sherlock-audit 2022-10-merit-circle-judging issues

sherlock-audit / 2022-10-merit-circle-judging

1 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

saian - `withdraw` will revert if user had transferred shares

#122 sherlock-admin closed 2 years ago
2
hyh - Rewards can be retrieved in a almost flash loan manner

#121 sherlock-admin closed 2 years ago
0
ak1 - Curve points calculation is not clear

#120 sherlock-admin closed 2 years ago
0
saian - User can receive more rewards by staking for less duration

#119 sherlock-admin closed 2 years ago
0
hyh - Maximum duration multiplier can be forced for lock amount increase

#118 sherlock-admin closed 2 years ago
0
holyhansss - [HIGH] Users will lose funds when expending lock time.

#117 sherlock-admin closed 2 years ago
1
WATCHPUG - Miscellaneous

#116 sherlock-admin closed 2 years ago
0
saian - User will loose rewards if `escrowPool` is set to address(0)

#115 sherlock-admin closed 2 years ago
0
saian - User will loose rewards during re-staking

#114 sherlock-admin closed 2 years ago
2
WATCHPUG - Lack of deadline control in `deposit()` may result in an unfavorable lock in some edge cases

#113 sherlock-admin closed 2 years ago
1
TomJ - User will Lose Rewards by `extendLock()` of `TimeLockPool.sol`

#112 sherlock-admin closed 2 years ago
1
WATCHPUG - Curve points should be guaranteed to be monotonic increasing

#111 sherlock-admin opened 2 years ago
3
ElKu - extendLock function in TimeLockPool contract overwrites previously accumulated token shares

#110 sherlock-admin closed 2 years ago
1
WATCHPUG - Extend lock period should never result in a decrease of overall rewards (`total length of locked period * shares`)

#109 sherlock-admin opened 2 years ago
3
WATCHPUG - Expired locks should not continue to earn rewards at the original high multiplier rate

#108 sherlock-admin opened 2 years ago
3
WATCHPUG - `escrowedReward` will be frozen in the contract if `escrowPool == address(0)` but `escrowPortion > 0`

#107 sherlock-admin opened 2 years ago
3
WATCHPUG - Front run `distributeRewards()` can steal the newly added rewards

#106 sherlock-admin opened 2 years ago
3
ignacio - RETURN VALUES OF TRANSFER()/TRANSFERFROM() NOT CHECKED

#105 sherlock-admin closed 2 years ago
0
HonorLt - Receiver might not support deposits

#104 sherlock-admin closed 2 years ago
0
WATCHPUG - First user can inflate `pointsPerShare` and cause `_correctPoints()` to revert due to overflow

#103 sherlock-admin opened 2 years ago
5
WATCHPUG - `increaseLock()` should read `userDeposit[_receiver]` instead of `depositsOf[_msgSender()]`

#102 sherlock-admin opened 2 years ago
3
hyh - Unit isn't recalculated on curve modification with setCurvePoint

#101 sherlock-admin opened 2 years ago
3
ignacio - _SAFEMINT() SHOULD BE USED RATHER THAN _MINT() WHEREVER POSSIBLE

#100 sherlock-admin closed 2 years ago
0
ignacio - CALL() SHOULD BE USED INSTEAD OF TRANSFER()

#99 sherlock-admin closed 2 years ago
0
HonorLt - msg.sender and _msgSender() confusion

#98 sherlock-admin closed 2 years ago
0
__141345__ - unit and curve.length need sanity check

#97 sherlock-admin closed 2 years ago
0
tofunmi - DOS BY FRONTRUNNING `TimeLockNonTransferablePool` INITIALIZE() FUNCTION

#96 sherlock-admin closed 2 years ago
0
HonorLt - Curve change frontrunning

#95 sherlock-admin closed 2 years ago
0
ElKu - If the first curve value is set to be non-zero, an attacker can drain protocol(user) funds

#94 sherlock-admin closed 2 years ago
2
HonorLt - Increasing the lock malfunction

#93 sherlock-admin closed 2 years ago
0
ElKu - Curve values are not checked to be in increasing order. Leading to revert of several core functions.

#92 sherlock-admin closed 2 years ago
0
ignacio - A miner can manipulate the block timestamp which can be used to their advantage to attack a smart contract via Block Timestamp Manipulation

#91 sherlock-admin closed 2 years ago
0
holyhansss - [MED] User’s fund can be lock more or less than expected by arbitrary max duration time.

#90 sherlock-admin closed 2 years ago
0
ignacio - <ARRAY>.LENGTH SHOULD NOT BE LOOKED UP IN EVERY LOOP OF A FOR-LOOP and Increments can be unchecked for Gas Optimizations

#89 sherlock-admin closed 2 years ago
0
Rohan16 - Minted amounts may be minted to non receivers

#88 sherlock-admin closed 2 years ago
0
hickuphh3 - `extendLock()` retroactively applies multiplier while `increaseLock()` doesnt

#87 sherlock-admin closed 2 years ago
2
__141345__ - TimeLockPool withdraw() _receiver need 0 address check

#86 sherlock-admin closed 2 years ago
0
__141345__ - Rewards might be lost due to rounding down error

#85 sherlock-admin closed 2 years ago
2
yixxas - A malicious address with the onlyGov role can have full access to the contract storage

#84 sherlock-admin closed 2 years ago
0
yixxas - Different min and max locked time from what is stated in proposal documentation.

#83 sherlock-admin closed 2 years ago
0
defsec - Deposit and Reward token should be different

#82 sherlock-admin closed 2 years ago
0
yixxas - Users can still transfer tokens with TimeLockNonTransferablePool by using transferFrom

#81 sherlock-admin closed 2 years ago
0
hickuphh3 - `setCurve()` can be optimised

#80 sherlock-admin closed 2 years ago
0
nalus - Some Gas and QA improvement proposals

#79 sherlock-admin closed 2 years ago
0
minhquanym - Possible DOS in function `getTotalDeposit()` and `getDepositOf()` because of unbounded gas consumption

#78 sherlock-admin closed 2 years ago
0
nalus - Upgradable contract should have a gap on the end

#77 sherlock-admin closed 2 years ago
0
nalus - IncreaseLock() should check MIN_LOCK_DURATION

#76 sherlock-admin closed 2 years ago
0
nalus - Deposit ids get mixed up upon withdrawal

#75 sherlock-admin closed 2 years ago
0
nalus - Duration overflow

#74 sherlock-admin closed 2 years ago
0
hickuphh3 - Have a proper uuid for deposits identification

#73 sherlock-admin closed 2 years ago
0