Skip to content

Issues: sherlock-audit/2024-06-allora-judging

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

49 Open 88 Closed
49 Open 88 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

0x416 - Lack of error handling when making blockless api call Medium A Medium severity issue. Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#131 opened Jul 19, 2024 by sherlock-admin2
2
imsrybr0 - Broken invariant : the sum of all (delegateRewardsPerShare * delegated stake - reward debt) = the balance of the /x/bank AlloraPendingRewardForDelegatorAccountName module account when when distributing delegate stakers rewards Escalation Resolved This issue's escalations have been approved/rejected Medium A Medium severity issue. Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#129 opened Jul 19, 2024 by sherlock-admin3
12
lemonmon - The worker and reputer's payload may be tampered due to lack of check for the pubkey's ownership High A High severity issue. Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#124 opened Jul 19, 2024 by sherlock-admin4
1
lemonmon - msg_server_stake::AddStake calculates the weight incorrectly resulting in incorrect activation of a topic Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A Medium severity issue. Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#121 opened Jul 19, 2024 by sherlock-admin4
9
0x3b - GetForecastScoresUntilBlock can get more score samples than the max allowed Medium A Medium severity issue. Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#120 opened Jul 19, 2024 by sherlock-admin3
1
imsrybr0 - SafeApplyFuncOnAllActiveEpochEndingTopics processes two more pages than the desired max topic page Medium A Medium severity issue. Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#117 opened Jul 19, 2024 by sherlock-admin3
2
0x3b - DripTopicFeeRevenue drips the internal topicFeeRevenue and not the one provided by GetCurrentTopicWeight Medium A Medium severity issue. Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#114 opened Jul 19, 2024 by sherlock-admin3
1
LZ_security - Malicious Reputer cause emissions/msgserver/InsertBulkReputerPayload to fail Escalation Resolved This issue's escalations have been approved/rejected High A High severity issue. Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#112 opened Jul 19, 2024 by sherlock-admin4
30
zigtur - Anyone can overwrite Reputer and Worker info attached to a LibP2PKey Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A High severity issue. Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#111 opened Jul 19, 2024 by sherlock-admin3
2
LZ_security - The issue of SLOW ABCI METHODS has not been resolved. Medium A Medium severity issue. Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#110 opened Jul 19, 2024 by sherlock-admin2
3
LZ_security - The malicious node may not execute the http request Medium A Medium severity issue. Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#107 opened Jul 19, 2024 by sherlock-admin2
2
0x3b - math miscalculation artificially deflates scores Medium A Medium severity issue. Reward A payout will be made for this issue Sponsor Disputed The sponsor disputed this issue's validity Will Fix The sponsor confirmed this issue will be fixed
#104 opened Jul 19, 2024 by sherlock-admin2
1
LZ_security - topic_rewards/SafeApplyFuncOnAllActiveEpochEndingTopics used the wrong parameters Escalation Resolved This issue's escalations have been approved/rejected Medium A Medium severity issue. Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#97 opened Jul 19, 2024 by sherlock-admin4
22
LZ_security - The SelectTopNWorkerNonces function lacks a sorting algorithm internally. Medium A Medium severity issue. Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#96 opened Jul 19, 2024 by sherlock-admin3
1
carrotsmuggler - Topics wont activate even with a sufficient stake Medium A Medium severity issue. Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#95 opened Jul 19, 2024 by sherlock-admin2
2
0x3b - coefficients math mistakenly calculates the coefficient diff with the same value Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A Medium severity issue. Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#93 opened Jul 19, 2024 by sherlock-admin3
2
0x3b - If old coefficient is bigger than the new one then the reputer has it's coeff reduced more than it should Medium A Medium severity issue. Reward A payout will be made for this issue Sponsor Disputed The sponsor disputed this issue's validity Won't Fix The sponsor confirmed this issue will not be fixed
#92 opened Jul 19, 2024 by sherlock-admin2
3
LZ_security - emissions/keeper/GetIdsOfActiveTopics may always return empty array [] Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A High severity issue. Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#91 opened Jul 19, 2024 by sherlock-admin4
3
404Notfound - Missing export CoreTeamAddresses in x/emissions module Medium A Medium severity issue. Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#89 opened Jul 19, 2024 by sherlock-admin2
2
LZ_security - InsertBulkReputerPayload can be DoS Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A High severity issue. Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#88 opened Jul 19, 2024 by sherlock-admin4
1
KingNFT - Potential race conditions due to usage of sdk.Context in concurrent goroutines Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A Medium severity issue. Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#87 opened Jul 19, 2024 by sherlock-admin3
1
imsrybr0 - RemoveDelegateStake silently handles the error when checking for existing removals Medium A Medium severity issue. Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#84 opened Jul 19, 2024 by sherlock-admin3
1
imsrybr0 - Some Iterators are not closed in emissions module Keeper Medium A Medium severity issue. Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#83 opened Jul 19, 2024 by sherlock-admin2
1
imsrybr0 - Mint and Emissions modules register errors with an error code of 1 Medium A Medium severity issue. Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#82 opened Jul 19, 2024 by sherlock-admin4
1
defsec - Incomplete Topic Processing Due to Continuous Retry on Pagination Error Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A Medium severity issue. Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#80 opened Jul 19, 2024 by sherlock-admin2
2
ProTip! Updated in the last three days: updated:>2024-12-08.