sherlock-audit 2024-06-magicsea-judging issues

sherlock-audit / 2024-06-magicsea-judging

8 stars 5 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

neon2835 - The addToPosition function in the MlumStaking contract has a vulnerability, and users may lose their voting eligibility

#675 sherlock-admin2 closed 4 months ago
0
0xc0ffEE - Can not cast vote after bribes registered

#674 sherlock-admin4 closed 4 months ago
0
John_Femi - Link should undo unlink

#673 sherlock-admin3 closed 4 months ago
2
0xrobsol - Potential Exploit in setLumPerSecond Allowing Unfair Reward Spike Exploitation

#672 sherlock-admin2 closed 4 months ago
0
neogranicen - Staker in the MasterchefV2 will lose all his rewards upon emergency withdrawal

#671 sherlock-admin4 closed 4 months ago
1
zarkk01 - A malicious user can execute a Denial of Service (DoS) attack on the registration of legitimate ```BribeRewarder``` contracts in the ```Voter``` contract by registering 5 worthless ```BribeRewarder``` contracts in each ```VotingPeriod```.

#670 sherlock-admin3 closed 4 months ago
0
dhank - MasterChefV2.sol :: User will get incorrect reward when someone in the pool has called emergencyWithdrawal()

#669 sherlock-admin2 closed 4 months ago
0
zarkk01 - New ```LockingPosition``` can be created even if the pool has been unlocked in ```MlumStaking``` contract.

#668 sherlock-admin4 closed 4 months ago
1
zarkk01 - Multipliers in ```MlumStaking``` are incorrectly calculated in ```getMultiplierByLockDuration``` function.

#667 sherlock-admin3 closed 4 months ago
0
anonymousjoe - The first voter of a new BribeRewarder can drain the funds of BribeRewarder

#666 sherlock-admin2 closed 4 months ago
0
zarkk01 - ```_requireOnlyOperatorOrOwnerOf``` does not correctly check the owner or the operator of the position leading to anyone can adjust the duration of a ```LockingPosition``` by adding to it.

#665 sherlock-admin4 closed 4 months ago
0
zarkk01 - Rewards in ```MlumStaking``` are distributed unfairly not taking into consideration the time someone has been locked.

#664 sherlock-admin3 closed 4 months ago
0
slowfi - The `period.endTime` Can Not Match With Its Assigned Value

#663 sherlock-admin2 closed 4 months ago
1
neogranicen - `Create2` address collision against a to-be-deployed rewarder allows for complete draining of the rewarder.

#662 sherlock-admin4 closed 4 months ago
1
0xAadi - Use of wrong parameter type in `Voter._checkRegisterCaller()` cause DoS on `Voter.onRegister()`

#661 sherlock-admin3 closed 4 months ago
1
krot-0025 - `MlumStaking::emergencyWithdraw` leads to loss in case of funds and not allows user to withdraw stake during emergency.

#660 sherlock-admin2 closed 4 months ago
1
quaternion - [Medium] Beginning the voting period can be delayed by miners in their interest (use of `block.timestamp` in `Voter::startNewVotingPeriod()` function)

#659 sherlock-admin4 closed 4 months ago
1
gkrastenov - Everyone can add an additional amount to an existing staking position

#658 sherlock-admin3 closed 4 months ago
0
dev0cloo - Improper Access Control of addToPosition() allows anyone to increase the position of any existing lsNFT

#657 sherlock-admin2 closed 4 months ago
0
KupiaSec - Incorrect calculation order in the `MlumStaking.addToPosition()` function when using `fee-on-transfer` tokens

#656 sherlock-admin4 closed 4 months ago
0
StraawHaat - A malicious user can manipulate the pool using a weird token similar to `cUSDCv3`

#655 sherlock-admin3 closed 4 months ago
0
neogranicen - Partial to total loss of user rewards in pools with high decimal tokens due to Truncation

#654 sherlock-admin2 closed 4 months ago
0
dhank - MlumStaking.sol :: Anyone can add to the stakedPosition resulting the lockTime of the actual owner to be extended to undefined time

#653 sherlock-admin4 closed 4 months ago
0
slowfi - Funds Can Get Stucked on `BribeRewarder` contract

#652 sherlock-admin3 closed 4 months ago
1
Pedro - Function calculates rewards incorrectly

#651 sherlock-admin2 closed 4 months ago
0
scammed - Tokens with high decimals will DoS the BribeRewarder contract

#650 sherlock-admin4 closed 4 months ago
18
neogranicen - User will lose all his secondary rewards if the extra rewarder gets updated while he is staking

#649 sherlock-admin3 closed 4 months ago
1
0xAadi - `ownerOf()` not defined in the `IMlumStaking` interface cause DoS on `Voter.vote()`

#648 sherlock-admin2 closed 4 months ago
0
0xAsen - Votes across different periods are accrued for reward calculations instead of kept separately for each period

#647 sherlock-admin4 closed 4 months ago
0
neogranicen - Wrong reward token calculation in MasterChefV2 Contract

#646 sherlock-admin3 closed 4 months ago
0
Pedro - Arithmetic underflow or overflow

#645 sherlock-admin2 closed 4 months ago
1
gkrastenov - Incorrect check of ownerOf for tokenId during voting

#644 sherlock-admin4 closed 4 months ago
0
Silvermist - Malicious user can manipulate reward calculations, preventing other users from receiving the correct amount of rewards

#643 sherlock-admin3 closed 4 months ago
0
neogranicen - MasterchefV2 exhibits inherent incompatibility issues with LB pools.

#642 sherlock-admin2 closed 4 months ago
9
blockchain555 - A malicious attacker can damage the bribe distribution function at low cost.

#641 sherlock-admin4 closed 4 months ago
0
FlyingBird - Wrong initialization of BaseRewarder will lead to assigning wrong owner

#640 sherlock-admin2 closed 4 months ago
1
dhank - MlumStaking.sol::position.lockMultiplier is wrongly calculated resulting the user to earn less rewards than deserved.

#639 sherlock-admin4 closed 4 months ago
0
LeFy - In MlumStaking.sol emergencyWithdraw(uint256 tokenId) does not update the pool before withdrawing

#638 sherlock-admin3 closed 4 months ago
0
slowfi - First Depositor Gets All Previous Rewards in `MlumStaking` contract

#637 sherlock-admin2 closed 4 months ago
0
neon2835 - The _requireOnlyOperatorOrOwnerOf function in the MlumStaking contract has a vulnerability, and users can bypass the judgment

#636 sherlock-admin4 closed 4 months ago
0
Yanev - revert in BribeRewarder.sol

#635 sherlock-admin3 closed 4 months ago
0
0xAadi - `IMasterChefRewarder` interface is not defined `onModify()` cause DoS on `MasterChefV2` contract

#634 sherlock-admin2 closed 4 months ago
1
neogranicen - A users lock time can be extended indefinitely by an attacker

#633 sherlock-admin4 closed 4 months ago
0
0xweebad - INCONSISTENT DATA LOCATION IN remainingLockTime() function in MLumStaking.sol contract MAY LEAD TO DISCREPANCIES

#632 sherlock-admin3 closed 4 months ago
1
HonorLt - Dishonest reward calculation when lum rate changes

#631 sherlock-admin2 closed 4 months ago
0
0xboriskataa - Attacker can withdraw all tokens deposited in a farm

#630 sherlock-admin4 closed 4 months ago
1
0xMAKEOUTHILL - Insufficient validation in `onModify` function

#629 sherlock-admin3 closed 4 months ago
1
Honour - Default _maxLockMultiplier exceeds the MAX_LOCK_MULTIPLIER_LIMIT

#628 sherlock-admin2 closed 4 months ago
0
dhank - Voter.sol::getVotesPerPeriod() is actually returning the votes of the period in a particular pool instead of the total votes in that period.

#627 sherlock-admin4 closed 4 months ago
1
Reentrants - MasterChefV2 does not account for FOT tokens

#626 sherlock-admin3 closed 4 months ago
0

Previous Next