities found with Slither #764

Merged
merged 5 commits into from
Jan 13, 2021
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
70 changes: 70 additions & 0 deletions trophies.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
# Slither Trophies

The following lists security vulnerabilities that were found by Slither.
If you found a security vulnerability using Slither,
please submit a PR with the relevant information.

- October 2018 - [Basis](https://github.com/trailofbits/publications/blob/master/reviews/basis.pdf)
- Missing return value check
- November 2018 - [Origin protocol](https://github.com/trailofbits/publications/blob/master/reviews/origin.pdf)
- Reentrancy
- July 2019 - [Numerai](https://github.com/trailofbits/publications/blob/master/reviews/numerai.pdf)
- Deletion of a mapping with structure
- Missing return value
- September 2019 - [Flexa](https://github.com/trailofbits/publications/blob/master/reviews/Flexa.pdf)
- Reentrancy (events out of order)
- October 2019 - [0x](https://github.com/trailofbits/publications/blob/master/reviews/0x-protocol.pdf)
- Missing return value
- December 2019 - [Token mint](https://certificate.quantstamp.com/full/token-mint)
- Reentrancies
- February 2020 - [Airswap](https://certificate.quantstamp.com/full/airswap)
- Missing return value check
- March 202 - [Stake Technologies Lockdrop](https://certificate.quantstamp.com/full/stake-technologies-lockdrop)
- Dangerous strict equality
- May 2020 - [E&Y’s Nightfall](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/)
- Missing return value
- Empty return value
- May 2020 - [DefiStrategies](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/)
- Modifier can return the default value
- Dangerous strict equality allows the contract to be trapped
- May 2020 - [DOSnetwork](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/)
- Abi `encodedPacked` collision
- May 2020 - [EthKids](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/)
- `msg.value` is used two times to compute a price
- May 2020 - [HQ20](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/)
- Reentrancy
- June 2020 - [88mph](https://certificate.quantstamp.com/full/88-mph)
- Dangerous `block.timestamp` usage
- June 2020 - [Dloop](https://certificate.quantstamp.com/full/dloop-art-registry-smart-contract)
- Dangerous `block.timestamp` usage
- July 2020 - [Atomic Loans](https://certificate.quantstamp.com/full/atomic-loans)
- Uninitialized state variable
- State variable shadowing
- Reentrancy
- July 2020 - [Parity](https://github.com/trailofbits/publications/blob/master/reviews/parity.pdf)
- Incorrect constructor name
- Deletion of a mapping with structure
- Uninitialized state variables
- August 2020 - [Amp](https://github.com/trailofbits/publications/blob/master/reviews/amp.pdf)
- Duplicate contract name
- August 2020 - [PerlinXRewards](https://certificate.quantstamp.com/full/perlin-x-rewards-sol)
- Multiple reentrancies
- November 2020 - [Linkswap](https://certificate.quantstamp.com/full/linkswap)
- Lack of return value check
- Uninitialized state variable
- November 2020 - [Cryptex](https://certificate.quantstamp.com/full/cryptex)
- Lack of return value check
- November 2020 - [Unoswap](https://www.unos.finance/wp-content/uploads/2020/11/block-audit.pdf)
- Contract locking ethers
- December 2020 - [Idle](https://certificate.quantstamp.com/full/idle-finance)
- Dangerous divide before multiply operations
- December 2020 - [RariCapital](https://certificate.quantstamp.com/full/rari-capital)
- Lack of return value check
- Uninitialized state variable
- December 2020 - [wfil-factory](https://github.com/wfil/wfil-factory/commit/a43c1ddf52cf1191ccf1e71a637df02d78b98cc0)
- Reentrancy
- January 2021 - [Origin Dollar](https://github.com/trailofbits/publications/blob/master/reviews/OriginDollar.pdf)
- Reentrancy
- Variable shadowing
- January 2021 - [OriginTrait](https://github.com/OriginTrail/starfleet-boarding-contract/commit/6481b12abc3cfd0d782abd0e32eabd103d8f6953)
- Reentrancy