LooksRare

Findings · 15

1. 1 Risk of reuse of signatures across forks due to lack of chainID validation High
2. 2 Lack of two-step process for contract ownership changes High
3. 3 Project dependencies contain vulnerabilities Medium
4. 4 Users that create ask orders cannot modify minPercentageToAsk Low
5. 5 Excessive privileges of RoyaltyFeeSetter and RoyaltyFeeRegistry owners Low
6. 6 Insucient protection of sensitive information Low
7. 7 Contracts used as dependencies do not track upstream changes Low
8. 8 Missing event for a critical operation Low
9. 9 Taker orders are not EIP-712 signatures Informational
10. 10 Solidity compiler optimizations can be problematic Informational
11. 11 isContract may behave unexpectedly Informational
12. 12 tokenId and amount fully controlled by the order strategy when matching two orders Informational
13. 13 Risk of phishing due to data stored in maker order params field Informational
14. 14 Use of legacy openssl version in solidity-coverage plugin Informational
15. 15 TypeScript compiler errors during deployment Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.