sherlock-audit 2023-11-covalent-judging issues

sherlock-audit / 2023-11-covalent-judging

3 stars 2 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Dobry - Anyone can call `redeemRewards` and redeem rewards

#125 sherlock-admin2 closed 5 months ago
2
iberry - The function submitBlockSpecimenProof may be dos

#124 sherlock-admin closed 5 months ago
2
Atharv - If the seconds per Block changes for any of the chain then noone will able to submit blockspecimen proof.

#123 sherlock-admin2 closed 5 months ago
2
ydlee - An operators can submit another's specimen proofs, without actual proof of work.

#122 sherlock-admin closed 5 months ago
3
cheatcode - Inequitable Reward Distribution When Pool is Depleted

#121 sherlock-admin2 closed 5 months ago
2
cheatcode - Missing Transaction Order Protections Enable Arbitrage Exploitation

#120 sherlock-admin closed 5 months ago
2
Atharv - `BlockSpecimenProofChain.sol::finalizeSpecimenSession` should be called automatically by oracle, else noone will receive the rewards for the work.

#119 sherlock-admin2 closed 5 months ago
2
Bauer - The `enableValidator()` function does not check if the stake amount exceeds the maximum value

#118 sherlock-admin closed 5 months ago
3
Dobry - Missing check for `validatorId`

#117 sherlock-admin2 closed 5 months ago
3
cheatcode - Lack of Balance Validation Before Token Transfer

#116 sherlock-admin closed 5 months ago
3
whoismxuse - ContributorsN will fail against _BlockSpecimenQuorum even though it is met

#115 sherlock-admin2 closed 5 months ago
1
cheatcode - Accumulated Discrepancies from Repeated Rounding in Token Conversion

#114 sherlock-admin closed 5 months ago
0
Bauer - When validators stake, there is a lack of a minimum stake amount check

#113 sherlock-admin2 closed 5 months ago
2
iberry - 'delete session.blockProperties[agreedBlockHash]' in BlockSpecimenProofChain._finalizeWithParticipants which contains a mapping

#112 sherlock-admin closed 5 months ago
1
Atharv - No need to run validator just frontrun the transaction.

#111 sherlock-admin2 closed 5 months ago
2
bareli - out of gas can happen due to totalValueLocked.

#110 sherlock-admin closed 5 months ago
2
Bauer - Front-run attack on `rewardValidators()`

#109 sherlock-admin2 closed 5 months ago
1
Atharv - No "0" value checking and duplicate `validatorId` in the function `BlockSpecimenProofChain.sol::addBSPOperator` for `validatorIDs` mapping

#108 sherlock-admin closed 5 months ago
2
hunter_w3b - Sandwich Attack in Reward Validators

#107 sherlock-admin2 closed 5 months ago
1
iberry - The '_bspRequiredStake' variable is not initialized in the 'initialize' function

#106 sherlock-admin closed 5 months ago
1
dany.armstrong90 - OperationalStaking.sol: there is no consistency in the application of validatorEnableMinStake.

#105 sherlock-admin2 closed 5 months ago
2
dany.armstrong90 - OperationalStaking.sol has rounding errors.

#104 sherlock-admin closed 5 months ago
1
ljj - Delegators can cause loss of rewards to validators.

#103 sherlock-admin2 closed 5 months ago
1
krkba - Lack of `newAddress` Validation in `setValidatorAddress`

#102 sherlock-admin closed 5 months ago
2
ydlee - `getDelegatorTotalLocked` return wrong value.

#101 sherlock-admin2 closed 5 months ago
2
bitsurfer - `setValidatorAddress` will not be usable in the long run due to `unstakings` array will eventually reach 300 array length

#100 sherlock-admin closed 5 months ago
1
4b - In `OperationalStaking.sol` there is no penalisation of Network Operators that are dishonest or malicious this can result in misbehaviour of Network Operators

#99 sherlock-admin2 closed 5 months ago
2
Al-Qa-qa - Validators can get prevented from unstaking all their tokens

#98 sherlock-admin closed 5 months ago
18
ydlee - Specimen session cannot be finalized if the validator submits the agreed specimen hash has an ID greater than 255.

#97 sherlock-admin2 closed 5 months ago
1
Al-Qa-qa - Validators can stake greater than `validatorMaxStake`

#96 sherlock-admin closed 5 months ago
1
caventa - Validator unstaking exploit extends delegator cooldown period

#95 sherlock-admin2 closed 5 months ago
2
Atharv - Sandwich Attack on rewardValidators Function, Attacker can earn max-profit quickly.

#94 sherlock-admin closed 5 months ago
1
Atharv - Missing Require Statement in setValidatorMaxStake function

#93 sherlock-admin2 closed 5 months ago
3
zach223 - The session result can be manipulated by preventing quorum attainment through multiple calls to `submitBlockSpecimenProof`

#92 sherlock-admin closed 5 months ago
1
krkba - Potential DOS attack in `finalizeSpecimenSession`

#91 sherlock-admin2 closed 5 months ago
2
emrekocak - Anyone can redeem any delegator's or validator's reward

#90 sherlock-admin closed 5 months ago
2
zach223 - When updating the validator address with the `setValidatorAddress` function, the delegated amount is not adjusted which may lead to the validator’s potential losses

#89 sherlock-admin2 closed 5 months ago
1
cergyk - OperationalStaking::setValidatorAddress unstaked validator can grief delegator by setting his address as new validator

#88 sherlock-admin closed 5 months ago
21
bitsurfer - `sharesToBurn` on redeeming rewards doesn't rounding up, which tend towards favoring validators and Covalent slowly loosing the CQT

#87 sherlock-admin2 closed 5 months ago
0
4b - Incomplete `README.md` which can mislead researchers.

#86 sherlock-admin closed 5 months ago
2
cergyk - OperationalStaking::setValidatorAddress Validator can bypass validatorMaxStake threshold by setting address to an existing delegator

#85 sherlock-admin2 closed 5 months ago
1
aslanbek - setValidatorAddress allows exceeding the validator and delegator staking caps by 27 times

#84 sherlock-admin closed 5 months ago
1
cergyk - BlockSpecimenProofChain::submitBlockSpecimen block number may be incorrectly estimated for some chains

#83 sherlock-admin2 closed 5 months ago
9
SadBase - Changing Validator to an Existing Delegator Might Skew Delegated Value

#82 sherlock-admin closed 5 months ago
1
cergyk - BlockSpecimenProofChain::_finalizeWithParticipants Finalization can be bricked if number of validators is greater than 256

#81 sherlock-admin2 closed 5 months ago
3
Atharv - Missed Require statement, If values not set properly then no-one can enable the validator and hence DOS

#80 sherlock-admin closed 5 months ago
3
cergyk - BlockSpecimenProofChain::submitBlockSpecimenProof Block specimen producer can greatly reduce session duration by submitting fake block specimen in the future

#79 sherlock-admin2 opened 5 months ago
6
cergyk - OperationalStaking::_unstake Delegators can bypass 28 days unstaking cooldown when enough rewards have accumulated

#78 sherlock-admin opened 5 months ago
6
Damiclone - Numerous Unchecked Inputs can lead to malfunctioning of protocol

#77 sherlock-admin2 closed 5 months ago
2
qmdddd - The coolDown mechanism can be bypassed for some validators

#76 sherlock-admin closed 5 months ago
1