sherlock-audit 2024-06-velocimeter-judging issues

sherlock-audit / 2024-06-velocimeter-judging

11 stars 7 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

0xShoonya - Potential underflow in `RewardsDistributorV2.sol` due to Unsafe Casting

#617 sherlock-admin3 closed 3 months ago
1
hulkvision - The timestamp variable of a checkpoint is not initialized

#616 sherlock-admin2 closed 3 months ago
0
R-Nemes - User approved for a single token are not able to Merge or Withdraw

#615 sherlock-admin4 closed 3 months ago
0
sonny2k - DOS of withdrawals through filling the userPointHistory

#614 sherlock-admin3 closed 3 months ago
0
blackhole - Missing version in `DOMAIN_TYPEHASH` definition

#613 sherlock-admin2 closed 3 months ago
0
R-Nemes - Tokens are locked forever and claiming after lock duration is permanently DOSed if maxLock is enabled

#612 sherlock-admin4 closed 3 months ago
1
R-Nemes - Malicious user can flash loan to inflate their voting balance

#611 sherlock-admin3 closed 3 months ago
0
Chinmay - disabling max lock does not correctly reset maxLockIdToIndex leading to some tokenIDs permanently stuck

#610 sherlock-admin2 closed 3 months ago
0
sonny2k - Access Control Flaw in _burn Function Leads to Operational Disruption

#609 sherlock-admin4 closed 3 months ago
0
blackhole - Voting tokens may be lost when given to non-EOA accounts

#608 sherlock-admin3 closed 3 months ago
0
cu5t0mPe0 - A malicious user can reduce the value of an NFT before selling it

#607 sherlock-admin2 closed 2 months ago
4
sonny2k - Voters who withdraw ve tokens risk losing gained bribes rewards

#606 sherlock-admin4 closed 3 months ago
0
blackhole - Uninitialized checkpoint timestamp in VotingEscrow contract leads to incorrect distribution of delegated tokens

#605 sherlock-admin3 closed 3 months ago
0
AMOW - Malicious first liquidity provider can DoS a stable pair pool

#604 sherlock-admin2 closed 3 months ago
0
sonny2k - Wrong totalWeight in Voter.sol

#603 sherlock-admin4 closed 3 months ago
0
merlin - Pair.sol cannot deploy pools with non-string symbol() ERC20s

#602 sherlock-admin3 closed 3 months ago
0
bareli - delegateBySig allows the user to vote to address 0, which causes the user to permanently lose his vote and cannot transfer his NFT.

#601 sherlock-admin2 closed 3 months ago
0
cu5t0mPe0 - When calling `exercise*`, it is vulnerable to a sandwich attack

#600 sherlock-admin4 closed 3 months ago
0
Chinmay - Approved addresses cannot merge or withdraw from veLP NFTs because of conflicting checks

#599 sherlock-admin3 closed 3 months ago
0
0xShoonya - `DOMAIN_TYPEHASH` is wrongly calculated breaking `EIP-712`

#598 sherlock-admin2 closed 3 months ago
0
Chinmay - Point structure mismanagement Compromises Epoch Accuracy and leads to incorrect reward distributions

#597 sherlock-admin4 closed 2 months ago
4
blackhole - Unsafe casting in `RewardsDistributorV2` leads to incorrect reward distribution

#596 sherlock-admin3 closed 3 months ago
1
Chinmay - Incorrect reward distribution when t == roundedTimestamp in RewardsDistributor

#595 sherlock-admin2 closed 3 months ago
0
Chinmay - Unsafe casting of int to uint in RewardsDistributor

#594 sherlock-admin4 closed 3 months ago
1
FlyingBird - The veNFT owner is permanently unable to withdraw

#593 sherlock-admin3 closed 3 months ago
0
Audinarey - Incorrect evaluation of `point_history` from `VotingEscrow::_checkpoint(...)`

#592 sherlock-admin2 closed 3 months ago
0
sonny2k - Claimable gauge distributions are locked when killGaugeTotally is called

#591 sherlock-admin4 closed 3 months ago
0
Chinmay - Merging a max locked nft will always revert

#590 sherlock-admin3 closed 3 months ago
3
Ruhum - First depositor in stable pair can DOS pool

#589 sherlock-admin2 closed 3 months ago
0
sonny2k - Bribe and fee token emissions can be gamed by users

#588 sherlock-admin4 closed 3 months ago
0
StraawHaat - A malicious user can increase an honest user's NFT lock time to infinity

#587 sherlock-admin3 closed 3 months ago
0
Chinmay - If a max locked nft expires, it will be stuck forever

#586 sherlock-admin2 closed 3 months ago
7
0x11singh99 - Wrong `DOMAIN_TYPEHASH` used in calculating `domainSeparator` in `VotingEscrow::delegateBySig`, `EIP712` specification not followed.

#585 sherlock-admin4 closed 3 months ago
0
Nyx - DOS attack by delegating tokens

#584 sherlock-admin3 closed 3 months ago
0
sonny2k - RewardDistributorV2 claims can be DoSed through excess amount of userPoint creation

#583 sherlock-admin2 closed 3 months ago
0
bin2chen - _burn() overrestricts permissions

#582 sherlock-admin4 closed 3 months ago
0
sonny2k - _checkpoint_total_supply() can checkpoint before a timestamp is complete

#581 sherlock-admin3 closed 3 months ago
0
1nc0gn170 - Fee Claims Valid for NFTs Transferred to Zero Address

#580 sherlock-admin2 closed 3 months ago
0
PNS - `Voter.createGauge` will always revert for non-Velocimeter pairs

#579 sherlock-admin4 closed 3 months ago
3
sonny2k - Unsafe casting in RewardsDistributorV2 leads to underflow of ve_for_at

#578 sherlock-admin3 closed 3 months ago
1
bin2chen - disable_max_lock() user may can't disable max_lock

#577 sherlock-admin2 closed 3 months ago
0
Audinarey - Locks can be created for less than 1 epoch (1 WEEK)

#576 sherlock-admin4 closed 3 months ago
5
1nc0gn170 - `updatePeriod()` distributes a fixed amount of emissions, no matter how much time has passed since the last distribution.

#575 sherlock-admin3 closed 3 months ago
0
jah - the replace function doesn't properly replace the pair and gauge factory

#574 sherlock-admin2 closed 3 months ago
0
Hajime - `ownerOf()` implementation non-ERC721 compliant

#573 sherlock-admin4 closed 3 months ago
0
KingNFT - ````VotingEscrow._moveTokenDelegates()```` would work abnormally while called more than once for same ````Rep```` in one block

#572 sherlock-admin3 closed 3 months ago
0
sonny2k - RewardsDistributorV2.tokensPerWeek might be zero in some extreme cases

#571 sherlock-admin2 closed 3 months ago
1
Hajime - Expired locks can be used to claim rewards

#570 sherlock-admin4 closed 3 months ago
0
MSaptarshi - Users approved for a single token id cannot withdraw or merge for that token id

#569 sherlock-admin3 closed 3 months ago
0
bareli - distribute will fail in "voter contract".

#568 sherlock-admin2 closed 3 months ago
1

Previous Next