Giter Club home page Giter Club logo

audit-365's Introduction

Audit-365 🚀


🤔What is Audit-365?

Audit-365 is a challenge for me where I will be posting educational content related to Smart contract auditing and web3 security throughout the 365 days of the year starting from 1st January, 2023 to 31st December, 2023. It will be full of actual content without any fillers.

⛔Discontinuation of Challenge:

Unfortunately, I had to discontinue the challenge due to health issues and other priorities. I successfully continued for around 60 days, but had to stop due to other commitments at that point in time. I hope to return soon with even more awesome ideas.


Daily Swig:

Day Findings Severity Category Thread Links
01 User's Orders can be canceled by anyone and their ETH can be stolen High Audit Findings Link
02 Double transfer in the transferAndCall function. High Audit Findings Link
03 Unchecked Return Value from "ecrecover" Critical BugFix Reports Link
04 EIP-712 signatures can be re-used Medium Audit Findings Link
05 Use safeCast for changing types Medium Audit Findings Link
06 BLOCK_PERIOD IS INCORRECT Medium Audit Findings Link
07 Insufficient validation of Chainlink Oracle data feed Medium Audit Findings Link
08 88mph Function Initialization Bug (Reward $42,069) Critical BugFix Report Link
09 700+ Smart contract Bugs, $1 Million Bug Payout, Trust’s Interview, and more - Weekly Newsletter Link
10 Sandwich attack due to hardcoded slippage High Audit Findings Link
11 Initialize function can be invoked multiple times. Medium Audit Findings Link
12 A Typo leading to locking of Funds High Audit Findings Link
13 Centralisation RIsk: Owner Of RoyaltyVault Can Take All Funds High Audit Findings Link
14 Call Return is executed before 'require' check. High Audit Findings Link
15 Reentrancy Vulnerability due to violation of the CEI Pattern. Critical Real-life Exploits Link
16 Zero-Knowledge: A-Z, Web3 Security Tools Lists, Bug Bounty, Defcon CTF, etc - Weekly Newsletter Link
17 Lack of access control in the parameterize function of proposal contracts Medium Audit Findings Link
18 Reentrancy Guard Lacking in mint function. Medium Audit Findings Link
19 Lender can change NFT valuation oracle without borrower permission High Audit Findings Link
20 Incorrect airdrop calculation Critical Real-life Exploits Link
21 Tokens with more than 18 decimal points will cause issues Medium Audit Findings Link
22 Cannot unpause exchange Medium Audit Findings Link
23 Zcash Hash Collision, Reversing The EVM, Ice Phishing Attacks and many more. - Weekly Newsletter Link
24 Usage of deprecated ChainLink API Medium Audit Findings Link
25 Lack of Access control over burn function Critical Real-life Exploits Link
26 Bad Source of Randomness Critical Real-life Exploits Link
27 Arbitrary Token Burn High Audit Findings Link
28 Users can get unlimited Votes High Audit Findings Link
29 Incorrect number of seconds in ONE_YEAR variable Medium Audit Findings Link
30 Unnecessary precision loss in _recipientBalance() Medium Audit Findings Link
31 Reward Manager of the Convex Base Reward Pool Can DoS processYield() Medium Audit Findings Link
32 Low-level transfer via call() can fail silently Medium Audit Findings Link
33 ERC20 bridging functions do not revert on non-zero msg.value Medium Audit Findings Link
34 User can escape from paying fees. Medium Audit Findings Link
35 The noContract modifier does not work as expected. Medium Audit Findings Link
36 Sandwich attacks are possible as there is no slippage control Medium Audit Findings Link
37 No checked success for Oracle High Audit Findings Link
38 HolyPaladinToken.sol uses ERC20 token with a highly unsafe pattern Medium Audit Findings Link
39 Initialize function can be front-runned Medium Audit Findings Link
40 No upper limit for selling fees (Exit Scam) High Real-life Exploits Link
41 Division before multiplication Medium Audit Findings Link
42 User specified slippage allows frontrunning Medium Audit Findings Link
43 Protocol pays swap fees instead of users. Medium Audit Findings Link
44 call() should be used instead of transfer() on an address payable Medium Audit Findings Link
45 Dust amounts can cause payments to fail, leading to default Medium Audit Findings Link
46 Votes can be amplified due to insufficient checks Medium Audit Findings Link
47 Anyone can spend on behalf of roller periphery High Audit Findings Link
48 Lack of Access control on Minting tokens. Critical Exploit Findings Link
49 Bad Source of Randomness leading to break contract High Exploit Findings Link
50 Incorrect Validation leading to a DOS attack Medium Audit Findings Link
51 Pool Manager can front-run fees to 100% Medium Audit Findings Link
52 Precision loss due to division before multiplication Medium Audit Findings Link
53 NFT to be frozen in a contract that does not support ERC721 Medium Audit Findings Link
54 Lack of sanity check for stoptime Medium Audit Findings Link
55 approve can fail for some tokens Medium Audit Findings Link
56 User specified input allows frontrunning High Audit Findings Link
57 Lack of Access Control Critical Audit Findings Link
58 Incorrect Validation in transferLPs lead to a DOS attack Medium Audit Findings Link
59 Wrong deduction of fees High Audit Findings Link
60 Arbitrary transactions possible due to insufficient High Audit Findings Link

Connect with me

Sm4rty-1 Sm4rty-1 Sm4rty-1


audit-365's People

Contributors

sm4rty-1 avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.