-
# Handle
WatchPug
# Vulnerability details
https://github.com/XDeFi-tech/xdefi-distribution/blob/3856a42df295183b40c6eee89307308f196612fe/contracts/XDEFIDistribution.sol#L14-L14
```solidity
uint88…
-
# Handle
WatchPug
# Vulnerability details
The current implementation requires the rewarder (usually the platform) to transfer the rewards (XDEFI tokens) to the contract and calls `updateDistributi…
-
# Handle
TomFrenchBlockchain
# Vulnerability details
## Impact
Gas costs
## Proof of Concept
The contracts allow users to merge, relock and unlock batches of nfts by passing an array of token I…
-
# Handle
p4st13r4
# Vulnerability details
## Impact
Declaring state variables as constant has the benefit of:
- not requiring a storage slot
- lower gas cost when accessing them
## Tools Used
…
-
# Handle
sirhashalot
# Vulnerability details
## Impact
The MAX_TOTAL_XDEFI_SUPPLY variable can be a constant since it does not and cannot be changed. This is documented in the Solidity docs to sa…
-
# Handle
GiveMeTestEther
# Vulnerability details
## Impact
Save gas by making storage variable constant that is never written.
## Recommended Mitigation Steps
uint88 internal constant MAX_TOTAL_X…
-
# Handle
onewayfunction
# Vulnerability details
## Impact
The owner of the `XDEFIDistribution` contract can "steal" (or "snipe") a pro-rata share of incoming distributable XDEFI using sandwich att…
-
# Handle
MaCree
# Vulnerability details
## Impact
1. merge funtion may lead to create repeated NFT token id, so user can not lock XDEFI
## Proof of Concept
run the test case below please
befor…
-
# Handle
rfa
# Vulnerability details
## Impact
In case if user inputing amount_ = 0, it will save execution gas cost
## Proof of Concept
in XDEFIDistribution (line 255), if we replace:
require(a…
-
# Handle
Tomio
# Vulnerability details
## Impact
In the XDEFIDistribution.sol, a user can lock xdefi token and get an erc721/nft token through _safeMint function, however when the user call unlock…