Revolution

Auction + Governance|2,500 LOC|4H + 14M = 18 findings|Repo

Tool Results

Official Findings (18)

H-01Incorrect amounts of ETH transferred to DAO treasury in buyToken()

H-02totalVotesSupply and quorumVotes incorrectly calculated

H-03VerbsToken.tokenURI() vulnerable to JSON injection attacks

H-04Malicious delegatees can block delegators from redelegating

M-01Bidder can use donations to get VerbsToken from ended auction

M-02Violation of ERC-721 Standard in VerbsToken:tokenURI

M-03Malicious user can manipulate topVotedPiece to DoS CultureIndex

M-04quorumVotes can be bypassed

M-05buyToken has no slippage checking

M-06ERC20TokenEmitter will not work after certain period of time

M-07positionMapping for last element in heap not updated

M-08Already extracted tokenId may be extracted again

M-09Anyone can pause AuctionHouse in _createAuction

M-10buyToken mints more tokens to users than it should

M-11Art pieces size not limited, attacker may block AuctionHouse

M-12Once EntropyRateBps set too high, leads to DoS

M-13May be possible to DoS AuctionHouse by specifying malicious creators

M-14encodedData argument of hashStruct not calculated for EIP712