issues
search
sherlock-audit
/
2024-07-sense-points-marketplace-judging
2
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Virtual Topaz Beaver - ### [G-1] Use predefined address instead of address(this)
#212
sherlock-admin2
closed
2 weeks ago
0
Virtual Topaz Beaver - [I-1] Licensing conflict on inherited dependencies
#211
sherlock-admin3
closed
2 weeks ago
2
Large Onyx Butterfly - `collectFees` can create a massive amount of events to the off chain system
#210
sherlock-admin4
closed
2 weeks ago
0
Narrow Quartz Raven - deployPToken allows PToken with arbitrary name and symbol to be deployed
#209
sherlock-admin2
closed
2 weeks ago
0
Narrow Quartz Raven - rewardsPerPToken should be sanitized to be nonzero, at setRedemption function
#208
sherlock-admin3
closed
2 weeks ago
0
Narrow Quartz Raven - There is a receive function without a withdraw function at PointTokenVault.sol
#207
sherlock-admin4
closed
2 weeks ago
0
Rhythmic Quartz Unicorn - {addBlockedModuleCall} can block the entire {RumpelModule.sol} contract, since there is no unblocking function
#206
sherlock-admin2
closed
2 weeks ago
0
Howling Marigold Elk - Gas optimization of setParam function in RumpelWalletFactory contract
#205
sherlock-admin3
closed
2 weeks ago
0
Cool Cream Rhino - Lack Of Total pTokens Minted Tracked
#204
sherlock-admin4
closed
2 weeks ago
0
Cool Cream Rhino - Fee Structure Might Lead To Higher Costs For Users
#203
sherlock-admin2
closed
2 weeks ago
0
Upbeat Berry Panther - Anyone can call deployPToken
#202
sherlock-admin3
closed
2 weeks ago
0
Upbeat Berry Panther - User can reenter PointTokenVault.redeemRewards function as it does not follow CEI
#201
sherlock-admin4
closed
2 weeks ago
0
Upbeat Berry Panther - RumpelGuard.supportsInterface can be restricted to pure
#200
sherlock-admin2
closed
2 weeks ago
0
Upbeat Berry Panther - User can reenter Deposit function as it does not follow CEI
#199
sherlock-admin3
closed
2 weeks ago
0
Clever Powder Ferret - Threshold of a new safe is not checked to be > 0 violating the spec
#198
sherlock-admin4
closed
2 weeks ago
0
Upbeat Berry Panther - If overflow/underflow is expected, cause a custom error to be invoked
#197
sherlock-admin2
closed
2 weeks ago
0
Upbeat Berry Panther - Solidity pragma compiler should be specific (remove ^)
#196
sherlock-admin3
closed
2 weeks ago
0
Howling Marigold Elk - Gas Optimization of convertRewardsToPTokens Function
#195
sherlock-admin4
closed
2 weeks ago
0
Clever Powder Ferret - Some reward tokens will be lost if the reward token is a rebasing token
#194
sherlock-admin2
closed
2 weeks ago
0
Clever Powder Ferret - The users are not able to get their pTokens if the root is expired which should not be the case
#193
sherlock-admin3
closed
2 weeks ago
0
Clever Powder Ferret - The protocol can receive ETH but there is no way to withdraw it from the contract
#192
sherlock-admin4
closed
2 weeks ago
0
Clever Powder Ferret - Tokens that are directly sent to the contract impact the cap value which should not be the case
#191
sherlock-admin2
closed
2 weeks ago
0
Petite Taffy Yeti - Minting point tokens for rewards does not restrict dust amount
#190
sherlock-admin3
closed
2 weeks ago
0
Petite Taffy Yeti - Ether deposited into the PointTokenVault contract is locked
#189
sherlock-admin4
closed
2 weeks ago
0
dhank - Users will have to pay extra fees due to wrong calculation of redemption fees
#188
sherlock-admin3
closed
1 week ago
0
Albort - The lack of access control in claimPTokens ()leads to a dust attack.
#187
sherlock-admin2
closed
1 week ago
0
0xLeveler - Users will not be able to redeem their entire balance of PTokens
#186
sherlock-admin4
closed
1 week ago
0
0x73696d616f - Malicious user will call `PointTokenVault::collectFees()` after a redemption was disabled to lose all `rewardTokenFeeAcc`
#185
sherlock-admin3
opened
2 weeks ago
30
Albort - Withdrawal Function Denial of Service (DoS)
#184
sherlock-admin2
closed
1 week ago
0
BitcoinEason - malicious user can use other user's proof to claimPTokens
#183
sherlock-admin4
closed
1 week ago
0
bareli - paymentReceiver should be a payable address
#182
sherlock-admin3
closed
1 week ago
0
gkrastenov - The admin can transfer the entire user's ETH balance
#181
sherlock-admin2
closed
1 week ago
0
Afriaudit - Arbitrary Deposit into Contract Can Cause DoS to User
#180
sherlock-admin4
closed
1 week ago
0
matejdb - feelesslyRedeemedPTokens mapping is not properly updated in redeemRewards function on PointTokenVault
#179
sherlock-admin3
closed
1 week ago
0
0xjoi - [H-1] "Attackers can fabricate balances for ERC20 tokens that don't yet exist, enabling them to set traps that could steal funds from users who interact with these tokens in the future."
#178
sherlock-admin2
closed
1 week ago
0
KupiaSec - The owner of the `RumpelWalletFactory` contract should be able to change the address of `compatibilityFallback`
#177
sherlock-admin4
closed
1 week ago
0
KupiaSec - The calculation of `fee` in `PointTokenVault.redeemRewards` function is unfair
#176
sherlock-admin3
closed
1 week ago
0
KupiaSec - `claimedPTokens` is accounted for incorrectly
#175
sherlock-admin2
closed
1 week ago
0
krot-0025 - `fee-on-transfer()` tokens will lead to loss of funds for the `PointTokenVault`.
#174
sherlock-admin4
closed
1 week ago
0
KupiaSec - Users can front-run the resetting of `RedemptionParams` to generate profit
#173
sherlock-admin3
closed
1 week ago
0
KupiaSec - The conversion of rewards to `PToken` is incorrect when the reward token has fewer than 18 decimals
#172
sherlock-admin2
closed
1 week ago
1
eta - Critical Exploit in `claimPTokens` Function Allows Unauthorized Token Claims via Misuse of `trustedClaimers`
#171
sherlock-admin4
closed
1 week ago
0
krot-0025 - Incorrect balance calculation for the `fee-on-transfer` tokens in the `PointTokenVault`.
#170
sherlock-admin3
closed
1 week ago
0
0xjoi - [M-3] Use of Solidity version 0.8.13 which has known issues applicable
#169
sherlock-admin2
closed
1 week ago
0
Flare - Incorrect Fee-Free pToken Calculation When `rewardsPerPToken ` Ratio Is Not 1:1
#168
sherlock-admin4
closed
1 week ago
1
Pewbhai - Contracts that can receive ether but cannot send it may lock value permanently.
#167
sherlock-admin3
closed
1 week ago
0
dimi6oni - Front-running Vulnerability in PToken Deployment Due to Predictable Deterministic Addressing
#166
sherlock-admin2
closed
1 week ago
0
Pewbhai - Contracts that can receive ether but cannot send it may lock value permanently.
#165
sherlock-admin3
closed
2 weeks ago
0
hunter_w3b - PointTokenVault contract can receive ETH but has no withdraw function for it.
#164
sherlock-admin2
closed
1 week ago
0
Pewbhai - Contracts that can receive ether but cannot send it may lock value permanently
#163
sherlock-admin3
closed
2 weeks ago
0
Next