sherlock-audit 2024-10-gamma-rewarder-judging issues

sherlock-audit / 2024-10-gamma-rewarder-judging

7 stars 3 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Little Chocolate Turkey - Use Custom Revert Errors rather than `require()`

#255 sherlock-admin3 closed 2 weeks ago
0
Shaggy Clear Mallard - Incorrect parameter for `MAX_DISTRIBUTION_BLOCKS`

#254 sherlock-admin2 closed 2 weeks ago
0
Square Frost Bear - Protocol Fee Recipient Set to Zero Address Causes Contract Malfunction

#253 sherlock-admin3 closed 2 weeks ago
0
Late Navy Fly - The absence of information about the distribution index will make the user unable to call view functions that rely on the index

#252 sherlock-admin3 closed 2 weeks ago
0
Striped Opaque Pigeon - [INFO] createDistribution function should check if blocksPerEpoch is set

#251 sherlock-admin3 closed 2 weeks ago
0
Joyous Pistachio Lark - [L-13] Use of ecrecover is susceptible to signature malleability

#250 sherlock-admin3 closed 2 weeks ago
0
Uneven Cinnamon Lark - Missing Output Length Check in `decodeOutput` Function

#249 sherlock-admin2 closed 2 weeks ago
0
Joyous Pistachio Lark - [GAS-8] Use != 0 instead of > 0 for unsigned integer comparison

#248 sherlock-admin2 closed 2 weeks ago
0
Joyous Pistachio Lark - [GAS-7] Splitting require() statements that use && saves gas

#247 sherlock-admin4 closed 2 weeks ago
0
Joyous Pistachio Lark - [GAS-6] Using `private` rather than `public` for constants, saves gas

#246 sherlock-admin4 closed 2 weeks ago
0
Joyous Pistachio Lark - [GAS-5] Functions guaranteed to revert when called by normal users can be marked `payable`

#245 sherlock-admin4 closed 2 weeks ago
0
Joyous Pistachio Lark - [GAS-4] Long revert strings

#244 sherlock-admin3 closed 2 weeks ago
0
Joyous Pistachio Lark - [GAS-3] Use Custom Errors

#243 sherlock-admin3 closed 2 weeks ago
0
Joyous Pistachio Lark - [GAS-2] For Operations that will not overflow, you could use unchecked

#242 sherlock-admin3 closed 2 weeks ago
0
Joyous Pistachio Lark - [GAS-1] Using bools for storage incurs overhead

#241 sherlock-admin2 closed 2 weeks ago
0
Joyous Pistachio Lark - L-12 No Parameter Validation in Constructor

#240 sherlock-admin2 closed 2 weeks ago
0
Joyous Pistachio Lark - L-11 Unsafe Downcast

#239 sherlock-admin2 closed 2 weeks ago
0
Joyous Pistachio Lark - L-10 Reentrant functions which emit events after making an external call may lead to out-of-order events.

#238 sherlock-admin2 closed 2 weeks ago
0
Joyous Pistachio Lark - L-9 Shadowing state variables may lead to unintended behavior.

#237 sherlock-admin4 closed 2 weeks ago
0
Joyous Pistachio Lark - L-8 Using uninitialized state variables may lead to unexpected behavior.

#236 sherlock-admin4 closed 2 weeks ago
0
Joyous Pistachio Lark - L-7: PUSH0 is not supported by all chains

#235 sherlock-admin4 closed 2 weeks ago
0
Joyous Pistachio Lark - L-6: Event is missing `indexed` fields

#234 sherlock-admin3 closed 2 weeks ago
0
Joyous Pistachio Lark - L-5: Define and use `constant` variables instead of using literals

#233 sherlock-admin3 closed 2 weeks ago
0
Joyous Pistachio Lark - L-4: `public` functions not used internally could be marked `external`

#232 sherlock-admin3 closed 2 weeks ago
0
Joyous Pistachio Lark - L-3: Missing checks for `address(0)` when assigning values to address state variables

#231 sherlock-admin2 closed 2 weeks ago
0
Joyous Pistachio Lark - L-2: Solidity pragma should be specific, not wide

#230 sherlock-admin2 closed 2 weeks ago
0
Joyous Pistachio Lark - L-1: Centralization Risk for trusted owners ()

#229 sherlock-admin4 closed 2 weeks ago
0
Fancy Blonde Nuthatch - Setting blocks per epoch in setBlocksPerEpoch() should implement checks to ensure no excessive number is accidently inputted.

#228 sherlock-admin4 closed 2 weeks ago
0
Fancy Blonde Nuthatch - Core invariant broken due to USDC

#227 sherlock-admin4 closed 2 weeks ago
0
Sparkly Brick Wallaby - Claimers can potentially reuse Brevis proofs accross chains

#226 sherlock-admin3 closed 2 weeks ago
0
Sparkly Brick Wallaby - A few wei will be lost due to rounding when dividing by number of epochs

#225 sherlock-admin3 closed 2 weeks ago
0
Special Mercurial Elk - Library `Tx` in Lib.sol is never used

#224 sherlock-admin3 closed 2 weeks ago
0
Chilly Bamboo Cormorant - Potential Risks from Missing Validation and Input Checks in GammaRewarder Contract

#223 sherlock-admin3 closed 2 weeks ago
0
Chilly Bamboo Cormorant - Malicious Token Contract Could Exploit Non-CEI Pattern to Potentially Manipulate State in GammaRewarder

#222 sherlock-admin2 closed 2 weeks ago
0
Special Mercurial Elk - state variables "nonces" and "distributions" can be avoided

#221 sherlock-admin2 closed 2 weeks ago
0
Special Mercurial Elk - user can create a Distribution with fee = 0

#220 sherlock-admin2 closed 2 weeks ago
0
Albort - {actor} will {impact} {affected party}

#219 sherlock-admin3 opened 2 weeks ago
0
Taiger4526 - Unauthorized Reward Claim via `brevisCallback` Call

#218 sherlock-admin4 opened 2 weeks ago
0
MaslarovK - Broken Rewards Distribution Logic in `GammaRewarder.sol`

#217 sherlock-admin2 opened 2 weeks ago
0
MohammedRizwan - `blocksPerEpoch` can be set to any value which is against intended design i.e 6 hours - 1 day blocks duration

#216 sherlock-admin3 opened 2 weeks ago
0
tmotfl - potential funds locked due to precsion loss and flawed design

#215 sherlock-admin4 opened 2 weeks ago
0
ni8mare - Duration of a distribution can be greater than 4 weeks.

#214 sherlock-admin2 opened 2 weeks ago
0
Artur - Partial Claim Prevents User from Withdrawing Full Reward Amount

#213 sherlock-admin3 opened 2 weeks ago
0
Artur - Claim Restriction Prevents Users from Claiming Multiple Epochs

#212 sherlock-admin4 opened 2 weeks ago
0
KupiaSec - Change of `blocksPerEpoch` cause old distributions denied to be claimed

#211 sherlock-admin2 opened 2 weeks ago
0
joshuajee - The `handleProofResult` function doesn't keep track of the amount that has been claimed in a distribution, this will lead to a particular distribution claiming more funds than what was deposited.

#210 sherlock-admin3 opened 2 weeks ago
0
KupiaSec - Missing implementation on invariant: Total distributed rewards must match initial deposit minus protocol fees

#209 sherlock-admin4 opened 2 weeks ago
0
sweven - No emergency withdrawal mechanism is implemented in the contract.

#208 sherlock-admin2 opened 2 weeks ago
0
KupiaSec - Missing implementation on invariant: Users cannot claim more rewards than allocated per distribution period

#207 sherlock-admin3 opened 2 weeks ago
0
Albort - Removing a Token Causes Rewards to Be Unclaimable

#206 sherlock-admin4 opened 2 weeks ago
0