sherlock-audit 2024-07-sense-points-marketplace-judging issues

sherlock-audit / 2024-07-sense-points-marketplace-judging

2 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Virtual Topaz Beaver - ### [G-1] Use predefined address instead of address(this)

#212 sherlock-admin2 closed 2 weeks ago
0
Virtual Topaz Beaver - [I-1] Licensing conflict on inherited dependencies

#211 sherlock-admin3 closed 2 weeks ago
2
Large Onyx Butterfly - `collectFees` can create a massive amount of events to the off chain system

#210 sherlock-admin4 closed 2 weeks ago
0
Narrow Quartz Raven - deployPToken allows PToken with arbitrary name and symbol to be deployed

#209 sherlock-admin2 closed 2 weeks ago
0
Narrow Quartz Raven - rewardsPerPToken should be sanitized to be nonzero, at setRedemption function

#208 sherlock-admin3 closed 2 weeks ago
0
Narrow Quartz Raven - There is a receive function without a withdraw function at PointTokenVault.sol

#207 sherlock-admin4 closed 2 weeks ago
0
Rhythmic Quartz Unicorn - {addBlockedModuleCall} can block the entire {RumpelModule.sol} contract, since there is no unblocking function

#206 sherlock-admin2 closed 2 weeks ago
0
Howling Marigold Elk - Gas optimization of setParam function in RumpelWalletFactory contract

#205 sherlock-admin3 closed 2 weeks ago
0
Cool Cream Rhino - Lack Of Total pTokens Minted Tracked

#204 sherlock-admin4 closed 2 weeks ago
0
Cool Cream Rhino - Fee Structure Might Lead To Higher Costs For Users

#203 sherlock-admin2 closed 2 weeks ago
0
Upbeat Berry Panther - Anyone can call deployPToken

#202 sherlock-admin3 closed 2 weeks ago
0
Upbeat Berry Panther - User can reenter PointTokenVault.redeemRewards function as it does not follow CEI

#201 sherlock-admin4 closed 2 weeks ago
0
Upbeat Berry Panther - RumpelGuard.supportsInterface can be restricted to pure

#200 sherlock-admin2 closed 2 weeks ago
0
Upbeat Berry Panther - User can reenter Deposit function as it does not follow CEI

#199 sherlock-admin3 closed 2 weeks ago
0
Clever Powder Ferret - Threshold of a new safe is not checked to be > 0 violating the spec

#198 sherlock-admin4 closed 2 weeks ago
0
Upbeat Berry Panther - If overflow/underflow is expected, cause a custom error to be invoked

#197 sherlock-admin2 closed 2 weeks ago
0
Upbeat Berry Panther - Solidity pragma compiler should be specific (remove ^)

#196 sherlock-admin3 closed 2 weeks ago
0
Howling Marigold Elk - Gas Optimization of convertRewardsToPTokens Function

#195 sherlock-admin4 closed 2 weeks ago
0
Clever Powder Ferret - Some reward tokens will be lost if the reward token is a rebasing token

#194 sherlock-admin2 closed 2 weeks ago
0
Clever Powder Ferret - The users are not able to get their pTokens if the root is expired which should not be the case

#193 sherlock-admin3 closed 2 weeks ago
0
Clever Powder Ferret - The protocol can receive ETH but there is no way to withdraw it from the contract

#192 sherlock-admin4 closed 2 weeks ago
0
Clever Powder Ferret - Tokens that are directly sent to the contract impact the cap value which should not be the case

#191 sherlock-admin2 closed 2 weeks ago
0
Petite Taffy Yeti - Minting point tokens for rewards does not restrict dust amount

#190 sherlock-admin3 closed 2 weeks ago
0
Petite Taffy Yeti - Ether deposited into the PointTokenVault contract is locked

#189 sherlock-admin4 closed 2 weeks ago
0
dhank - Users will have to pay extra fees due to wrong calculation of redemption fees

#188 sherlock-admin3 closed 1 week ago
0
Albort - The lack of access control in claimPTokens ()leads to a dust attack.

#187 sherlock-admin2 closed 1 week ago
0
0xLeveler - Users will not be able to redeem their entire balance of PTokens

#186 sherlock-admin4 closed 1 week ago
0
0x73696d616f - Malicious user will call `PointTokenVault::collectFees()` after a redemption was disabled to lose all `rewardTokenFeeAcc`

#185 sherlock-admin3 opened 2 weeks ago
30
Albort - Withdrawal Function Denial of Service (DoS)

#184 sherlock-admin2 closed 1 week ago
0
BitcoinEason - malicious user can use other user's proof to claimPTokens

#183 sherlock-admin4 closed 1 week ago
0
bareli - paymentReceiver should be a payable address

#182 sherlock-admin3 closed 1 week ago
0
gkrastenov - The admin can transfer the entire user's ETH balance

#181 sherlock-admin2 closed 1 week ago
0
Afriaudit - Arbitrary Deposit into Contract Can Cause DoS to User

#180 sherlock-admin4 closed 1 week ago
0
matejdb - feelesslyRedeemedPTokens mapping is not properly updated in redeemRewards function on PointTokenVault

#179 sherlock-admin3 closed 1 week ago
0
0xjoi - [H-1] "Attackers can fabricate balances for ERC20 tokens that don't yet exist, enabling them to set traps that could steal funds from users who interact with these tokens in the future."

#178 sherlock-admin2 closed 1 week ago
0
KupiaSec - The owner of the `RumpelWalletFactory` contract should be able to change the address of `compatibilityFallback`

#177 sherlock-admin4 closed 1 week ago
0
KupiaSec - The calculation of `fee` in `PointTokenVault.redeemRewards` function is unfair

#176 sherlock-admin3 closed 1 week ago
0
KupiaSec - `claimedPTokens` is accounted for incorrectly

#175 sherlock-admin2 closed 1 week ago
0
krot-0025 - `fee-on-transfer()` tokens will lead to loss of funds for the `PointTokenVault`.

#174 sherlock-admin4 closed 1 week ago
0
KupiaSec - Users can front-run the resetting of `RedemptionParams` to generate profit

#173 sherlock-admin3 closed 1 week ago
0
KupiaSec - The conversion of rewards to `PToken` is incorrect when the reward token has fewer than 18 decimals

#172 sherlock-admin2 closed 1 week ago
1
eta - Critical Exploit in `claimPTokens` Function Allows Unauthorized Token Claims via Misuse of `trustedClaimers`

#171 sherlock-admin4 closed 1 week ago
0
krot-0025 - Incorrect balance calculation for the `fee-on-transfer` tokens in the `PointTokenVault`.

#170 sherlock-admin3 closed 1 week ago
0
0xjoi - [M-3] Use of Solidity version 0.8.13 which has known issues applicable

#169 sherlock-admin2 closed 1 week ago
0
Flare - Incorrect Fee-Free pToken Calculation When `rewardsPerPToken ` Ratio Is Not 1:1

#168 sherlock-admin4 closed 1 week ago
1
Pewbhai - Contracts that can receive ether but cannot send it may lock value permanently.

#167 sherlock-admin3 closed 1 week ago
0
dimi6oni - Front-running Vulnerability in PToken Deployment Due to Predictable Deterministic Addressing

#166 sherlock-admin2 closed 1 week ago
0
Pewbhai - Contracts that can receive ether but cannot send it may lock value permanently.

#165 sherlock-admin3 closed 2 weeks ago
0
hunter_w3b - PointTokenVault contract can receive ETH but has no withdraw function for it.

#164 sherlock-admin2 closed 1 week ago
0
Pewbhai - Contracts that can receive ether but cannot send it may lock value permanently

#163 sherlock-admin3 closed 2 weeks ago
0