issues
search
sherlock-audit
/
2024-06-magicsea-judging
8
stars
5
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Real Sand Viper - The fundAndBribe function can not be used with tokens that have a fee on transfer
#725
sherlock-admin3
closed
4 months ago
1
Sticky Hickory Hare - Read-only reentrancy in MasterChefV2::deposit allows an address to take control of all lp tokens and inflate total supply of a pid
#724
sherlock-admin4
closed
4 months ago
1
Elegant Vanilla Crane - `Rewarder` and `Rewarder2` libraries can overflow
#723
sherlock-admin2
closed
4 months ago
1
Elegant Vanilla Crane - Division calculations rounding down leads to users receiving fewer rewards
#722
sherlock-admin3
closed
4 months ago
1
Elegant Vanilla Crane - Fee-on-transfer tokens can affect position’s lock duraiton using `MlumStaking::addToPosition()`
#721
sherlock-admin4
closed
4 months ago
1
Elegant Vanilla Crane - Possible reentrancy in `MasterChefV2` and `BribeRewarder`
#720
sherlock-admin2
closed
4 months ago
1
Icy Basil Seal - In case Stake token and reward token are the same on MlumStaking, the contract will pay out staked tokens as rewards
#719
sherlock-admin3
closed
4 months ago
0
Sticky Hickory Hare - Votes are not reset after each voting epoch
#718
sherlock-admin4
closed
4 months ago
0
Elegant Vanilla Crane - Corruptable Upgradeability Pattern
#717
sherlock-admin2
closed
4 months ago
0
Icy Basil Seal - In case MasterChef stake token is ERC777, it allows to take the contracts balance as free flashloan
#716
sherlock-admin3
closed
4 months ago
0
Glorious Bronze Ladybug - Anyone could create briber
#715
sherlock-admin4
closed
4 months ago
0
Bitter Seaweed Eagle - `MlumStaking::harvestPositionsTo` can only be called by the token owner
#714
sherlock-admin2
closed
4 months ago
0
Skinny Pine Mink - Input argument "amount" should be checked for value greater then 0
#713
sherlock-admin3
closed
4 months ago
0
Sticky Hickory Hare - A malicoius unlockOperator can vote unlimited times during a voting epoch
#712
sherlock-admin4
closed
4 months ago
0
Blunt Carmine Camel - Multiple Low/Info Severity Issues
#711
sherlock-admin2
closed
4 months ago
0
Lone Opaque Mustang - `emergencyWithdraw()` sends funds to `msg.sender` which may not be the NFT owner
#710
sherlock-admin3
closed
4 months ago
0
Sticky Hickory Hare - First Mlum staker can withdraw all the MlumStaking reward tokens if there are any
#709
sherlock-admin4
closed
4 months ago
0
Amusing Turquoise Cormorant - Unnecessary usage of `storage` instead of `memory`, leads to excessively high gas fees
#708
sherlock-admin2
closed
4 months ago
0
Lone Opaque Mustang - `IBribeRewarder` lacks `fundAndBribe()` method
#707
sherlock-admin3
closed
4 months ago
0
Lone Opaque Mustang - `_rewards` is 1 larger than required
#706
sherlock-admin4
closed
4 months ago
0
Mammoth Amethyst Perch - `setTrustee` lacks a validation check to ensure that the `trustee` address provided is not a zero address
#705
sherlock-admin2
closed
4 months ago
0
Icy Basil Seal - Masterchef's constructor sets _voter in the implementation storage, not the proxy storage.
#704
sherlock-admin3
closed
4 months ago
0
Icy Basil Seal - Loss of rewards in case MlumStaking is underfunded
#703
sherlock-admin4
closed
4 months ago
0
Lone Opaque Mustang - Incorrect `getVotesPerPeriod()` implementation
#702
sherlock-admin2
closed
4 months ago
0
Lone Opaque Mustang - Inconsistent `renounceOwnership()` implementations
#701
sherlock-admin3
closed
4 months ago
0
Lone Opaque Mustang - `setLumPerSecond()` will be applied retroactively
#700
sherlock-admin4
closed
4 months ago
0
Lone Opaque Mustang - ` _unlockOperators` will not be able to unlock any NFTs
#699
sherlock-admin2
closed
4 months ago
0
Tricky Pebble Dachshund - Dust amounts can be used to create/add positions
#698
sherlock-admin3
closed
4 months ago
0
Tricky Pebble Dachshund - Upgradeable contracts should derive from openzeppelin upgradeable library only as best practice
#697
sherlock-admin4
closed
4 months ago
1
Tricky Pebble Dachshund - Owner can by mistake rollover to a new voting period while previous period is active, users could loose bribe rewards due to deprived participation
#696
sherlock-admin2
closed
4 months ago
0
Tricky Pebble Dachshund - IVoter is declared as storage variable and is initialized in constructor in MasterChef contract
#695
sherlock-admin3
closed
4 months ago
0
Lone Opaque Mustang - Position creation has missing `_maxGlobalMultiplier` limiter check on `totalMultiplier`
#694
sherlock-admin4
closed
4 months ago
0
dhank - masterChef.sol :: While Updating LumPersec the pools are not updated before hand
#693
sherlock-admin3
closed
4 months ago
0
John_Femi - Vote can be started in the middle of a previous vote
#692
sherlock-admin2
closed
4 months ago
1
0xweebad - POSSIBLE UNDERFLOW IN _safeRewardTransfer() function in the MlumStaking.sol contract
#691
sherlock-admin4
closed
4 months ago
1
slowfi - Fake Token Can Be Used To Block Real `BribeRewarders`
#690
sherlock-admin3
closed
4 months ago
0
0xc0ffEE - User get more reward from BribeRewarder
#689
sherlock-admin2
closed
3 months ago
5
neogranicen - User will be inable to claim rewards for amounts he deposited after a big emrgency withralw
#688
sherlock-admin4
closed
4 months ago
1
Shawon - Upgradable implementation Contracts should not have `constructor` in them
#687
sherlock-admin2
closed
4 months ago
1
PUSH0 - Protocol is incompatible with tokens that returns false on transfer
#686
sherlock-admin4
closed
4 months ago
0
dhank - MasterChef.sol:: fees on transfer tokens will grieve the MasterChef protocol and the Liquidity Provider
#685
sherlock-admin3
closed
4 months ago
0
karsar - user can more vote than the amount deposited
#684
sherlock-admin2
closed
4 months ago
1
Praise03 - Incorrect Implementation Of Rewards Calculation
#683
sherlock-admin4
closed
4 months ago
0
John_Femi - Users can withdraw more than deposited balance
#682
sherlock-admin3
closed
4 months ago
0
ydlee - The checking on whether the lock time of the position is sufficient for voting is incorrect
#681
sherlock-admin2
closed
4 months ago
0
gkrastenov - Blocking voters from receiving extra bribe rewards
#680
sherlock-admin4
closed
4 months ago
0
slowfi - `BribeRewarder` contract Creates a Bigger `_rewards` Array Than It Should
#679
sherlock-admin3
closed
4 months ago
0
zarkk01 - ```BribeRewarder``` contract funtionality is broken with low-decimals tokens.
#678
sherlock-admin2
closed
4 months ago
0
Silvermist - BribeRewarder.sol#_modify - Wrong calculation of the rewards per period
#677
sherlock-admin4
closed
4 months ago
0
zarkk01 - ```vote``` function does not correctly checks if the remaining duration of a ```LockingPosition``` is greater than 14 days.
#676
sherlock-admin3
closed
4 months ago
0
Next