Comments (3)
commented on July 28, 2024
sponsor confirmed
severity disputed 1
Severity in relative to client context. There is no current context in which this is high severity, though it is blatant and its issue appreciated. We will be updating
from 2021-05-visorfinance-findings.
ghoul-sol
commented on July 28, 2024
Agree with sponsor. Even though itβs obviously wrong event, there is no obvious high security risk here.
from 2021-05-visorfinance-findings.
ztcrypto
commented on July 28, 2024
patch link
from 2021-05-visorfinance-findings.
Related Issues (20)
- Locking the same funds twice in lock() on line 269 of Visor.sol HOT 2
- Removing NFT could exceed block size limit HOT 2
- Internal GetBalanceLocked call can exceed block size limit HOT 2
- Getting NFT could exceed block size limit HOT 2
- timelockERC721Keys could exceed the block size limit HOT 3
- Anyone can call onERC721Received() function and spam the array "nfts" HOT 2
- The function onERC721Received () allows writing duplicates in the array "nfts". Another functions dealing with this array do not expect duplicates met. HOT 2
- It is expected that some functions may require either Owner or Delegate as callers. Now only three access options are available: onlyOwner, onlyDelegate, anyone. HOT 2
- Unchecked return value of `transferFrom` in function `timeLockERC20` HOT 2
- Events are not indexed HOT 3
- Unused imported interface `IVisorService` HOT 3
- Unbounded loop in function `transferERC721` HOT 2
- Functions `getTimeLockCount` and `getTimeLockERC721Count` should not count on unlocked tokens HOT 1
- A user could transfer the approved NFT several times HOT 2
- Lack of non-zero check in function `timeLockERC20` and `timeLockERC721` could cause funds being locked HOT 2
- Owner or approved users could not transfer time-locked NFTs using `transferERC721` HOT 2
- Should reset `timelockERC721s` after calling `transferERC721` HOT 2
- Deflationary tokens are not considered in time-locked ERC20 functions HOT 1
- Double-spend allowance is possible in the function `approveTransferERC20` HOT 2
- Unbounded loop in `_removeNft` could lead to a griefing/DOS attack HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from 2021-05-visorfinance-findings.