sherlock-audit 2024-05-sophon-judging issues

sherlock-audit / 2024-05-sophon-judging

1 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

[Low] Re-Entrancy Vulnerability Due to Non-Aligned Best Practices in Withdrawal Logic

#236 sherlock-admin4 closed 1 month ago
0
Early_Emission

#235 sherlock-admin2 closed 1 month ago
0
Missing_isContract_Checks

#234 sherlock-admin3 closed 1 month ago
0
Unrunnable_Code

#233 sherlock-admin4 closed 1 month ago
0
The farm can be restart after it has ended

#232 sherlock-admin2 closed 1 month ago
0
Incorrect natspec for `accPointsPerShare` in `SophonFarmingState` PoolInfo struct

#231 sherlock-admin3 closed 1 month ago
0
Not enforcing to have decimal 18

#230 sherlock-admin4 closed 1 month ago
0
ArsenLupin - Use safeApprove in the bridgePool instead

#229 sherlock-admin3 closed 1 month ago
1
0xAadi - Unnecessary Scaling in _pendingPoints() Function

#228 sherlock-admin2 closed 1 month ago
1
JrNet - Design Issue: add() and set() relay on owner to update all pools can cause reward (points) loss.

#227 sherlock-admin4 closed 1 month ago
3
Audinarey - New pool cannot be added to the farm if the `lpSupply` of at least one pool is zero

#226 sherlock-admin3 closed 1 month ago
12
dimi6oni - Unchecked ETH Transfer in receive Function Allows Loss of Funds

#225 sherlock-admin2 closed 1 month ago
1
ArsenLupin - User could accidentally loose the tokens

#224 sherlock-admin4 closed 1 month ago
3
0xblack_bird - `Withdraw` lacks proper checks ,resulting in unexpected state

#223 sherlock-admin3 closed 1 month ago
1
dhank - Able to update new startBlock greater then old startBlock

#222 sherlock-admin2 closed 1 month ago
2
Albort - The function has a logical error in its checks.

#221 sherlock-admin4 closed 1 month ago
1
ArsenLupin - Inflated amount of points will be received in the _pendingPoints

#220 sherlock-admin3 closed 1 month ago
1
0xblack_bird - Lack of previous boostAmount checks resulting in excess boosting for user.

#219 sherlock-admin2 closed 1 month ago
1
Avci - No Storage Gap for Upgradeable Contracts

#218 sherlock-admin4 closed 1 month ago
1
zarkk01 - No slippage protection on convert functions in `SophonFarming`.

#217 sherlock-admin3 closed 1 month ago
1
jasonxiale - `SophonFarming.setEndBlock` can reset endblock after farming ends

#216 sherlock-admin2 closed 1 month ago
0
FonDevs - potential temporary denial of service when adding the first pool with `_allocPoint == 0`

#215 sherlock-admin4 closed 1 month ago
1
0xAadi - `user.rewardSettled` become always zero due to the way `user.rewardDebt` is being calculated and deducted from `user.rewardSettled`.

#214 sherlock-admin3 closed 1 month ago
1
Ragnark_323 - Manipulation of Block Multiplier via Low Gas Fees

#213 sherlock-admin2 closed 1 month ago
1
dimi6oni - Unbounded loop in `SophonFarming::massUpdatePools` leads to potential Denial of Service (DoS)

#212 sherlock-admin4 closed 1 month ago
1
dimi6oni - Lack of event emission for critical state changes leads to reduced transparency and auditing challenges

#211 sherlock-admin3 closed 1 month ago
1
ArsenLupin - User loose up to 50% t ofhe balance if he deposit _boostAmount via _deposit function.

#210 sherlock-admin2 closed 1 month ago
1
Ragnark_323 - DOS in depositEth Function due to Reentrancy

#209 sherlock-admin4 closed 1 month ago
1
jah - wrong calculation on sophonFarming._pendingPoints

#208 sherlock-admin3 closed 1 month ago
1
dimi6oni - Lack of flash loan protection leads to reward manipulation

#207 sherlock-admin2 closed 1 month ago
1
Audinarey - ETH deposits into SophonFarming via `wstETH` pools is made at a loss to the user

#206 sherlock-admin4 closed 1 month ago
7
0xAadi - Incorrect Reward Calculation Due to Unupdated `lastRewardBlock` When `startBlock` is Reduced or Increased

#205 sherlock-admin3 closed 1 month ago
2
nikhil840096 - Precision loss in `SophonFarming.sol:_pendingPoints`.

#204 sherlock-admin2 closed 1 month ago
1
dimi6oni - Missing Existence Check in Delegatecall Leads to Misleading Execution

#203 sherlock-admin4 closed 1 month ago
1
Avci - the `SophonFarming.sol` contract assumes all tokens in the contract have 18 decimals

#202 sherlock-admin3 closed 1 month ago
1
dhank - Users will not get their deserved rewards once the farming startBlock has changed.

#201 sherlock-admin2 closed 1 month ago
2
dimi6oni - Improper storage slot management in proxy contract causes potential overwriting of critical variables

#200 sherlock-admin4 closed 1 month ago
1
0xShoonya - Booster Proceeds Draining Using `withdrawProceeds()` Function in case of Private Key Hacks

#199 sherlock-admin3 closed 1 month ago
1
Ragnark_323 - Dangerous Proxy Pattern Implementation with Constructor and Immutable Variables Leading to Incompatibility

#198 sherlock-admin2 closed 1 month ago
1
dimi6oni - Lack of additional verification for `Upgradeable2Step::acceptImplementation` leads to unauthorized implementation acceptance

#197 sherlock-admin4 closed 1 month ago
1
0xShoonya - `massUpdatePools()` is susceptible to DoS with block gas limit

#196 sherlock-admin3 closed 1 month ago
1
EgisSecurity - SophonFarming.sol - If a pool doesn't have any deposits, after it has started, it will eat up the allocation of points of other pools

#195 sherlock-admin2 closed 3 weeks ago
20
dimi6oni - Uninitialized proxy attack causes unauthorized access and control over the contract

#194 sherlock-admin4 closed 1 month ago
1
Ragnark_323 - Pending Points Calculation Returns Zero for user Deposits due to incorrect precision handling

#193 sherlock-admin3 closed 1 month ago
1
Audinarey - bridged funds will be stuck without a way to withdraw.

#192 sherlock-admin2 closed 1 month ago
10
4th05 - `endBlock` can be set equal to `0` once the `farm` is ongoing

#191 sherlock-admin4 closed 1 month ago
0
AlexCzm - Users can farm points and withdraw their assets before bridging period starts, leaving protocol with no liquidity to bridge

#190 sherlock-admin3 closed 1 month ago
1
0xShoonya - Improper reward points calculation (withUpdate)

#189 sherlock-admin2 closed 1 month ago
3
Kirkeelee - No slippage protection when depositing and withdrawing to the predefinedPool

#188 sherlock-admin4 closed 1 month ago
2
0xShoonya - Wrong reward points calculation in `SophonFarming.sol` contract

#187 sherlock-admin3 closed 1 month ago
3