-
Anubis
high
# Reentrancy Vulnerability on Token Transfers
## Summary
The **OperationalStaking** contract is potentially vulnerable to reentrancy attacks due to the external calls to the ERC20 token…
-
Anubis
medium
# Potential Underflow in recoverUnstaking and transferUnstakedOut Functions
## Summary
The **recoverUnstaking** and **transferUnstakedOut** functions in the contract might be suscepti…
-
nobody2018
medium
# setValidatorAddress may never be successfully executed in some cases
## Summary
[[setValidatorAddress](https://github.com/sherlock-audit/2023-11-covalent/blob/main/cqt-staking/…
-
Anubis
high
# Inadequate Access Control - StakingManager Role
## Summary
The contract lacks robust access control for critical functions that can alter the staking mechanism. The use of a single **…
-
PUSH0
medium
# Wrong access control on setValidatorCommissionRate()
## Summary
According to the Sherlock README the Staking manager should be allowed to set the Validator Commission Rate.
`What th…
-
Anubis
medium
# Potential Denial of Service (DoS) via Block Specimen Session (Unbounded Loops)
## Summary
The **finalizeSpecimenSession** function in the contract iterates over an unbounded number …
-
dany.armstrong90
medium
# OperationalStaking.sol has rounding errors.
## Summary
`_unstake` function and `_redeemRewards` function of `OperationalStaking.sol` round down the calculations of shares …
-
cergyk
medium
# OperationalStaking::setValidatorAddress unstaked validator can grief delegator by setting his address as new validator
## Summary
Validators and delegators both stake CQT to earn re…
-
krkba
medium
# Missing free session space. Though it should.
krkba
## Summary
The developer forget to do free session space as written in the comment.
## Vulnerability Detail
## Impact
## Code Sn…
-
cergyk
medium
# OperationalStaking::setValidatorAddress Validator can bypass validatorMaxStake threshold by setting address to an existing delegator
## Summary
A maximum limitation is checked to en…