Griefing attacks on NounsAuctionHouse

Lines of code Vulnerability details Impact There is internal function safeTransferETH that is called in createBid. The function itself: function safeTransferETHaddress to, uint256 value internal returns bool bool success, = to.call value: value, gas: 30000 new bytes0; return success; Please note...

Upgraded Q -> M from 143 [1655579880057]

Judge has assessed an item in Issue 143 as Medium risk. The relevant finding follows: L-04 safeTransferETH should perform simple ETH transfers and don’t forward 30k gas Link: Being a simple funds transfer, having a fallback of a WETH deposit, there should be no extra gas involved when potentially...

Upgraded Q -> M from 270 [1655579826704]

Judge has assessed an item in Issue 270 as Medium risk. The relevant finding follows: Gas stipend for payable.send may be too low for contract wallets ETH withdrawals in both the minter and token contracts use payableaddress.send to transfer ether to the vault address. If the configured vault is ...