From c0c581b3ba830b6ce8dc3f4be82592a7a42e9752 Mon Sep 17 00:00:00 2001 From: Feist Josselin Date: Thu, 14 Jan 2021 20:24:05 +0100 Subject: [PATCH] Update trophies.md --- trophies.md | 103 ++++++++++++++++++++-------------------------------- 1 file changed, 39 insertions(+), 64 deletions(-) diff --git a/trophies.md b/trophies.md index c5201f0ae..bc33c20dd 100644 --- a/trophies.md +++ b/trophies.md @@ -4,67 +4,42 @@ The following lists security vulnerabilities that were found by Slither. If you found a security vulnerability using Slither, please submit a PR with the relevant information. -- October 2018 - [Basis](https://github.com/trailofbits/publications/blob/master/reviews/basis.pdf) - - Missing return value check -- November 2018 - [Origin protocol](https://github.com/trailofbits/publications/blob/master/reviews/origin.pdf) - - Reentrancy -- July 2019 - [Numerai](https://github.com/trailofbits/publications/blob/master/reviews/numerai.pdf) - - Deletion of a mapping with structure - - Missing return value -- September 2019 - [Flexa](https://github.com/trailofbits/publications/blob/master/reviews/Flexa.pdf) - - Reentrancy (events out of order) -- October 2019 - [0x](https://github.com/trailofbits/publications/blob/master/reviews/0x-protocol.pdf) - - Missing return value -- December 2019 - [Token mint](https://certificate.quantstamp.com/full/token-mint) - - Reentrancies -- February 2020 - [Airswap](https://certificate.quantstamp.com/full/airswap) - - Missing return value check -- March 202 - [Stake Technologies Lockdrop](https://certificate.quantstamp.com/full/stake-technologies-lockdrop) - - Dangerous strict equality -- May 2020 - [E&Y’s Nightfall](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) - - Missing return value - - Empty return value -- May 2020 - [DefiStrategies](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) - - Modifier can return the default value - - Dangerous strict equality allows the contract to be trapped -- May 2020 - [DOSnetwork](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) - - Abi `encodedPacked` collision -- May 2020 - [EthKids](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) - - `msg.value` is used two times to compute a price -- May 2020 - [HQ20](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) - - Reentrancy -- June 2020 - [88mph](https://certificate.quantstamp.com/full/88-mph) - - Dangerous `block.timestamp` usage -- June 2020 - [Dloop](https://certificate.quantstamp.com/full/dloop-art-registry-smart-contract) - - Dangerous `block.timestamp` usage -- July 2020 - [Atomic Loans](https://certificate.quantstamp.com/full/atomic-loans) - - Uninitialized state variable - - State variable shadowing - - Reentrancy -- July 2020 - [Parity](https://github.com/trailofbits/publications/blob/master/reviews/parity.pdf) - - Incorrect constructor name - - Deletion of a mapping with structure - - Uninitialized state variables -- August 2020 - [Amp](https://github.com/trailofbits/publications/blob/master/reviews/amp.pdf) - - Duplicate contract name -- August 2020 - [PerlinXRewards](https://certificate.quantstamp.com/full/perlin-x-rewards-sol) - - Multiple reentrancies -- November 2020 - [Linkswap](https://certificate.quantstamp.com/full/linkswap) - - Lack of return value check - - Uninitialized state variable -- November 2020 - [Cryptex](https://certificate.quantstamp.com/full/cryptex) - - Lack of return value check -- November 2020 - [Unoswap](https://www.unos.finance/wp-content/uploads/2020/11/block-audit.pdf) - - Contract locking ethers -- December 2020 - [Idle](https://certificate.quantstamp.com/full/idle-finance) - - Dangerous divide before multiply operations -- December 2020 - [RariCapital](https://certificate.quantstamp.com/full/rari-capital) - - Lack of return value check - - Uninitialized state variable -- December 2020 - [wfil-factory](https://github.com/wfil/wfil-factory/commit/a43c1ddf52cf1191ccf1e71a637df02d78b98cc0) - - Reentrancy -- January 2021 - [Origin Dollar](https://github.com/trailofbits/publications/blob/master/reviews/OriginDollar.pdf) - - Reentrancy - - Variable shadowing -- January 2021 - [OriginTrait](https://github.com/OriginTrail/starfleet-boarding-contract/commit/6481b12abc3cfd0d782abd0e32eabd103d8f6953) - - Reentrancy +| Project | Vulnerability | Date | +|--|--|--| +[Parity](https://github.com/trailofbits/publications/blob/master/reviews/parity.pdf) | Incorrect constructor name | July 2018 +[Parity](https://github.com/trailofbits/publications/blob/master/reviews/parity.pdf) | Deletion of a mapping with structure | July 2018 +[Parity](https://github.com/trailofbits/publications/blob/master/reviews/parity.pdf) | Uninitialized state variables | July 2018 +[Basis](https://github.com/trailofbits/publications/blob/master/reviews/basis.pdf) | Missing return value check | Oct 2018 +[Origin protocol](https://github.com/trailofbits/publications/blob/master/reviews/origin.pdf) | Reentrancy | Nov 2018 +[Numerai](https://github.com/trailofbits/publications/blob/master/reviews/numerai.pdf) | Deletion of a mapping with structure | Jul 2019 +[Numerai](https://github.com/trailofbits/publications/blob/master/reviews/numerai.pdf) | Missing return value | Jul 2019 +[Flexa](https://github.com/trailofbits/publications/blob/master/reviews/Flexa.pdf) | Reentrancy (events out of order) | Sep 2019 +[0x](https://github.com/trailofbits/publications/blob/master/reviews/0x-protocol.pdf) | Missing return value | Oct 2019 +[Token mint](https://certificate.quantstamp.com/full/token-mint) | Reentrancies | Dec 2019 +[Airswap](https://certificate.quantstamp.com/full/airswap) | Missing return value check | Feb 2020 +[Stake Technologies Lockdrop](https://certificate.quantstamp.com/full/stake-technologies-lockdrop) | Dangerous strict equality | Mar 2020 +[E&Y’s Nightfall](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | Missing return value | May 2020 +[E&Y’s Nightfall](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | Empty return value | May 2020 +[DefiStrategies](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | Modifier can return the default value | May 2020 +[DefiStrategies](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | Dangerous strict equality allows the contract to be trapped | May 2020 +[DOSnetwork](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | Abi `encodedPacked` collision | May 2020 +[EthKids](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | `msg.value` is used two times to compute a price | May 2020 +[HQ20](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | Reentrancy | May 2020 +[88mph](https://certificate.quantstamp.com/full/88-mph) | Dangerous `block.timestamp` usage | Jun 2020 +[Dloop](https://certificate.quantstamp.com/full/dloop-art-registry-smart-contract) | Dangerous `block.timestamp` usage | Jun 2020 +[Atomic Loans](https://certificate.quantstamp.com/full/atomic-loans) | Uninitialized state variable | Jul 2020 +[Atomic Loans](https://certificate.quantstamp.com/full/atomic-loans) | State variable shadowing | Jul 2020 +[Atomic Loans](https://certificate.quantstamp.com/full/atomic-loans) | Reentrancy | Jul 2020 +[Amp](https://github.com/trailofbits/publications/blob/master/reviews/amp.pdf) | Duplicate contract name | Aug 2020 +[PerlinXRewards](https://certificate.quantstamp.com/full/perlin-x-rewards-sol) | Multiple reentrancies | Aug 2020 +[Linkswap](https://certificate.quantstamp.com/full/linkswap) | Lack of return value check | Nov 2020 +[Linkswap](https://certificate.quantstamp.com/full/linkswap) | Uninitialized state variable | Nov 2020 +[Cryptex](https://certificate.quantstamp.com/full/cryptex) | Lack of return value check | Nov 2020 +[Unoswap](https://www.unos.finance/wp-content/uploads/2020/11/block-audit.pdf) | Contract locking ethers | Nov 2020 +[Idle](https://certificate.quantstamp.com/full/idle-finance) | Dangerous divide before multiply operations | Dec 2020 +[RariCapital](https://certificate.quantstamp.com/full/rari-capital) | Lack of return value check | Dec 2020 +[RariCapital](https://certificate.quantstamp.com/full/rari-capital) | Uninitialized state variable | Dec 2020 +[wfil-factory](https://github.com/wfil/wfil-factory/commit/a43c1ddf52cf1191ccf1e71a637df02d78b98cc0) | Reentrancy | Dec 2020 +[Origin Dollar](https://github.com/trailofbits/publications/blob/master/reviews/OriginDollar.pdf) | Reentrancy | Jan 2021 +[Origin Dollar](https://github.com/trailofbits/publications/blob/master/reviews/OriginDollar.pdf) | Variable shadowing | Jan 2021 +[OriginTrait](https://github.com/OriginTrail/starfleet-boarding-contract/commit/6481b12abc3cfd0d782abd0e32eabd103d8f6953) | Reentrancy | Jan 2021