sherlock-audit 2024-06-velocimeter-judging issues

sherlock-audit / 2024-06-velocimeter-judging

11 stars 7 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Breezy Chrome Baboon - DOMAIN_TYPEHASH is wrongly implemented

#717 sherlock-admin4 closed 4 months ago
0
High Holographic Tortoise - Gauge can be updated by unintended users

#716 sherlock-admin4 closed 4 months ago
0
Round Opal Kestrel - "_reset" function can be optimized.

#715 sherlock-admin4 closed 4 months ago
0
Atomic Tortilla Falcon - loss of precision when `_weights[i]` is small compared to `_totalVoteWeight`

#714 sherlock-admin4 closed 4 months ago
0
Able Gingham Manatee - Pair price may be manipulated by direct transfers to attack 3rd party protocols that may integrate with velocimeter in the future

#713 sherlock-admin4 closed 4 months ago
0
Mammoth Powder Moose - The return value of the `Voter.sol::factoryLength` function will never be decreased due to the form of removal in the code, which sets an address to 0 instead of removing it from the array.

#712 sherlock-admin4 closed 4 months ago
0
Funny Merlot Yeti - _update function from Pair.sol can overflow for some ERC20 tokens

#711 sherlock-admin4 closed 4 months ago
0
Funny Merlot Yeti - Similar functions from VotingEscrow have different permissions

#710 sherlock-admin4 closed 4 months ago
0
Square Arctic Chicken - `distribute()` will revert if there is at least one killed gauge in the protocol

#709 sherlock-admin4 closed 4 months ago
0
Funny Merlot Yeti - Logic issue in the _burn function of VotingEscrow

#708 sherlock-admin4 closed 4 months ago
0
Funny Merlot Yeti - Public checkpoint function from VotingEscrow performs state changes

#707 sherlock-admin4 closed 4 months ago
0
Dandy Shamrock Sheep - Unnecessary Type Casting

#706 sherlock-admin4 closed 4 months ago
0
Dandy Shamrock Sheep - Reinitialization Vulnerability

#705 sherlock-admin4 closed 4 months ago
0
Noisy Chrome Beaver - Potential Bypass of Contract Check in safeTransferFrom Allows Transfers to Unverified Recipients

#704 sherlock-admin4 closed 4 months ago
0
Funny Merlot Yeti - ownership_change state is not migrated to split NFTs in VotingEscrow

#703 sherlock-admin4 closed 4 months ago
0
Mammoth Powder Moose - activeGaugeNumber will not be incremented

#702 sherlock-admin4 closed 4 months ago
0
Decent Mandarin Pangolin - The user doesn't get the unused paymentToken refund if the UniswapV2 slipped during addLiquidity

#701 sherlock-admin4 closed 4 months ago
0
Careful Wooden Caribou - ecrecover is vulnerable to signature mallebality

#700 sherlock-admin4 closed 4 months ago
0
Careful Wooden Caribou - proxyGauge::getReward(...) is not implemented

#699 sherlock-admin4 closed 4 months ago
0
Helpful Raisin Fox - Unsafe Use of 'transfer()'/'transferFrom()' on ERC20

#698 sherlock-admin4 closed 4 months ago
0
Sleepy Lace Nightingale - Burn Function is not a prerequisite in ERC20 token standard.

#697 sherlock-admin4 closed 4 months ago
0
Lone Oily Rooster - Missing View Modifier in `isApprovedOrOwner` Function

#696 sherlock-admin4 closed 4 months ago
0
Active Lace Hippo - `Minter` Calculates Team Emissions Incorrectly

#695 sherlock-admin4 closed 4 months ago
0
Active Lace Hippo - Missing Access Controls On `GaugeFactory::createGauge`

#694 sherlock-admin4 closed 4 months ago
0
Petite Flint Nuthatch - `Voter`::`emitWithdraw()` lacks of access control

#693 sherlock-admin4 closed 4 months ago
0
cu5t0mPe0 - aaaa

#692 sherlock-admin4 closed 3 months ago
1
sonny2k - Griefing an account from getting votes delegated to it

#691 sherlock-admin4 closed 3 months ago
0
0xShoonya - First liquidity provider of a stable pair can DOS the pool

#690 sherlock-admin4 closed 3 months ago
0
hulkvision - Users can call `reset` on their token even if they don't have active votes, griefing potential token buyer/receiver

#689 sherlock-admin4 closed 3 months ago
1
Minato7namikazi - missed check for the `MAX_REWARD_TOKENS` limit

#688 sherlock-admin4 closed 3 months ago
1
Varun_19 - The current value of a Pair is not always returning a 30-minute TWAP and can be manipulated

#687 sherlock-admin4 closed 3 months ago
1
Minato7namikazi - logic bug in `notifyRewardAmount` function

#686 sherlock-admin4 closed 3 months ago
0
0xStarBlaze - Potential Loss of Locked Funds on Re-deposit in `depositWithLock`

#685 sherlock-admin4 closed 3 months ago
0
Varun_19 - RewardDistributor caching totalSupply leading to incorrect reward calculation

#684 sherlock-admin4 closed 3 months ago
0
dev0cloo - Claimable rewards are permanently locked in Voter.sol when `killGaugeTotally()` is called

#683 sherlock-admin4 closed 3 months ago
0
sonny2k - rewards are lost when merging and withdrawing tokens because the rewards are not claimed before burning the token

#682 sherlock-admin4 closed 3 months ago
0
Minato7namikazi - critical missed check in the `expire()` function:

#681 sherlock-admin2 closed 3 months ago
1
0xShoonya - `deposit_For` function in `VotingEscrow.sol` accepts NFTs of all types including locked and managed

#680 sherlock-admin3 closed 3 months ago
0
gkrastenov - Delegating votes to address(0) causes permanent loss of votes and NFT transfer issues

#679 sherlock-admin2 closed 3 months ago
1
0xNazgul - `VotingEscrow` Can Have Inflated Supply

#678 sherlock-admin3 closed 3 months ago
0
Minato7namikazi - logic bug in calculation and handling of the `paymentAmount` and `paymentAmountToAddLiquidity`.

#677 sherlock-admin2 closed 3 months ago
0
KupiaSec - Users can't claim rewards when `totalWeight` is zero

#676 sherlock-admin3 closed 3 months ago
0
1nc0gn170 - No mechanism is implemented to withdraw accured fees in Voting Escrow & Gauge

#675 sherlock-admin2 closed 3 months ago
0
FlyingBird - Restarting the gauge after killing it will make some important functions to revert

#674 sherlock-admin3 closed 3 months ago
1
Varun_19 - _burn function will always revert even if the caller is the approved spender

#673 sherlock-admin2 closed 3 months ago
0
Avci - Depositing a small amount of tokens to `VotingEscrow` contract is not accounted

#672 sherlock-admin3 closed 3 months ago
1
MohammedRizwan - `Checkpoint`'s `timestamp` variable is not initialized in `VotingEscrow.sol`

#671 sherlock-admin2 closed 3 months ago
0
sonny2k - Arithmetic Error risk in VotingEscrow::_find_block_epoch() function

#670 sherlock-admin3 closed 3 months ago
0
Avci - Approved users wouldn't be able to merge tokens

#669 sherlock-admin2 closed 3 months ago
0
Mansa11 - Incorrect assigning of lock duration for an LpDiscount

#668 sherlock-admin3 closed 3 months ago
1