sherlock-audit 2024-06-velocimeter-judging issues

sherlock-audit / 2024-06-velocimeter-judging

11 stars 7 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Audinarey - The First liquidity provider of a stable pair can DOS the pool

#667 sherlock-admin2 closed 3 months ago
0
sonny2k - VotingEscrow::increase_unlock_time - It's possible for voters to update their vote tokens unlock time as many times as they wish beyond the 365 day MAX limit, violating protocol invariant.

#666 sherlock-admin3 closed 3 months ago
1
Avci - users can increase their lock times more than maximum limit of 52 weeks

#665 sherlock-admin3 closed 3 months ago
1
hulkvision - Inflated voting balance due to duplicated veNFTs within a checkpoint

#664 sherlock-admin2 closed 3 months ago
0
neon2835 - The circulating_supply() of the Minter contract may revert, resulting in the inability of the Minter to periodically emit Flow tokens

#663 sherlock-admin4 opened 3 months ago
5
gkrastenov - The total supply of VotingEscrow contract can be inflated

#662 sherlock-admin3 closed 3 months ago
0
Varun_19 - Wrong voting balance due to duplicated veNFTs within a checkpoint

#661 sherlock-admin2 closed 3 months ago
0
Mansa11 - User can bypass gauge detachment through withdrawals

#660 sherlock-admin4 closed 3 months ago
0
hulkvision - First liquidity provider of a stable pair can DOS the pool

#659 sherlock-admin3 closed 3 months ago
0
MohammedRizwan - `balanceOfNFTAt()` in `VotingEscrow.sol` does not implement flashloan protection similar to `balanceOfNFT()` function

#658 sherlock-admin2 closed 3 months ago
0
neon2835 - The mechanism of using oFlow as the reward token in GaugeV4 may be bypassed, and users may directly receive Flow tokens from GaugeV4

#657 sherlock-admin4 closed 3 months ago
3
KupiaSec - Individual user can attach only one veNFT token to a gauge

#656 sherlock-admin3 closed 3 months ago
1
blackhole - Desync between bribes being paid and gauge distribution allows voters to receive bribes without triggering emissions

#655 sherlock-admin2 closed 3 months ago
1
Audinarey - Unsafe casting in `RewardsDistributorV2` leads to underflow when calculating rewards

#654 sherlock-admin4 closed 3 months ago
0
MohammedRizwan - Unsafe casting in `RewardsDistributorV2.sol` would lead to underflow in some functions

#653 sherlock-admin3 closed 3 months ago
1
Varun_19 - Unsafe casting in RewardsDistributorV2 leads to underflow of veForAt

#652 sherlock-admin2 closed 3 months ago
1
StraawHaat - A malicious user can create duplicated `veNFTs` within a checkpoint when the `VotingEscrow._moveTokenDelegates` function is called multiple times within the same block

#651 sherlock-admin4 closed 3 months ago
0
blackhole - Missing check if the caller is the gauge in detachTokenFromGauge function leads to unable to withdraw tokens in GaugeV4.withdrawToken

#650 sherlock-admin3 closed 3 months ago
0
bughuntoor - User will lose all their unclaimed rewards once their lock expires

#649 sherlock-admin2 closed 2 months ago
20
eeyore - Off-by-One error in the `RewardsDistributorV2._checkpoint_total_supply()` leading to incorrect reward calculation.

#648 sherlock-admin4 closed 3 months ago
0
Audinarey - `ownershipChange` can be by passed to perform flashloan attack

#647 sherlock-admin3 closed 3 months ago
0
Varun_19 - timestamp of a checkpoint is never initialized

#646 sherlock-admin2 closed 3 months ago
0
Chinmay - First liquidity provider of a stable pair can DOS the pool

#645 sherlock-admin4 closed 3 months ago
0
MohammedRizwan - Claimable gauge distributions are locked when `killGaugeTotally()` is called in `Voter.sol`

#644 sherlock-admin3 closed 3 months ago
0
StraawHaat - DOS attack by delegating many tokens

#643 sherlock-admin2 closed 3 months ago
0
KupiaSec - Vulnerability in `OptionTokenV4::exerciseLp` Function Enabling Malicious Lock Manipulation

#642 sherlock-admin4 closed 3 months ago
0
KupiaSec - Malicious user can increase the reward duration

#641 sherlock-admin3 closed 3 months ago
0
KupiaSec - EIP712 is broken in the `VotingEscrow::DOMAIN_TYPEHASH`

#640 sherlock-admin2 closed 3 months ago
0
KupiaSec - Inconsistency between `VotingEscrow::balanceOfNFT` and `VotingEscrow::balanceOfNFTAt`

#639 sherlock-admin4 closed 3 months ago
0
KupiaSec - Lack of the access control in the `Voter::detachTokenFromGauge` function

#638 sherlock-admin3 closed 3 months ago
0
KupiaSec - The `Voter.killGaugeTotally` function lock theh claimable gauge distributions in the `Voter` contract

#637 sherlock-admin2 closed 3 months ago
0
KupiaSec - Loss of funds when gauge is paused

#636 sherlock-admin4 closed 3 months ago
0
KupiaSec - Casting to `uint` in `RewardDistributorV2::ve_for_at` is not safe

#635 sherlock-admin3 closed 3 months ago
1
KupiaSec - Precision Loss in the `Voter._vote` function

#634 sherlock-admin2 closed 3 months ago
0
KupiaSec - User can duplicate veNFT tokens in a checkpoint variable

#633 sherlock-admin4 closed 3 months ago
0
KupiaSec - No recording timestamp in `VotingEscrow._moveTokenDelegates` function

#632 sherlock-admin3 closed 3 months ago
0
KupiaSec - Anyone can break the constant product by minting into `Pair` directly

#631 sherlock-admin2 closed 3 months ago
1
hulkvision - Claimable gauge distributions are locked when killGaugeTotally and pauseGauge is called

#630 sherlock-admin4 closed 3 months ago
0
Audinarey - `point_history` bias is updated with stale slope value everytime in `VotingEscrow:: _checkpoint(...)`

#629 sherlock-admin3 closed 3 months ago
0
FlyingBird - A malicious actor can lock any tokenId forever by repeatedly calling Votingescrow : max_lock() just before its lock ends.

#628 sherlock-admin2 closed 3 months ago
1
dany.armstrong90 - `VotingEscrow.sol#_balanceOfNFT` function calculates past balance of NFT incorrectly.

#627 sherlock-admin4 closed 3 months ago
0
StraawHaat - The `_isApprovedOrOwner()` function calls `max_lock()` by mistake and thus DoS the entire protocol

#626 sherlock-admin3 closed 3 months ago
0
MohammedRizwan - Incorrect `DOMAIN_TYPEHASH` used in `VotingEscrow.sol`

#625 sherlock-admin2 closed 3 months ago
0
Yuriisereda - Updating _totalweight does not work int the else case.

#624 sherlock-admin4 closed 3 months ago
0
hulkvision - Inconsistent between balanceOfNFT, balanceOfNFTAt and _balanceOfNFT functions

#623 sherlock-admin3 closed 3 months ago
0
dev0cloo - Incorrect Logic in _isApprovedOrOwner() Function Leads to Unintended Lock Extension, Allows Lock Manipulation and Prevents Expired Lock Withdrawals

#622 sherlock-admin2 closed 2 months ago
1
StraawHaat - Block split check can be easily bypassed

#621 sherlock-admin4 closed 3 months ago
0
Sentryx - Exercising to LP can be manipulated

#620 sherlock-admin3 closed 3 months ago
0
bareli - split will not work when "amount" is equal to "value"

#619 sherlock-admin2 closed 3 months ago
1
FlyingBird - An veNFT owner/approved address can override the expiry date by calling increase_amount()

#618 sherlock-admin4 closed 3 months ago
0

Previous Next