issues
search
hats-finance
/
Metrom-0xfdfc6d4ac5807d7460da20a3a1c0c84ef2b9c5a2
Smart contracts for the Metrom project.
GNU General Public License v3.0
0
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Audit Report Draft Update
#67
hats-bug-reporter[bot]
opened
2 months ago
0
Audit Report Draft Update
#66
shayzluf
opened
4 months ago
0
Potential Out-of-Gas in createCampaigns Function
#65
hats-bug-reporter[bot]
opened
5 months ago
1
Malicious User Can Bypass the Fee by Leveraging Incorrect Precision Handling
#64
hats-bug-reporter[bot]
opened
5 months ago
1
Anyone can Deposit Native Erc20 Token for Free and Steal Funds
#63
hats-bug-reporter[bot]
opened
5 months ago
1
Irreversible Contract Ossification
#62
hats-bug-reporter[bot]
opened
5 months ago
1
Lack of Ownership Retention Mechanism
#61
hats-bug-reporter[bot]
opened
5 months ago
1
Lack of check for existing specificFee before overwrite
#60
hats-bug-reporter[bot]
opened
5 months ago
4
Inconsistent indexing of event fields in IMetrom.sol interface
#59
hats-bug-reporter[bot]
opened
5 months ago
1
Metrom.sol contract does not support updating campaigns as mentioned by natspec
#58
hats-bug-reporter[bot]
opened
5 months ago
1
Missing support for meta-transactions prevents certain users from claiming their deserved rewards
#57
hats-bug-reporter[bot]
opened
5 months ago
3
Incorrect check for campaign start time
#56
hats-bug-reporter[bot]
opened
5 months ago
3
`_bundle.chainId` must be validated on campaign creation in `createCampaigns()`
#55
hats-bug-reporter[bot]
opened
5 months ago
2
The emit in the `acceptCampaignOwnership` function omit key information.
#54
hats-bug-reporter[bot]
opened
5 months ago
2
Metrom.sol contract misses out on potential yield on Blast
#53
hats-bug-reporter[bot]
opened
5 months ago
6
`ossify` Function Should Check `ossified` Before Assignment
#52
hats-bug-reporter[bot]
opened
5 months ago
1
`setSpecificFee` Checks Behavior is Different from Intended
#51
hats-bug-reporter[bot]
opened
5 months ago
1
Hash Collision Vulnerability in _campaignId Function Leading to Potential Overwriting and Unauthorized Access
#50
hats-bug-reporter[bot]
opened
5 months ago
1
Campaign running period is ignored
#49
hats-bug-reporter[bot]
opened
5 months ago
1
Reward distribution can be called multiple times for the same campaign
#48
hats-bug-reporter[bot]
opened
5 months ago
1
`Metrom` does not handle correctly rebasing, inflationary, deflationary tokens and tokens with fee on transfer
#47
hats-bug-reporter[bot]
opened
5 months ago
3
Front-running the create campaign making users overpay on fees
#46
hats-bug-reporter[bot]
opened
5 months ago
1
The recoverRewards may revert when it should not, resulting in losses of rewards not recovered
#45
hats-bug-reporter[bot]
opened
6 months ago
1
Risk of Merkle Tree Collision may result in loss of funds
#44
hats-bug-reporter[bot]
opened
6 months ago
2
Malicious campaign owner with multiple campaigns can steal funds from other campaigns by exploiting a specific edge case.
#43
hats-bug-reporter[bot]
opened
6 months ago
1
Merkle implementation does not prevent replication of transactions across chains
#42
hats-bug-reporter[bot]
opened
6 months ago
5
`abi.encodePacked()` should not be used with dynamic types when passing the result to a hash function such as `keccak256()`
#41
hats-bug-reporter[bot]
opened
6 months ago
1
No way to recover the unclaimed rewards.
#40
hats-bug-reporter[bot]
opened
6 months ago
1
There is no way to recover upgradability back after using ossify()
#39
hats-bug-reporter[bot]
opened
6 months ago
1
add pause/unpause function in the metrom contract
#38
hats-bug-reporter[bot]
opened
6 months ago
1
users who add liquidity twice in the campaign range time may not be able to claim the second fair reward
#37
hats-bug-reporter[bot]
opened
6 months ago
2
shadowing-local 5 occurrences
#36
hats-bug-reporter[bot]
opened
6 months ago
1
Last claimer will not be able to claim rewards due to stETH's 1-2 wei corner issue
#35
hats-bug-reporter[bot]
opened
6 months ago
5
Protocol does not earn any fees if reward token used has low decimals
#34
hats-bug-reporter[bot]
opened
6 months ago
16
Campaign owners can bypass protocol fees causing loss to the protocol
#33
hats-bug-reporter[bot]
opened
6 months ago
5
Missing access control on initialize() function
#32
hats-bug-reporter[bot]
opened
6 months ago
1
Due to lack of expiration of the merkle proofs users can claim after campaign has concluded
#31
hats-bug-reporter[bot]
opened
6 months ago
6
Wrong emit parameters in `createCampaign`
#30
hats-bug-reporter[bot]
opened
6 months ago
1
the function `claimFees` reverts when ther claim fee is zero and break the whole loop
#29
hats-bug-reporter[bot]
opened
6 months ago
2
Missing check for equal length arrays when creating campaign
#28
hats-bug-reporter[bot]
opened
6 months ago
1
Unrestricted Updates to Campaign Merkle Roots Pose Significant Risks in Reward Distribution Integrity
#27
hats-bug-reporter[bot]
opened
6 months ago
1
Ineffective Reward Recovery Due to Incorrect Merkle Proof Verification in `recoverRewards` Function
#26
hats-bug-reporter[bot]
opened
6 months ago
1
Upgradable contracts should have a __gap variable
#25
hats-bug-reporter[bot]
opened
6 months ago
1
Off-by-one timestamp error
#24
hats-bug-reporter[bot]
opened
6 months ago
1
Using > when declaring solidity version without specifying an upperbound can cause future vulnerabilities
#23
hats-bug-reporter[bot]
opened
6 months ago
1
Sending tokens in a for loop
#22
hats-bug-reporter[bot]
opened
6 months ago
1
Rewards should only be recoverable after the campain finishes
#21
hats-bug-reporter[bot]
opened
6 months ago
1
malicious campaign owner can siphon rewards from users
#20
hats-bug-reporter[bot]
opened
6 months ago
4
distributeRewards function allows duplicate campaigns to be submitted by the updater
#19
hats-bug-reporter[bot]
opened
6 months ago
11
The emit in the `acceptOwnership` function omits key information.
#18
hats-bug-reporter[bot]
opened
6 months ago
1
Next