-
Notifications
You must be signed in to change notification settings - Fork 1
Issues: sherlock-audit/2024-08-winnables-raffles-judging
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
0x73696d616f - Users buying too many tickets will DoS them and the protocol if they are the winner due to OOG
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#398
opened Aug 20, 2024 by
sherlock-admin3
aslanbek - Admin can prevent raffle winner from claiming their reward
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#277
opened Aug 20, 2024 by
sherlock-admin2
phoenixv110 - Method refundPlayers doesn't update _lockedETH in WinnableTicketManager
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A High severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#138
opened Aug 20, 2024 by
sherlock-admin4
neko_nyaa - Admin can unrestrictedly affect the odds of a raffle by setting themselves up with role(1) in This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
WinnablesTicket
Escalation Resolved
#129
opened Aug 20, 2024 by
sherlock-admin4
philmnds - Attacker will prevent any raffles by calling This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A High severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
WinnablesTicketManager::cancelRaffle
before admin starts raffle
Escalation Resolved
#57
opened Aug 20, 2024 by
sherlock-admin4
casper - The setRole() function grants role instead of removing
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#53
opened Aug 20, 2024 by
sherlock-admin3
philmnds - Users will lock raffle prizes on the A valid issue with 1+ other issues describing the same vulnerability
High
A High severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
WinnablesPrizeManager
contract by calling WinnablesTicketManager::propagateRaffleWinner
with wrong CCIP inputs
Has Duplicates
#50
opened Aug 20, 2024 by
sherlock-admin3
aslanbek - Anyone can cancel a raffle with tickets == minTicketsThreshold, griefing all participants
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#26
opened Aug 20, 2024 by
sherlock-admin3
ProTip!
Updated in the last three days: updated:>2024-09-28.