hats-finance Convergence---Convex-integration-0xb3df23e155b74ad2b93777f58980d6727e8b40bb issues

hats-finance / Convergence---Convex-integration-0xb3df23e155b74ad2b93777f58980d6727e8b40bb

0 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Audit Report Draft Update

#91 hats-bug-reporter[bot] opened 5 months ago
0
Audit Report Draft Update

#90 shayzluf opened 5 months ago
0
Loop contains require/revert statements

#89 hats-bug-reporter[bot] opened 6 months ago
0
Lack of access controls on recoverRewards() in CVX1 contract allows anyone to DOS withdrawals and reward claiming operations by transferring rewardPool staking positions to treasuryPod

#88 hats-bug-reporter[bot] opened 6 months ago
2
Possible Denial-Of-Service of minting functionality in `CvxStakingPositionManager`

#87 hats-bug-reporter[bot] opened 6 months ago
3
Improper Deposit Handling Leading to Unintended Reward Accumulation

#86 hats-bug-reporter[bot] opened 6 months ago
3
Stake Position NFT owner can always delay the claim or withdraw by max 10 days right before the sale of token NFT.

#85 hats-bug-reporter[bot] opened 6 months ago
4
Inability to Transfer Ownership Upon treasuryDao Compromise

#84 hats-bug-reporter[bot] opened 6 months ago
3
Incorrect Cycle Adjustment in Staking Contract Withdrawal Function Results in Improper Fund Handling

#83 hats-bug-reporter[bot] opened 6 months ago
1
Incorrect Aggregation of CVX Rewards Due to Duplicate Token Address Handling in `getAllClaimableAmounts` Function

#82 hats-bug-reporter[bot] opened 6 months ago
1
Title: Incorrect Reward Processing Due to Improper Array Resizing in Smart Contract

#81 hats-bug-reporter[bot] opened 6 months ago
1
Insufficient Slippage Validation in `_convertCvxToCvgCvx` Function Results in Potential Financial Risks

#80 hats-bug-reporter[bot] opened 6 months ago
1
Missing `initializer ` modifier in `CvgCvxStakingPositionService::initialize()` function

#79 hats-bug-reporter[bot] opened 6 months ago
2
Lack of setter functions for upgradable contracts could force unnecessary redeployments

#78 hats-bug-reporter[bot] opened 6 months ago
1
Posible underflow

#77 hats-bug-reporter[bot] opened 6 months ago
2
Potential Reentrancy Issues in the `mint` Function

#76 hats-bug-reporter[bot] opened 6 months ago
1
Posible Underflow

#75 hats-bug-reporter[bot] opened 6 months ago
2
Reentrancy Vulnerability in Token Transfer Function

#74 hats-bug-reporter[bot] opened 6 months ago
0
StakingServiceBase.sol#_updateAmountStakedWithdraw() - once per cycle, until the first deposit for the cycle, people are unable to withdraw their stake

#73 hats-bug-reporter[bot] opened 6 months ago
4
No fees taken when not locking LP for DirectLP deposit

#72 hats-bug-reporter[bot] opened 6 months ago
1
Missing checks in `_rewardTokensConfigs.processorFees` & `_rewardTokensConfigs.podFees` in `CvxAssetStakerBuffer::setRewardTokensConfig` will cause `CvxAssetStakerBuffer::pullRewards`uncallable.

#71 hats-bug-reporter[bot] opened 6 months ago
2
Users will not be able to claim their their CVX rewards under certain conditions

#70 hats-bug-reporter[bot] opened 6 months ago
5
use `safeApprove` instead `approve`

#69 hats-bug-reporter[bot] opened 6 months ago
1
Use `safeTransfer` and `safeTransferFrom` instead `transfer` and `transferFrom`

#68 hats-bug-reporter[bot] opened 6 months ago
1
Lack of setter function for potential shutdowned contract

#67 hats-bug-reporter[bot] opened 6 months ago
1
Protocol assumes deposit pause of only 1 cycle and could slash users unfairly

#66 hats-bug-reporter[bot] opened 6 months ago
1
CvxConvergenceLocker.sol#sentTokens() - The contract is using the incorrect reward tokens, making them transferable, which shouldn't be the case

#65 hats-bug-reporter[bot] opened 6 months ago
2
Impossible to initialize multiple contracts due to mismatched cvgControlTower implementation

#64 hats-bug-reporter[bot] opened 6 months ago
1
CvxAssetStakerBuffer.sol#pullRewards() - If the `cvsAssetWrapper` is shutdown, `pullRewards` will revert every time and the rewards cannot be distributed to the `rewardReceiver`

#63 hats-bug-reporter[bot] opened 6 months ago
4
Loop condition may exclude current cycle from reward calculations

#62 hats-bug-reporter[bot] opened 6 months ago
1
Incorrect length of _totalRewardsClaimable array

#61 hats-bug-reporter[bot] opened 6 months ago
1
Double-counting of CVG rewards

#60 hats-bug-reporter[bot] opened 6 months ago
1
Convex staking contracts can not be stored in `isCvxStaking` mapping due to lack of setter functionality

#59 hats-bug-reporter[bot] opened 6 months ago
3
`pullRewards()` in `CvxConvergenceLocker.sol()` will revert so tokens can not recieved by `cvxRewardDistributor`

#58 hats-bug-reporter[bot] opened 6 months ago
2
Uninitialized storage variable in contract

#57 hats-bug-reporter[bot] opened 6 months ago
1
`CvxRewardDistributor.initialize()` will always revert and contract can not be initialized

#56 hats-bug-reporter[bot] opened 6 months ago
3
`CvgCvxStakingPositionService.sol#Deposit` conversion logic `_convertCvxToCvgCvx` is completely bricked.

#55 hats-bug-reporter[bot] opened 6 months ago
1
Missing Proper NATSpec across many functions of many contracts in scope

#54 hats-bug-reporter[bot] opened 6 months ago
2
`PoolEthInfo.fee` upper limit is not checked in StakingServiceBase#setPoolEthInfo

#53 hats-bug-reporter[bot] opened 6 months ago
1
`CvxStakingPositionManager.sol#setBaseURI` poses a significant threat to users for a rugpull and fake nft

#52 hats-bug-reporter[bot] opened 6 months ago
1
Owner of CVXRewardDistributor can steal all the cvx1 & CVX tokens from it

#51 hats-bug-reporter[bot] opened 6 months ago
1
Staking Functionality is broken for approved addresses by owners of the ERC20 tokens

#50 hats-bug-reporter[bot] closed 6 months ago
1
Incorrect use of `maxLengthRewards` in `_claimCvgCvxRewards()` leads to wrong reward calculations

#49 hats-bug-reporter[bot] opened 6 months ago
1
`CvxStakingPositionManager.sol#setBaseURI` poses a significant threat to users for a rugpull and fake nft

#48 hats-bug-reporter[bot] opened 6 months ago
1
Owner of CVXRewardDistributor can steal all the cvx1 & CVX tokens from it

#47 hats-bug-reporter[bot] opened 6 months ago
1
Staking Functionality is broken for approved addresses by owners of the ERC20 tokens

#46 hats-bug-reporter[bot] opened 6 months ago
1
CVX staking contract's deposit and withdraw functions should use deadline

#45 hats-bug-reporter[bot] opened 6 months ago
6
Convex staking contracts authenticity can not be determined due to lack of setter functionality

#44 hats-bug-reporter[bot] opened 6 months ago
2
Incorrect access control on CvxStakingPositionManager.mint() allows unauthorized address to mint position NFTs

#43 hats-bug-reporter[bot] opened 6 months ago
2
Unchecked Token Transfer _mintOrSwapToCvxAsset()

#42 hats-bug-reporter[bot] opened 6 months ago
1