Skip to content

Issues: code-423n4/2024-10-coded-estate-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

23 Open 24 Closed
23 Open 24 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Attakers can steal the funds from long-term reservation 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-01 🤖_03_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#41 opened Oct 11, 2024 by c4-bot-10
9
Malicious NFT owners can rug the reservation of the long-term 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-01 primary issue Highest quality submission among a set of duplicates 🤖_36_group AI based duplicate group recommendation selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#37 opened Oct 11, 2024 by c4-bot-4
3
users can't cancel reservation due to out-of-gas 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-02 primary issue Highest quality submission among a set of duplicates 🤖_primary AI based primary recommendation selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#35 opened Oct 11, 2024 by c4-bot-9
3
QA Report 1st place bug Something isn't working grade-a Q-01 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#30 opened Oct 11, 2024 by c4-bot-3
4
Use of u64 for price_per_day and price_per_month limits handling tokens with 18 decimals 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-03 primary issue Highest quality submission among a set of duplicates 🤖_primary AI based primary recommendation 🤖_27_group AI based duplicate group recommendation selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#29 opened Oct 11, 2024 by c4-bot-9
6
Incorrect use of u64 for arg amount in withdrawtolandlord can cause withdrawal failure 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-04 primary issue Highest quality submission among a set of duplicates 🤖_27_group AI based duplicate group recommendation selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#27 opened Oct 11, 2024 by c4-bot-4
9
incorrect refund amount is sent to the tenant if long term reservation is cancelled after approval 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue edited-by-warden M-05 primary issue Highest quality submission among a set of duplicates 🤖_25_group AI based duplicate group recommendation selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#26 opened Oct 11, 2024 by c4-bot-10
6
# setbidtobuy allows token purchase even when sale is no longer listed 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-02 primary issue Highest quality submission among a set of duplicates 🤖_primary AI based primary recommendation 🤖_11_group AI based duplicate group recommendation selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons upgraded by judge Original issue severity upgraded from QA/Gas by judge
#23 opened Oct 11, 2024 by c4-bot-4
4
Lack of upfront cost for long-term reservations allows fake reservations, blocking real users 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-06 primary issue Highest quality submission among a set of duplicates 🤖_primary AI based primary recommendation 🤖_20_group AI based duplicate group recommendation selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#22 opened Oct 11, 2024 by c4-bot-10
4
reservations can be made outside of rental property's available_period 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working edited-by-warden M-07 primary issue Highest quality submission among a set of duplicates 🤖_20_group AI based duplicate group recommendation selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#20 opened Oct 11, 2024 by c4-bot-8
5
QA Report 3rd place bug Something isn't working grade-b Q-02 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#19 opened Oct 10, 2024 by c4-bot-6
5
QA Report 2nd place bug Something isn't working edited-by-warden grade-a Q-03 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#15 opened Oct 10, 2024 by c4-bot-9
5
Flawed validation in short-term rental reservations allows overpayment bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-a primary issue Highest quality submission among a set of duplicates QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_primary AI based primary recommendation sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#14 opened Oct 10, 2024 by c4-bot-6
5
Insufficient price validation in transfer_nft function enables theft of listed tokens 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-03 primary issue Highest quality submission among a set of duplicates 🤖_primary AI based primary recommendation 🤖_03_group AI based duplicate group recommendation selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#12 opened Oct 10, 2024 by c4-bot-8
3
can impersonate another high value rental because token_uri is arbitrary and supplied by user. 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-08 primary issue Highest quality submission among a set of duplicates 🤖_primary AI based primary recommendation selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#10 opened Oct 9, 2024 by c4-bot-6
10
user supplied owner address which is meant to be token owner is never the token owner. 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-09 primary issue Highest quality submission among a set of duplicates 🤖_primary AI based primary recommendation selected for report This submission will be included/highlighted in the audit report sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#9 opened Oct 9, 2024 by c4-bot-4
5
Lack of differentiation between rental types leads to loss of funds 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-04 primary issue Highest quality submission among a set of duplicates 🤖_04_group AI based duplicate group recommendation selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#7 opened Oct 9, 2024 by c4-bot-6
3
Cancelling bid doesn't clear token approval of bidder allows malicious bidder to steal any tokens listing for sale with auto-approve enabled 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-05 primary issue Highest quality submission among a set of duplicates 🤖_03_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#6 opened Oct 9, 2024 by c4-bot-10
8
Lack of validation in setlistforsell allows changing denom while there is active bid, leading to stealing of other users' funds 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-06 primary issue Highest quality submission among a set of duplicates 🤖_primary AI based primary recommendation 🤖_05_group AI based duplicate group recommendation selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#5 opened Oct 9, 2024 by c4-bot-9
3
Logic flaw in check_can_edit_short allows editing short-term rental before finalization enabling theft of users' deposited funds 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-07 primary issue Highest quality submission among a set of duplicates 🤖_04_group AI based duplicate group recommendation selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#4 opened Oct 9, 2024 by c4-bot-8
3
Adversary can use send_nft to bypass the payment and steal seller's token in auto-approve scenario 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-08 primary issue Highest quality submission among a set of duplicates 🤖_03_group AI based duplicate group recommendation selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#3 opened Oct 9, 2024 by c4-bot-3
3
Token owner can burn their token with active rental leading to renters' funds being stuck 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-09 primary issue Highest quality submission among a set of duplicates 🤖_primary AI based primary recommendation selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#2 opened Oct 9, 2024 by c4-bot-4
3
Agreements & Disclosures
#1 opened Sep 2, 2024 by code4rena-id bot
ProTip! Mix and match filters to narrow down what you’re looking for.