issues
search
sherlock-audit
/
2023-11-covalent-judging
3
stars
2
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Dobry - Anyone can call `redeemRewards` and redeem rewards
#125
sherlock-admin2
closed
5 months ago
2
iberry - The function submitBlockSpecimenProof may be dos
#124
sherlock-admin
closed
5 months ago
2
Atharv - If the seconds per Block changes for any of the chain then noone will able to submit blockspecimen proof.
#123
sherlock-admin2
closed
5 months ago
2
ydlee - An operators can submit another's specimen proofs, without actual proof of work.
#122
sherlock-admin
closed
5 months ago
3
cheatcode - Inequitable Reward Distribution When Pool is Depleted
#121
sherlock-admin2
closed
5 months ago
2
cheatcode - Missing Transaction Order Protections Enable Arbitrage Exploitation
#120
sherlock-admin
closed
5 months ago
2
Atharv - `BlockSpecimenProofChain.sol::finalizeSpecimenSession` should be called automatically by oracle, else noone will receive the rewards for the work.
#119
sherlock-admin2
closed
5 months ago
2
Bauer - The `enableValidator()` function does not check if the stake amount exceeds the maximum value
#118
sherlock-admin
closed
5 months ago
3
Dobry - Missing check for `validatorId`
#117
sherlock-admin2
closed
5 months ago
3
cheatcode - Lack of Balance Validation Before Token Transfer
#116
sherlock-admin
closed
5 months ago
3
whoismxuse - ContributorsN will fail against _BlockSpecimenQuorum even though it is met
#115
sherlock-admin2
closed
5 months ago
1
cheatcode - Accumulated Discrepancies from Repeated Rounding in Token Conversion
#114
sherlock-admin
closed
5 months ago
0
Bauer - When validators stake, there is a lack of a minimum stake amount check
#113
sherlock-admin2
closed
5 months ago
2
iberry - 'delete session.blockProperties[agreedBlockHash]' in BlockSpecimenProofChain._finalizeWithParticipants which contains a mapping
#112
sherlock-admin
closed
5 months ago
1
Atharv - No need to run validator just frontrun the transaction.
#111
sherlock-admin2
closed
5 months ago
2
bareli - out of gas can happen due to totalValueLocked.
#110
sherlock-admin
closed
5 months ago
2
Bauer - Front-run attack on `rewardValidators()`
#109
sherlock-admin2
closed
5 months ago
1
Atharv - No "0" value checking and duplicate `validatorId` in the function `BlockSpecimenProofChain.sol::addBSPOperator` for `validatorIDs` mapping
#108
sherlock-admin
closed
5 months ago
2
hunter_w3b - Sandwich Attack in Reward Validators
#107
sherlock-admin2
closed
5 months ago
1
iberry - The '_bspRequiredStake' variable is not initialized in the 'initialize' function
#106
sherlock-admin
closed
5 months ago
1
dany.armstrong90 - OperationalStaking.sol: there is no consistency in the application of validatorEnableMinStake.
#105
sherlock-admin2
closed
5 months ago
2
dany.armstrong90 - OperationalStaking.sol has rounding errors.
#104
sherlock-admin
closed
5 months ago
1
ljj - Delegators can cause loss of rewards to validators.
#103
sherlock-admin2
closed
5 months ago
1
krkba - Lack of `newAddress` Validation in `setValidatorAddress`
#102
sherlock-admin
closed
5 months ago
2
ydlee - `getDelegatorTotalLocked` return wrong value.
#101
sherlock-admin2
closed
5 months ago
2
bitsurfer - `setValidatorAddress` will not be usable in the long run due to `unstakings` array will eventually reach 300 array length
#100
sherlock-admin
closed
5 months ago
1
4b - In `OperationalStaking.sol` there is no penalisation of Network Operators that are dishonest or malicious this can result in misbehaviour of Network Operators
#99
sherlock-admin2
closed
5 months ago
2
Al-Qa-qa - Validators can get prevented from unstaking all their tokens
#98
sherlock-admin
closed
5 months ago
18
ydlee - Specimen session cannot be finalized if the validator submits the agreed specimen hash has an ID greater than 255.
#97
sherlock-admin2
closed
5 months ago
1
Al-Qa-qa - Validators can stake greater than `validatorMaxStake`
#96
sherlock-admin
closed
5 months ago
1
caventa - Validator unstaking exploit extends delegator cooldown period
#95
sherlock-admin2
closed
5 months ago
2
Atharv - Sandwich Attack on rewardValidators Function, Attacker can earn max-profit quickly.
#94
sherlock-admin
closed
5 months ago
1
Atharv - Missing Require Statement in setValidatorMaxStake function
#93
sherlock-admin2
closed
5 months ago
3
zach223 - The session result can be manipulated by preventing quorum attainment through multiple calls to `submitBlockSpecimenProof`
#92
sherlock-admin
closed
5 months ago
1
krkba - Potential DOS attack in `finalizeSpecimenSession`
#91
sherlock-admin2
closed
5 months ago
2
emrekocak - Anyone can redeem any delegator's or validator's reward
#90
sherlock-admin
closed
5 months ago
2
zach223 - When updating the validator address with the `setValidatorAddress` function, the delegated amount is not adjusted which may lead to the validator’s potential losses
#89
sherlock-admin2
closed
5 months ago
1
cergyk - OperationalStaking::setValidatorAddress unstaked validator can grief delegator by setting his address as new validator
#88
sherlock-admin
closed
5 months ago
21
bitsurfer - `sharesToBurn` on redeeming rewards doesn't rounding up, which tend towards favoring validators and Covalent slowly loosing the CQT
#87
sherlock-admin2
closed
5 months ago
0
4b - Incomplete `README.md` which can mislead researchers.
#86
sherlock-admin
closed
5 months ago
2
cergyk - OperationalStaking::setValidatorAddress Validator can bypass validatorMaxStake threshold by setting address to an existing delegator
#85
sherlock-admin2
closed
5 months ago
1
aslanbek - setValidatorAddress allows exceeding the validator and delegator staking caps by 27 times
#84
sherlock-admin
closed
5 months ago
1
cergyk - BlockSpecimenProofChain::submitBlockSpecimen block number may be incorrectly estimated for some chains
#83
sherlock-admin2
closed
5 months ago
9
SadBase - Changing Validator to an Existing Delegator Might Skew Delegated Value
#82
sherlock-admin
closed
5 months ago
1
cergyk - BlockSpecimenProofChain::_finalizeWithParticipants Finalization can be bricked if number of validators is greater than 256
#81
sherlock-admin2
closed
5 months ago
3
Atharv - Missed Require statement, If values not set properly then no-one can enable the validator and hence DOS
#80
sherlock-admin
closed
5 months ago
3
cergyk - BlockSpecimenProofChain::submitBlockSpecimenProof Block specimen producer can greatly reduce session duration by submitting fake block specimen in the future
#79
sherlock-admin2
opened
5 months ago
6
cergyk - OperationalStaking::_unstake Delegators can bypass 28 days unstaking cooldown when enough rewards have accumulated
#78
sherlock-admin
opened
5 months ago
6
Damiclone - Numerous Unchecked Inputs can lead to malfunctioning of protocol
#77
sherlock-admin2
closed
5 months ago
2
qmdddd - The coolDown mechanism can be bypassed for some validators
#76
sherlock-admin
closed
5 months ago
1
Next