sherlock-audit 2022-10-merit-circle-judging issues

sherlock-audit / 2022-10-merit-circle-judging

1 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

minhquanym - Possible DOS in `deposit()`, `extendLock()` and `increaseLock()` because of potential overflow

#72 sherlock-admin closed 2 years ago
0
yixxas - Users can lose funds when calling `extendLock()`

#71 sherlock-admin closed 2 years ago
1
ali_shehab - Current implementation assume that all token are 18 decimal

#70 sherlock-admin closed 2 years ago
0
hickuphh3 - Rewards distribution may be frontrun

#69 sherlock-admin closed 2 years ago
0
innertia - Unlimited loop processing

#68 sherlock-admin closed 2 years ago
0
minhquanym - Flash loan vulnerability - User can bypass `MIN_LOCK_DURATION` limit

#67 sherlock-admin closed 2 years ago
3
innertia - Unsafe cast from uint256 to uint64

#66 sherlock-admin closed 2 years ago
2
bin2chen - Upgradeable contract without Storage Gaps

#65 sherlock-admin closed 2 years ago
0
hickuphh3 - Insufficient input validation of `escrowPortion` and `escrowPool`

#64 sherlock-admin closed 2 years ago
0
bin2chen - Improper escrow configuration can lead to loss of Rewards

#63 sherlock-admin closed 2 years ago
0
bin2chen - contract unavailability attack

#62 sherlock-admin closed 2 years ago
0
bin2chen - wrong "unit" setting

#61 sherlock-admin closed 2 years ago
0
hickuphh3 - Use OZ's MulticallUpgradeable instead of BoringBatchable

#60 sherlock-admin closed 2 years ago
0
hickuphh3 - Loss of rewards if `pointsPerShare` increment exceeds `type(int256).max`

#59 sherlock-admin closed 2 years ago
2
Jeiwan - Denial of service for maximal bonus depositors after a curve point was removed

#58 sherlock-admin closed 2 years ago
0
Jeiwan - Depositors will never get the highest bonus after a new point is added to the end of a curve

#57 sherlock-admin closed 2 years ago
0
Jeiwan - Misconfigured pool can lead to rewards locked indefinitely

#56 sherlock-admin closed 2 years ago
0
Jeiwan - Rewards can be stolen via lock duration extension and reduction

#55 sherlock-admin closed 2 years ago
1
Rohan16 - Burning should be done if we deploy `_mint`

#54 sherlock-admin closed 2 years ago
0
hickuphh3 - Disincentive to extend lock because shares are burnt

#53 sherlock-admin closed 2 years ago
1
hickuphh3 - Curve is not guaranteed to be monotonically increasing

#52 sherlock-admin closed 2 years ago
0
Rohan16 - Unbounded loop in `Timelock.sol` could lead to a griefing/DOS attack

#51 sherlock-admin closed 2 years ago
0
0xmuxyz - There is possibility that leave a contract "uninitialized" and that contract will be used for malicious attack

#50 sherlock-admin closed 2 years ago
0
gatsbyjr - Unlimited minting and burning is possible through TestBasePool.sol

#49 sherlock-admin closed 2 years ago
0
berndartmueller - Withdrawing deposits within a batch transaction can lead to issues with deposit ids

#48 sherlock-admin closed 2 years ago
0
berndartmueller - Curve points are not validated to be continuously increasing

#47 sherlock-admin closed 2 years ago
0
berndartmueller - Unsafe cast of `pointsPerShare` can cause wrong reward calculation

#46 sherlock-admin closed 2 years ago
0
berndartmueller - Claiming rewards with a pool that has an escrow portion but no escrow pool set will render the escrowed rewards lost

#45 sherlock-admin closed 2 years ago
0
Ch_301 - Missing checking `address(0)`

#44 sherlock-admin closed 2 years ago
0
Ch_301 - Missing updating of the `unit` value.

#43 sherlock-admin closed 2 years ago
0
rvierdiiev - User can't transfer all amount of claimed rewards

#42 sherlock-admin closed 2 years ago
0
rvierdiiev - BasePool.distributeRewards function should be restricted to not be called by anyone

#41 sherlock-admin closed 2 years ago
0
rvierdiiev - Curve mess up is posssible that leads to deposit function blocked

#40 sherlock-admin closed 2 years ago
0
JohnSmith - Unsafe cast on point correction calculations

#39 sherlock-admin closed 2 years ago
0
defsec - Front-runnable Initializers

#38 sherlock-admin closed 2 years ago
0
rvierdiiev - Lock time can be avoided

#37 sherlock-admin closed 2 years ago
0
CodingNameKiki - Two malicious users can drain a big amount of rewards up to 48 weeks, for the little lock time of 10 mins.

#36 sherlock-admin closed 2 years ago
0
apajaresaguilera - Prevent reentrancy

#35 sherlock-admin closed 2 years ago
0
8olidity - Consider whether depositToken and rewardToken are deflationary tokens

#34 sherlock-admin closed 2 years ago
0
defsec - Persisted msg.value in a loop of delegate calls can be used to drain ETH from your proxy

#33 sherlock-admin closed 2 years ago
0
Chom - pointsPerShare is not scaled once shares have been minted (deposit) or burned (withdraw)

#32 sherlock-admin closed 2 years ago
0
carlitox477 - TimeLockPool#increaseLock allows burning shares

#31 sherlock-admin closed 2 years ago
0
carlitox477 - TimeLockPool#withdraw allows burning shares

#30 sherlock-admin closed 2 years ago
0
carlitox477 - TimeLockPool#deposit allow burning shares

#29 sherlock-admin closed 2 years ago
0
carlitox477 - BasePool#claimRewards allows users to burn rewards

#28 sherlock-admin closed 2 years ago
0
carlitox477 - BasePool#__BasePool_init does not check some parameters

#27 sherlock-admin closed 2 years ago
0
Chom - cumulativeRewardsOf logic is incorrect

#26 sherlock-admin closed 2 years ago
2
carlitox477 - AbstractRewards#_correctPoints can lead to wrong calculation due to unsafe casting

#25 sherlock-admin closed 2 years ago
0
Chom - cumulativeRewardsOf can be minus. This is unexpected behavior

#24 sherlock-admin closed 2 years ago
0
Chom - if (nonEscrowedRewardAmount > 1) is not correct

#23 sherlock-admin closed 2 years ago
0

Previous Next