sherlock-audit 2024-06-magicsea-judging issues

sherlock-audit / 2024-06-magicsea-judging

2 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Real Sand Viper - The fundAndBribe function can not be used with tokens that have a fee on transfer

#725 sherlock-admin3 closed 1 month ago
1
Sticky Hickory Hare - Read-only reentrancy in MasterChefV2::deposit allows an address to take control of all lp tokens and inflate total supply of a pid

#724 sherlock-admin4 closed 1 month ago
1
Elegant Vanilla Crane - `Rewarder` and `Rewarder2` libraries can overflow

#723 sherlock-admin2 closed 1 month ago
1
Elegant Vanilla Crane - Division calculations rounding down leads to users receiving fewer rewards

#722 sherlock-admin3 closed 1 month ago
1
Elegant Vanilla Crane - Fee-on-transfer tokens can affect position’s lock duraiton using `MlumStaking::addToPosition()`

#721 sherlock-admin4 closed 1 month ago
1
Elegant Vanilla Crane - Possible reentrancy in `MasterChefV2` and `BribeRewarder`

#720 sherlock-admin2 closed 1 month ago
1
Icy Basil Seal - In case Stake token and reward token are the same on MlumStaking, the contract will pay out staked tokens as rewards

#719 sherlock-admin3 closed 1 month ago
0
Sticky Hickory Hare - Votes are not reset after each voting epoch

#718 sherlock-admin4 closed 1 month ago
0
Elegant Vanilla Crane - Corruptable Upgradeability Pattern

#717 sherlock-admin2 closed 1 month ago
0
Icy Basil Seal - In case MasterChef stake token is ERC777, it allows to take the contracts balance as free flashloan

#716 sherlock-admin3 closed 1 month ago
0
Glorious Bronze Ladybug - Anyone could create briber

#715 sherlock-admin4 closed 1 month ago
0
Bitter Seaweed Eagle - `MlumStaking::harvestPositionsTo` can only be called by the token owner

#714 sherlock-admin2 closed 1 month ago
0
Skinny Pine Mink - Input argument "amount" should be checked for value greater then 0

#713 sherlock-admin3 closed 1 month ago
0
Sticky Hickory Hare - A malicoius unlockOperator can vote unlimited times during a voting epoch

#712 sherlock-admin4 closed 1 month ago
0
Blunt Carmine Camel - Multiple Low/Info Severity Issues

#711 sherlock-admin2 closed 1 month ago
0
Lone Opaque Mustang - `emergencyWithdraw()` sends funds to `msg.sender` which may not be the NFT owner

#710 sherlock-admin3 closed 1 month ago
0
Sticky Hickory Hare - First Mlum staker can withdraw all the MlumStaking reward tokens if there are any

#709 sherlock-admin4 closed 1 month ago
0
Amusing Turquoise Cormorant - Unnecessary usage of `storage` instead of `memory`, leads to excessively high gas fees

#708 sherlock-admin2 closed 1 month ago
0
Lone Opaque Mustang - `IBribeRewarder` lacks `fundAndBribe()` method

#707 sherlock-admin3 closed 1 month ago
0
Lone Opaque Mustang - `_rewards` is 1 larger than required

#706 sherlock-admin4 closed 1 month ago
0
Mammoth Amethyst Perch - `setTrustee` lacks a validation check to ensure that the `trustee` address provided is not a zero address

#705 sherlock-admin2 closed 1 month ago
0
Icy Basil Seal - Masterchef's constructor sets _voter in the implementation storage, not the proxy storage.

#704 sherlock-admin3 closed 1 month ago
0
Icy Basil Seal - Loss of rewards in case MlumStaking is underfunded

#703 sherlock-admin4 closed 1 month ago
0
Lone Opaque Mustang - Incorrect `getVotesPerPeriod()` implementation

#702 sherlock-admin2 closed 1 month ago
0
Lone Opaque Mustang - Inconsistent `renounceOwnership()` implementations

#701 sherlock-admin3 closed 1 month ago
0
Lone Opaque Mustang - `setLumPerSecond()` will be applied retroactively

#700 sherlock-admin4 closed 1 month ago
0
Lone Opaque Mustang - ` _unlockOperators` will not be able to unlock any NFTs

#699 sherlock-admin2 closed 1 month ago
0
Tricky Pebble Dachshund - Dust amounts can be used to create/add positions

#698 sherlock-admin3 closed 1 month ago
0
Tricky Pebble Dachshund - Upgradeable contracts should derive from openzeppelin upgradeable library only as best practice

#697 sherlock-admin4 closed 1 month ago
1
Tricky Pebble Dachshund - Owner can by mistake rollover to a new voting period while previous period is active, users could loose bribe rewards due to deprived participation

#696 sherlock-admin2 closed 1 month ago
0
Tricky Pebble Dachshund - IVoter is declared as storage variable and is initialized in constructor in MasterChef contract

#695 sherlock-admin3 closed 1 month ago
0
Lone Opaque Mustang - Position creation has missing `_maxGlobalMultiplier` limiter check on `totalMultiplier`

#694 sherlock-admin4 closed 1 month ago
0
dhank - masterChef.sol :: While Updating LumPersec the pools are not updated before hand

#693 sherlock-admin3 closed 1 month ago
0
John_Femi - Vote can be started in the middle of a previous vote

#692 sherlock-admin2 closed 1 month ago
1
0xweebad - POSSIBLE UNDERFLOW IN _safeRewardTransfer() function in the MlumStaking.sol contract

#691 sherlock-admin4 closed 1 month ago
1
slowfi - Fake Token Can Be Used To Block Real `BribeRewarders`

#690 sherlock-admin3 closed 1 month ago
0
0xc0ffEE - User get more reward from BribeRewarder

#689 sherlock-admin2 closed 1 month ago
5
neogranicen - User will be inable to claim rewards for amounts he deposited after a big emrgency withralw

#688 sherlock-admin4 closed 1 month ago
1
Shawon - Upgradable implementation Contracts should not have `constructor` in them

#687 sherlock-admin2 closed 1 month ago
1
PUSH0 - Protocol is incompatible with tokens that returns false on transfer

#686 sherlock-admin4 closed 1 month ago
0
dhank - MasterChef.sol:: fees on transfer tokens will grieve the MasterChef protocol and the Liquidity Provider

#685 sherlock-admin3 closed 1 month ago
0
karsar - user can more vote than the amount deposited

#684 sherlock-admin2 closed 1 month ago
1
Praise03 - Incorrect Implementation Of Rewards Calculation

#683 sherlock-admin4 closed 1 month ago
0
John_Femi - Users can withdraw more than deposited balance

#682 sherlock-admin3 closed 1 month ago
0
ydlee - The checking on whether the lock time of the position is sufficient for voting is incorrect

#681 sherlock-admin2 closed 1 month ago
0
gkrastenov - Blocking voters from receiving extra bribe rewards

#680 sherlock-admin4 closed 1 month ago
0
slowfi - `BribeRewarder` contract Creates a Bigger `_rewards` Array Than It Should

#679 sherlock-admin3 closed 1 month ago
0
zarkk01 - ```BribeRewarder``` contract funtionality is broken with low-decimals tokens.

#678 sherlock-admin2 closed 1 month ago
0
Silvermist - BribeRewarder.sol#_modify - Wrong calculation of the rewards per period

#677 sherlock-admin4 closed 1 month ago
0
zarkk01 - ```vote``` function does not correctly checks if the remaining duration of a ```LockingPosition``` is greater than 14 days.

#676 sherlock-admin3 closed 1 month ago
0