SUMMARY.md

Table of contents

• README
• Alchemix
  • 30555 - [SC - Low] Precision loss when calculating the FLUX amount...
  • 30556 - [SC - Low] Past defeated proposals may become executable i...
  • 30565 - [SC - Low] veALCX does not comply with ERC breaking compos...
  • 30584 - [SC - Insight] Invalid check to make sure Minter is already in...
  • 30592 - [SC - Medium] DOS attack by delegating tokens at MAX_DELEGATE...
  • 30598 - [SC - Low] Access Control Flaw in _burn Function Leads to ...
  • 30613 - [SC - Medium] malicious user can front run any call to the sw...
  • 30634 - [SC - Critical] Unauthorized minting of unlimited FLUX in tran...
  • 30650 - [SC - Critical] Infinite minting of FLUX through voterpoke
  • 30651 - [SC - Critical] Insolvency in RevenueHandlersol because unclaim...
  • 30655 - [SC - Critical] Binary search does not correctly handle duplica...
  • 30667 - [SC - Medium] Unlimited gauge numbers can DoS users distribut...
  • 30671 - [SC - Critical] Reward token permanent freeze due to bulk call ...
  • 30682 - [SC - Critical] Insufficient slippage control in RevenueHandler...
  • 30683 - [SC - Critical] User can increase their unclaimed Flux token wi...
  • 30685 - [SC - Medium] The proposer can be impeded from submitting a p...
  • 30694 - [SC - Low] Users approved for a single token id cannot wit...
  • 30699 - [SC - High] Permanent freezing of unclaimed ALCX yield when...
  • 30704 - [SC - Medium] Griefing an account from getting votes delegate...
  • 30708 - [SC - Low] treasuryPct can be exceeded than BPS due to inc...
  • 30710 - [SC - Insight] The execution of the proposal has no expiration
  • 30711 - [SC - Low] The result of the AggregatorVInterface is not v...
  • 30781 - [SC - Low] It is possible to lower the quorum requirements...
  • 30788 - [SC - Critical] User can increase their unclaimed Flux token wi...
  • 30800 - [SC - Critical] Stealing FLUX by claiming then merging position...
  • 30814 - [SC - Critical] Wrong calculation of boost amount in Voterpoke
  • 30818 - [SC - Low] division before multiplication in theamountToRa...
  • 30825 - [SC - Critical] Users can get unlimited amounts of Flux tokens
  • 30826 - [SC - High] ALCK rewards are lost when merging tokens becau...
  • 30860 - [SC - Critical] Wrong timestamp for totalVoting
  • 30886 - [SC - Medium] Wrong totalWeight in Votersol
  • 30898 - [SC - Critical] Call the deposit function before the distribute...
  • 30906 - [SC - Critical] Voterpoke can be called at will leading to a us...
  • 30910 - [SC - High] Processing of voting results is not implemented...
  • 30918 - [SC - Insight] Incorrect implementation of ownerOf makes veALC...
  • 30919 - [SC - Critical] Front running of pokeTokens could lead to loss ...
  • 30920 - [SC - Low] User loses access to claims after merging of to...
  • 30921 - [SC - Low] Referential assignment causes incorrect block i...
  • 30922 - [SC - High] DOS of withdrawals through filling the userPoin...
  • 30925 - [SC - Critical] Manipulation of governance voting result by unl...
  • 30926 - [SC - Low] AlchemixGovernor updates to quorum can affect p...
  • 30939 - [SC - Critical] Misuse of curve pool calls results for precisio...
  • 30951 - [SC - Low] Incorrect ownerOf implementation makes veALCX n...
  • 30959 - [SC - Insight] Immutable gauges can break the state of the vot...
  • 30972 - [SC - Critical] Theft of unclaimed yield of the revenue in the ...
  • 30973 - [SC - Low] Incorrect Validation of treasuryPct in the Reve...
  • 30985 - [SC - Medium] Griefing attack prevents admins from disabling ...
  • 30990 - [SC - Critical] Users can use Voterpoke to accrue Flux tokens i...
  • 30992 - [SC - Insight] Inconsistent State Missing Event Emission in Fl...
  • 30999 - [SC - Critical] An edge-case mints times more FLUX than it should
  • 31008 - [SC - High] Alcx rewards are permanently frozen when two to...
  • 31042 - [SC - High] Claiming alchemic-token rewards can fail for so...
  • 31071 - [SC - Critical] User can steal bribes and prevent other users f...
  • 31076 - [SC - Critical] checkpointTotalSupply can checkpoint before a t...
  • 31077 - [SC - Critical] RevenueHandler counts unclaimed tokens as new r...
  • 31078 - [SC - High] withdraw doesnt claim all rewards before burnin...
  • 31079 - [SC - Critical] Claiming bribes for epochs you didnt vote for l...
  • 31080 - [SC - Insight] DoS in startCooldown when users want start cool...
  • 31082 - [SC - Critical] Expired locks can be used to claim rewards
  • 31085 - [SC - Critical] Malicious users can front-run the distribution ...
  • 31087 - [SC - Low] Colition between approve and _isApprovedOrOwner...
  • 31112 - [SC - Critical] Bribesolwithdraw doesnt update the totalVotings...
  • 31141 - [SC - Critical] Permanent freezing of unclaimed yield of reward...
  • 31149 - [SC - Critical] Manipulation of governance voting result by unl...
  • 31151 - [SC - Medium] Delegation Saturation Leading to Asset Freezing...
  • 31163 - [SC - Critical] Malicious actor can acquire bribe rewards by bl...
  • 31184 - [SC - Critical] Deflating the total amount of votes in a checkp...
  • 31189 - [SC - High] Voting algorithm does not apply maximum availab...
  • 31196 - [SC - Critical] Voterpoke does not check lastVoted resulting in...
  • 31198 - [SC - Critical] VotingEscrowmerge does not check whether the _f...
  • 31199 - [SC - Critical] Users might receive less rewars token after Vot...
  • 31211 - [SC - Critical] Inflation Of Total Votes and Potential Freeze o...
  • 31222 - [SC - Critical] Unlimited Flux minting
  • 31223 - [SC - Critical] Disproportionate Rewards Manipulation in Bribesol
  • 31226 - [SC - Insight] Missing Revert Message in require statement lea...
  • 31234 - [SC - Medium] Alchemix BlockSlope variable in checkpoint rou...
  • 31242 - [SC - Critical] RevenueHandlercheckpoint allows users to claim ...
  • 31249 - [SC - Critical] malicious user can back-run Voterdistribute to ...
  • 31253 - [SC - Critical] RevenueHandlercheckpoint isnt correctly
  • 31258 - [SC - High] Loss of Unclaimed Bribes After Burning veALCX T...
  • 31263 - [SC - Critical] RevenueHandlercheckpoint counts unclaimed rewar...
  • 31264 - [SC - Insight] Multiple Reports QALowOOS Medium
  • 31272 - [SC - Low] Approved user cant merge tokens not approved fo...
  • 31276 - [SC - High] BPT can be locked for only week resulting in u...
  • 31277 - [SC - Insight] The user can propose with less voting power tha...
  • 31280 - [SC - Critical] Malicious user can mint unlimited flux tokens
  • 31281 - [SC - Low] Approved spender cannot withdraw or merge
  • 31284 - [SC - Insight] cancel should allow to cancel the proposal of t...
  • 31293 - [SC - High] Voters who withdraw veLACX tokens risk losing g...
  • 31295 - [SC - High] Newly created gauge may missed out on its rewards
  • 31298 - [SC - Medium] Anyone can let users delegates reach the upper ...
  • 31309 - [SC - Critical] slippage protection is inaccurate
  • 31326 - [SC - High] Precision loss causes minor loss of FLUX when c...
  • 31329 - [SC - Critical] Attacker can gain infinitive FLUX by repeating ...
  • 31335 - [SC - High] getActualSupply should be used instead of total...
  • 31355 - [SC - Low] Past Defeated Proposals Can Be Executed in the ...
  • 31375 - [SC - Critical] Lack of Access control in poke function allows ...
  • 31377 - [SC - Critical] Stucked yield tokens upon withdrawal of votes f...
  • 31380 - [SC - High] FluxTokencalculateBPT uses wrong algorithm caus...
  • 31381 - [SC - Low] Alchemix Incorrect Initialisation of struct in...
  • 31382 - [SC - High] VotingEscrowupdateUnlockTime - Its possible for...
  • 31383 - [SC - Low] price feeds sanity checks isnt correct in funct...
  • 31385 - [SC - Low] RewardsDistributortokensPerWeek might be zero i...
  • 31386 - [SC - Critical] Malicious user can steal FLUX token by abusing ...
  • 31388 - [SC - Critical] Vulnerability in the poke function of Voting co...
  • 31390 - [SC - High] Precision Loss in FluxTokensolgetClaimableFlux
  • 31397 - [SC - Critical] In Bribesol _writeVotingCheckpoint isnt called ...
  • 31399 - [SC - High] RewardDistributor claims can be DoSed through e...
  • 31407 - [SC - Insight] Alchemist is given over Allowance through Reven...
  • 31408 - [SC - Critical] Killed Gauge continue to accrue and steal rewar...
  • 31409 - [SC - Critical] Users can grief Bribe rewards forcing them to b...
  • 31410 - [SC - Medium] Griefing Attack using delegate will expose User...
  • 31413 - [SC - Medium] DOS attack by delegating tokens at MAX_DELEGATES
  • 31416 - [SC - Insight] Impossible to set boostMultiplier to MIN_BOOST
  • 31417 - [SC - Insight] Compound claiming transactions will revert if u...
  • 31418 - [SC - Critical] the killed gauge collect claim amount
  • 31420 - [SC - Insight] No array lengths check in VotersolclaimBribes
  • 31425 - [SC - Medium] Users can call reset on their token even if the...
  • 31430 - [SC - Insight] QA
  • 31435 - [SC - High] ALCX rewards arent claimed for from token when ...
  • 31443 - [SC - Insight] Incorrect values of votingDelay and votingPerio...
  • 31444 - [SC - Critical] Manipulation of ve voting mechanism unlimited b...
  • 31447 - [SC - High] veALCX holders are able to withdraw rewards and...
  • 31448 - [SC - Medium] Bypassing the Governances proposal threshold to...
  • 31449 - [SC - Low] BribegetRewardForOwner should not revert if the...
  • 31451 - [SC - Insight] MAX_PROPOSAL_NUMERATOR is incorrectly set
  • 31453 - [SC - Critical] The balance of RevenueHandler can be drained
  • 31458 - [SC - Critical] Invalid handling of epochs revenue for tokens t...
  • 31460 - [SC - Insight] supportsInterface does not return typeIERCRecei...
  • 31461 - [SC - Critical] veALCX holder can mint Unlimited FLUX tokens
  • 31462 - [SC - Medium] Alchemix addReward access control can be bypas...
  • 31466 - [SC - Critical] Wrong reward calculation leads to rewards being...
  • 31470 - [SC - Critical] Bribing protocols pay bribes but dont get emiss...
  • 31472 - [SC - Critical] Stealing all revenue from the Alchemix protocol
  • 31478 - [SC - High] calculateBPT doesnt divide by basis points infl...
  • 31479 - [SC - High] alchemechNFT holder will get too little FLUX be...
  • 31480 - [SC - High] Miscalculation of global bias
  • 31481 - [SC - Critical] Undound FLUX accrual through reset and merge
  • 31483 - [SC - Critical] Users can vote multiple times in one epoch
  • 31484 - [SC - High] Rewards for the first epoch at rewards distribu...
  • 31485 - [SC - Critical] Miscalculation of distributed tokens at revenue...
  • 31486 - [SC - High] getClaimableFlux miscalculates claimable FLUX f...
  • 31487 - [SC - Low] Wrong condition check on RevenueHandlerconstruc...
  • 31488 - [SC - Critical] Merging tokens allows multiple Flux accruals wi...
  • 31494 - [SC - High] Alchemix The first epochs ALCX emissions of vo...
  • 31495 - [SC - Critical] Users cannot claim rewards from RevenueHandler ...
  • 31497 - [SC - Low] executeBatch lacks payable so ethers can not be...
  • 31498 - [SC - High] Alchemix ALCX rewards are currently subject to...
  • 31503 - [SC - Insight] Incorrect value of MAX_PROPOSAL_NUMERATOR in Al...
  • 31507 - [SC - Critical] Malicious user could flash-loan the veALCX to i...
  • 31512 - [SC - Critical] Infinite minting of FLUX through Merge
  • 31514 - [SC - Medium] Malicious users can cause pokeTokens to revert
  • 31519 - [SC - Low] Lack of revert statement in Votersolpoke result...
  • 31520 - [SC - Critical] Incorrect accounting of totalVoting leads to pe...
  • 31521 - [SC - Medium] Early return in RewardsDistributorclaim can cau...
  • 31523 - [SC - Low] USDT Approval will cause function failure
  • 31524 - [SC - High] Rounding down in getClaimableFlux leads to less...
  • 31526 - [SC - Critical] A user is able to claim more bribes than they h...
  • 31527 - [SC - Critical] No accounting for totalVoting in Bribesolwithdr...
  • 31539 - [SC - Medium] The Voterdistribute function can continue to fail
  • 31540 - [SC - Insight] Expired Token Locks Impacting Vote Weight Calcu...
  • 31541 - [SC - Critical] FluxTokens unlimited mint and Exploitation of g...
  • 31542 - [SC - Low] Bribeearned - L Its potentially possible to ear...
  • 31544 - [SC - High] Certain small amount of tokens are not accounte...
  • 31552 - [SC - Insight] Lack of the validation for a Flash token protec...
  • 31555 - [SC - Low] RewardsDistributoramountToCompound - L The stal...
  • 31556 - [SC - Critical] Unfair Revenue Distribution in Non-Alchemix Rev...
  • 31558 - [SC - Insight] Discrepancy in MAX_PROPOSAL_NUMERATOR Value in ...
  • 31559 - [SC - Low] Minter UpdatePeriod after weeks causes Rewards...
  • 31562 - [SC - Medium] Every consecutive epoch will have same number o...
  • 31563 - [SC - Low] Oracle days staleThreshold for priceTimestamp ...
  • 31566 - [SC - Medium] Checkpoints wont update block number in point b...
  • 31567 - [SC - Critical] VotingEscrowsolcheckpoint is completely broken
  • 31575 - [SC - Medium] depositIntoRewardPool and withdrawFromRewardPo...
  • 31579 - [SC - Critical] Infinite mint of FLUX using poke
  • 31583 - [SC - Insight] Off by one error while adding reward pool token
  • 31584 - [SC - Critical] Loss Of Boosted Weight When Poking In The Same ...
  • 31588 - [SC - Low] Users could start cooldown period for their wit...
  • 31592 - [SC - Insight] Collection of other important issues
  • 31594 - [SC - Insight] RewardPoolManager can only add RewardPoolToken ...
  • 31597 - [SC - High] Loss of precision while calculating claimable f...
• BadgerDAO (eBTC)
  • 28546 - [SC - Insight] FlashLoan can be taken with no fee to be paid
  • 28605 - [SC - Insight] Reentrancy on ActivePool allows users to borrow...
  • 28659 - [SC - Insight] Reentrancy in BorrowerOperationsflashLoan enabl...
  • 28713 - [SC - Insight] Reentrancy on BorrowerOperations allows users t...
  • 28791 - [SC - Low] The system protects from any rounding issues wh...
  • 28823 - [SC - Insight] Lido slashing can negatively affect the whole l...
  • 28828 - [SC - Low] Use of deprecated Chainlink API can lead contra...
  • 28843 - [SC - Low] Canceled partial redeeming syncs the accounting...
  • 28849 - [SC - Low] Using batchRedemption even if the TCR becomes s...
  • 28853 - [SC - Insight] Trycatch will not function with internal type
  • 28858 - [SC - Insight] Execution of SortedCpds while command may cause...
  • 28862 - [SC - Insight] Static MIN_CHANGE threshold and lack of relativ...
  • 28864 - [SC - Insight] Unfair Liquidation when ICR equals TCR in redee...
  • 28890 - [SC - Insight] EBTCTokensol mint function lack of checks allow...
  • 28916 - [SC - Insight] Liquidation Abuse More than half of all assets ...
  • 28967 - [SC - Insight] When fallback oracle is frozen fetchPrice can r...
  • 28973 - [SC - Insight] Users CDPs can be removed unintentionally by CD...
  • 28980 - [SC - Insight] Ther is an invariant Check Failure in flashLoan...
  • 29000 - [SC - Insight] Potential for Denial-of-Service in the redeemCo...
  • 29002 - [SC - Insight] Incorrect implementation of EIP- domain separat...
• DeGate
  • 25882 - [SC - Insight] Freezing of funds from the Default Deposit Cont...
  • 25885 - [SC - Insight] Prevent the operator from submitting blocks to L
  • 25886 - [SC - Insight] registerToken can be front-run causing token ca...
  • 25892 - [SC - Insight] A malicious user can DoS force withdraw request...
  • 25903 - [SC - Insight] Possible loss of user funds by front-runing the...
  • 25906 - [SC - Insight] setDelay function doesnt revert even when the d...
  • 25917 - [SC - Insight] Timelock can call transferProxyOwnership of Dep...
  • 25921 - [SC - Insight] Flaw in upgradeToAndCall leads to the proxy cal...
  • 25927 - [SC - Insight] MultiSig Owners can set malicious implementatio...
  • 25930 - [SC - Insight] Malicious owner can update the DepositParams st...
  • 25933 - [SC - Insight] The last person to confirm can control the exec...
  • 25935 - [SC - Insight] Permissive Fallback Function
  • 25952 - [SC - Insight] The smart contract could be inoperable due to w...
  • 26012 - [SC - Insight] getTransactionIds will break at some point runn...
  • 26017 - [SC - Insight] getTransactionCount will break at some point ru...
  • 26039 - [SC - Insight] Proxy contract deployments can be front-run to ...
  • 26066 - [SC - Insight] Timelock eta variable can be set further than i...
  • 26073 - [SC - Insight] The implementation upgrade must be done by call...
  • 26095 - [SC - Insight] ID Uniqueness Violations
  • 26104 - [SC - Insight] Governance mechanism could be exploited to free...
  • 26110 - [SC - Insight] All the funds from the DepositProxy contracts c...
  • 26116 - [SC - Insight] The MultiSigWalletgetTransactionIds function co...
  • 26124 - [SC - Insight] Some owners of the MultiSigWallet can bring the...
  • 26189 - [SC - Insight] Malicious Exchange Owner can sandwich-attack Et...
  • 26204 - [SC - Insight] DeGate Operator has capability to disable balan...
  • 26236 - [SC - Insight] Malicious DeGate Operator EOA can irreversibly ...
  • 26259 - [SC - Insight] txHash collision is possible
  • 26275 - [SC - Insight] Bad implementation of executeTransaction functi...
  • 26286 - [SC - Insight] Potential Signature Validation Bypass
  • 26422 - [SC - Insight] there is no explicit gas limit in external call...
  • 26423 - [SC - Insight] Timelock executeTransaction function will succe...
  • 26431 - [SC - Insight] High Risk in transfer of proxyOwnership
  • 26446 - [SC - Insight] Consider implementing a two step process in tra...
  • 26468 - [SC - Insight] Fee-on-transfer tokens can be used to steal oth...
  • 26479 - [SC - Insight] ExchangeV cannot be reinitialized after an upgrade
  • 26501 - [SC - Insight] Timelock should handle queuing transactions and...
  • 26502 - [SC - Insight] DeGate Exodus mode forcing study
  • 26509 - [SC - Insight] Exodus Mode Force
  • 26516 - [SC - Insight] Gnosis Multisig Contract can become unusable
  • 26519 - [SC - Insight] Consider introducing the ability to change requ...
  • 26520 - [SC - Insight] Multisig Contract onChain can be bricked
  • 26521 - [SC - Insight] ChainId is missing
  • 26527 - [SC - Insight] Possible emission of wrong data in cancelTransa...
  • 26529 - [SC - Insight] Mitigate Griefing Attacks Theft of Gas by Impl...
  • 26530 - [SC - Insight] Inefficiency in upgradeToAndCall
• Firedancer v0.1
  • Boost _ Firedancer v0.1 33347 - [Blockchain_DLT - Medium] Integer underflow leading to memory corrup
  • Boost _ Firedancer v0.1 33348 - [Blockchain_DLT - Medium] Integer underflow leading to memory corrup
  • Boost _ Firedancer v0.1 33378 - [Blockchain_DLT - Medium] OOB Write leading to memory corruption in
  • Boost _ Firedancer v0.1 33586 - [Blockchain_DLT - Insight] fd_ebpf_static_link - possible disclosure
  • Boost _ Firedancer v0.1 33669 - [Blockchain_DLT - Medium] fd_quic_process_packet out of bounds read
  • Boost _ Firedancer v0.1 33717 - [Blockchain_DLT - Medium] Memory corruption caused by fully controll
  • Boost _ Firedancer v0.1 33718 - [Blockchain_DLT - Medium] The malicious fd_shred_t data passed betwe
  • Boost _ Firedancer v0.1 33774 - [Blockchain_DLT - Medium] The malicious fd_txn_p_t data passed betwe
  • Boost _ Firedancer v0.1 33862 - [Blockchain_DLT - Insight] Discord Server Vulnerable to Takeover in
  • Boost _ Firedancer v0.1 33936 - [Blockchain_DLT - Medium] shred tile fails to process zero sized udp
  • Boost _ Firedancer v0.1 34064 - [Blockchain_DLT - Medium] bank tile possible code execution
  • Boost _ Firedancer v0.1 34234 - [Blockchain_DLT - Insight] Setting the variable shred_cnt in the shr
  • Boost _ Firedancer v0.1 34272 - [Blockchain_DLT - Medium] Remote memory corruption in Shred tile
  • Boost _ Firedancer v0.1 34290 - [Blockchain_DLT - Medium] bank tile overflow
  • Boost _ Firedancer v0.1 34501 - [Blockchain_DLT - Medium] DoS in shreds validation
  • Boost _ Firedancer v0.1 34564 - [Blockchain_DLT - Medium] shred tile overflow
  • Boost _ Firedancer v0.1 34682 - [Blockchain_DLT - Medium] DoS in shreds validation
• Folks Finance
  • Boost _ Folks Finance 33258 - [Smart Contract - Insight] Usage of floating pragma
  • Boost _ Folks Finance 33269 - [Smart Contract - Critical] Logic flaw in UserLoanincreaseCollateral leads to double-counting of effectiveCollateral of userLoan
  • Boost _ Folks Finance 33272 - [Smart Contract - Medium] FrontRunning Attack on createAccount
  • Boost _ Folks Finance 33280 - [Smart Contract - Low] NodeManagersupportsInterface doesnt follow EIP-
  • Boost _ Folks Finance 33311 - [Smart Contract - Critical] Infinite Interest rate bug
  • Boost _ Folks Finance 33353 - [Smart Contract - Low] Incorrect implementation of Time-Weighted Average Price for a Chainlink feed will lead to Incorrect Liquidation amount and breaks multiple price consumption based function
  • Boost _ Folks Finance 33356 - [Smart Contract - Low] All data in _userLoans mapping will not be deleted after calling deleteUserLoan
  • Boost _ Folks Finance 33376 - [Smart Contract - Insight] BridgeRouterreceiveMessage Allows Message Replay Across Different Adapters
  • Boost _ Folks Finance 33441 - [Smart Contract - Insight] Protocol uses Pyth to fetch price which is a pull based oracle and requires price updates to be pushed by the user which is not taken care off
  • Boost _ Folks Finance 33443 - [Smart Contract - Low] StalenessCircuitBreakerNode checks if the last update time of the parent node is less than the threshold but the publicTime could be greater than current blocktimestamp
  • Boost _ Folks Finance 33454 - [Smart Contract - Low] unsafe casting will lead to break of PythNode Oracle
  • Boost _ Folks Finance 33526 - [Smart Contract - Insight] Need to check returnAdapterId
  • Boost _ Folks Finance 33533 - [Smart Contract - Critical] depositDatainterestRate is not correct
  • Boost _ Folks Finance 33534 - [Smart Contract - Medium] denial of service vulnerability and possible griefing in cross-chain account creation
  • Boost _ Folks Finance 33540 - [Smart Contract - Low] ChainlinkNode uses cached decimals in the calculation instead of fresh one
  • Boost _ Folks Finance 33542 - [Smart Contract - Medium] Attacker can create loan before users tx is completed through bridge
  • Boost _ Folks Finance 33546 - [Smart Contract - Medium] Adversaries can manipulate victims stable rate to remain excessively high via flashloan
  • Boost _ Folks Finance 33566 - [Smart Contract - Low] RepayWithCollateral will almost always fail in partial repayment
  • Boost _ Folks Finance 33568 - [Smart Contract - Medium] Front-running vulnerability in cross-chain loan creation process could lead in funds loss for users
  • Boost _ Folks Finance 33588 - [Smart Contract - Insight] The liquidator can make the protocol incur bad debt by partially liquidating the position
  • Boost _ Folks Finance 33589 - [Smart Contract - Medium] Anyone can call the BridgeRouter Recieve function with malicious data to transfer funds
  • Boost _ Folks Finance 33596 - [Smart Contract - Low] Incorrect rounding direction in HubPoolLogicupdateWithRepayWithCollateral can lead to accounting error of total token amount in HubPool
  • Boost _ Folks Finance 33609 - [Smart Contract - Medium] Account creation can be frontrun making the users unable to create an account
  • Boost _ Folks Finance 33611 - [Smart Contract - Medium] Adversary can perform a DoS on users createLoan and createLoanAndDeposit operation sent from Spoke chain
  • Boost _ Folks Finance 33614 - [Smart Contract - Medium] Front-Running Vulnerability in createAccount Method
  • Boost _ Folks Finance 33630 - [Smart Contract - High] Incorrect calculation of loanBorrowbalance
  • Boost _ Folks Finance 33631 - [Smart Contract - Low] Wrong implementation of chainLink getTwapPrice Can lead to wrong price or latest price being used
  • Boost _ Folks Finance 33643 - [Smart Contract - Low] PriceFeed from PythNode will always revert for some pools
  • Boost _ Folks Finance 33644 - [Smart Contract - Insight] Insufficient msgvalue validation for Wormhole adapters will lead to Wormhole cross-chain messages being reverted
  • Boost _ Folks Finance 33645 - [Smart Contract - Medium] Griefing an user from creating an account
  • Boost _ Folks Finance 33652 - [Smart Contract - Insight] BridgeRouters Unprotected Reversal Function Compromises User Control
  • Boost _ Folks Finance 33665 - [Smart Contract - Critical] Collateral Inflation Exploit via Zero-Amount Deposits Allows An Attacker to Drain Any Pool
  • Boost _ Folks Finance 33670 - [Smart Contract - Insight] Violator can deny his liquidation by front running it and changing the loan borrow type
  • Boost _ Folks Finance 33675 - [Smart Contract - Low] PythNodeprocess can revert because of incorrect casting
  • Boost _ Folks Finance 33684 - [Smart Contract - Critical] Lack of available liquidity check when sending token back from Hub leads to first deposit and inflation attack
  • Boost _ Folks Finance 33687 - [Smart Contract - Medium] Loan creation can be frontrun preventing the users from creating loans
  • Boost _ Folks Finance 33694 - [Smart Contract - Medium] stableBorrowRates are manipulatable through flashloan attacks
  • Boost _ Folks Finance 33695 - [Smart Contract - Critical] Attacker can borrow more than the collateral deposit
  • Boost _ Folks Finance 33713 - [Smart Contract - Insight] Some transactions can revert when nodetype is PriceDeviationSameOracleCircuitBreakerNode
  • Boost _ Folks Finance 33746 - [Smart Contract - Insight] Rounding down to zero leads to liquidate function will be halted with Panic error
  • Boost _ Folks Finance 33778 - [Smart Contract - Medium] The loan creation process can be griefed
  • Boost _ Folks Finance 33779 - [Smart Contract - Medium] The account creation process can be griefed
  • Boost _ Folks Finance 33780 - [Smart Contract - Critical] Zero deposits can be used to artificially inflate a users collateral value allowing them to borrow excess funds
  • Boost _ Folks Finance 33787 - [Smart Contract - Low] Function PythNodeprocess doesnt handle correctly PRECISION pythDataexpo
  • Boost _ Folks Finance 33807 - [Smart Contract - Low] updateInterestRate uses incorrect reference of borrow interest rate to calculate deposit interest can lead to the loss of lenders unclaimed yield
  • Boost _ Folks Finance 33816 - [Smart Contract - Critical] Attacker can get unlimited loan for some minimum deposit due to the incorrect calculation of user health in getLoanLiquidity
  • Boost _ Folks Finance 33817 - [Smart Contract - High] Incorrect calculation of effective borrow value in getLoanLiquidity leads to protocol insolvency through wrong withdrawals and liquidations
  • Boost _ Folks Finance 33852 - [Smart Contract - Insight] Small positions will not get liquidated
  • Boost _ Folks Finance 33869 - [Smart Contract - Medium] loanIds are easy to reproduce and front-running enable malicious parties to lock user funds
  • Boost _ Folks Finance 33870 - [Smart Contract - Low] convToRepayBorrowAmount calculation is incorrect causing liquidators to repay extra instead of receiving a bonus
  • Boost _ Folks Finance 33880 - [Smart Contract - Medium] Front-Running Vulnerability in createUserLoan Method
  • Boost _ Folks Finance 33885 - [Smart Contract - Low] Incorrect prices will be returned if the NodeType is PRICE_DEVIATION_CIRCUIT_BREAKER
  • Boost _ Folks Finance 33893 - [Smart Contract - Medium] Malicious users can DoS loan creations and deposits causing temporary funds freezing and additional costs incurred for message reversals
  • Boost _ Folks Finance 33923 - [Smart Contract - Low] Function HubPoolLogicupdateWithWithdraw doesnt round up in favour of protocol if isFAmount false
  • Boost _ Folks Finance 33935 - [Smart Contract - Insight] Liquidations dont ensure the violator loan becomes healthy afterwards
  • Boost _ Folks Finance 33947 - [Smart Contract - Low] During liquidations when borrowToRepay collateral the liquidator pays more borrowAmount than they should and receives no bonus
  • Boost _ Folks Finance 33950 - [Smart Contract - Low] pythnode oracle unexpected revert
  • Boost _ Folks Finance 33953 - [Smart Contract - Low] Calling process function will not revert even if two oracle nodes of the same type are used
  • Boost _ Folks Finance 33970 - [Smart Contract - Medium] User deposits can be blocked
  • Boost _ Folks Finance 33978 - [Smart Contract - Critical] Attacker can Inflate effectiveCollateralValue
  • Boost _ Folks Finance 33981 - [Smart Contract - Low] The PythNode library process function implementation does not account for pythDataexpo being greater than PRECISION
  • Boost _ Folks Finance 33987 - [Smart Contract - Medium] Incorrect access control in receiveMessage leads to total loss of funds
  • Boost _ Folks Finance 34025 - [Smart Contract - Medium] Malicious user can DoS the creation of every account at no cost by front running it with the same accountId
  • Boost _ Folks Finance 34028 - [Smart Contract - Medium] Denial of Service DoS vulnerability in UserLoan creation due to front-running attack
  • Boost _ Folks Finance 34029 - [Smart Contract - Medium] Contract fails to mitigate potential critical state where anyone can call BridgeRouterHubreceiveMessage directly
  • Boost _ Folks Finance 34030 - [Smart Contract - Low] Incorrect rounding down in HubPoolLogicupdateWithWithdraw when users withdraw using underlying amount
  • Boost _ Folks Finance 34047 - [Smart Contract - Low] Adversaries can create a position that is nearly impossible to liquidate due to high gas consumption
  • Boost _ Folks Finance 34050 - [Smart Contract - High] Vulnerability in getLoanLiquidity leads to undervaluing stable debt
  • Boost _ Folks Finance 34052 - [Smart Contract - Low] withdraw doesnt round in favour of protocol for isFamountFalse
  • Boost _ Folks Finance 34054 - [Smart Contract - Low] In liquidation loanPoolcollateralUsed doesnt get reduced by collateralSeizedreserveAmount
  • Boost _ Folks Finance 34066 - [Smart Contract - Medium] Account Creation Front-Running Vulnerability Leading to Gas Fee Theft
  • Boost _ Folks Finance 34069 - [Smart Contract - Low] repayWithCollateral may revert when repay samll amount token
  • Boost _ Folks Finance 34074 - [Smart Contract - Critical] Hub missing check for available liquidity could lead to locked fund and utilization ratio exceeding
  • Boost _ Folks Finance 34076 - [Smart Contract - Low] Wrong way of deriving message keys using destination chains CCTP domain id
  • Boost _ Folks Finance 34085 - [Smart Contract - Low] partial repayment with collaterals will revert due to underflow
  • Boost _ Folks Finance 34122 - [Smart Contract - High] Wrong borrow balance calculation in the getLoanLiquidity function
  • Boost _ Folks Finance 34124 - [Smart Contract - Low] Smart contract cannot be accessed during the normal liquidation process that involves fully acquiring the borrowers balance
  • Boost _ Folks Finance 34127 - [Smart Contract - Low] Liquidator gets more debt than usual
  • Boost _ Folks Finance 34132 - [Smart Contract - Low] Liquidation bonus incorrectly inflates repayBorrowAmount instead of seizeUnderlyingCollateralAmount leading to wrong liquidations
  • Boost _ Folks Finance 34148 - [Smart Contract - Low] Full liquidations will fail for certain unhealthy positions
  • Boost _ Folks Finance 34150 - [Smart Contract - Low] Failed messages never expire and can be replayed by anyone potentially allowing users to be griefed
  • Boost _ Folks Finance 34153 - [Smart Contract - Low] TWAP query by chainlink is wrong according to chainlink docs
  • Boost _ Folks Finance 34158 - [Smart Contract - Low] NodeManagersupportsInterface returns false for typeIERCinterfaceId
  • Boost _ Folks Finance 34161 - [Smart Contract - Medium] Denial of Service via Front-Running in Loan Creation Mechanism
  • Boost _ Folks Finance 34169 - [Smart Contract - Low] Potential revert in PythNode library due to incorrect use of SafeCast toUint
  • Boost _ Folks Finance 34174 - [Smart Contract - Low] Bug in liquidation logic leads to stealing funds from liquidatorsunprofitable liquidations
  • Boost _ Folks Finance 34179 - [Smart Contract - High] Incorrect Updates to pooldepositDatatotalAmount and loancollateralUsed During Repayment with Collateral
  • Boost _ Folks Finance 34183 - [Smart Contract - Insight] rebalanceUp could be used to lower the userLoanstableInterestRates in certain conditions
  • Boost _ Folks Finance 34188 - [Smart Contract - Insight] BridgeRouterHub can add address adapter
  • Boost _ Folks Finance 34190 - [Smart Contract - Critical] Liquidated users can mix and manipulate stable and variable borrowings through exploitative liquidation process
• Fuel Network | Attackathon
  • Attackathon _ Fuel Network 32269 - [Smart Contract - High] Incorrect fuel dce optimization register
  • Attackathon _ Fuel Network 32270 - [Smart Contract - Low] Inappropriate fuel dce on side affects
  • Attackathon _ Fuel Network 32271 - [Blockchain_DLT - Medium] Incorrect state range access helper
  • Attackathon _ Fuel Network 32275 - [Smart Contract - Medium] Various Sway Libs Bugs
  • Attackathon _ Fuel Network 32276 - [Smart Contract - Insight] wrong implementation in gt and lt func
  • Attackathon _ Fuel Network 32291 - [Blockchain_DLT - Insight] Profiling is incorrect for dependent g
  • Attackathon _ Fuel Network 32302 - [Smart Contract - Low] Src ContractConfigurables hash collision
  • Attackathon _ Fuel Network 32314 - [Smart Contract - Insight] Missing _disableInitializers in FuelER
  • Attackathon _ Fuel Network 32327 - [Websites and Applications - Low] REVISED Malicious Downtime via
  • Attackathon _ Fuel Network 32378 - [Smart Contract - Insight] Missing Zero-Check for Recipient Addre
  • Attackathon _ Fuel Network 32388 - [Smart Contract - Low] Buffer overflow in EncodeBufferAppend intr
  • Attackathon _ Fuel Network 32390 - [Smart Contract - Low] Unchecked Virtual Immediate Construction O
  • Attackathon _ Fuel Network 32412 - [Smart Contract - Insight] the IFP divide functions does not have
  • Attackathon _ Fuel Network 32438 - [Smart Contract - Low] Unhandled Bailout During AbstractInstructi
  • Attackathon _ Fuel Network 32439 - [Smart Contract - Low] Missing Alignment Check During AbstractIns
  • Attackathon _ Fuel Network 32453 - [Smart Contract - Low] Unhandled Side Effect During AbstractInstr
  • Attackathon _ Fuel Network 32459 - [Websites and Applications - Low] URGENT WEB funds drained using
  • Attackathon _ Fuel Network 32465 - [Blockchain_DLT - High] Abuse of CCP instruction to do cheap memo
  • Attackathon _ Fuel Network 32486 - [Blockchain_DLT - Medium] Public RPC node craches via GraphQL API
  • Attackathon _ Fuel Network 32491 - [Smart Contract - Low] Incorrect PushA PopA Mask Calculation
  • Attackathon _ Fuel Network 32536 - [Smart Contract - Insight] The control flow graph is incorrectly
  • Attackathon _ Fuel Network 32537 - [Smart Contract - Low] Different data types can be used when init
  • Attackathon _ Fuel Network 32548 - [Smart Contract - Low] Uncaught Integer Overflow During AbstractI
  • Attackathon _ Fuel Network 32612 - [Smart Contract - Low] Lack of slot hashing at adminsw can cause
  • Attackathon _ Fuel Network 32628 - [Blockchain_DLT - Medium] A GraphQL query crashes core process
  • Attackathon _ Fuel Network 32673 - [Smart Contract - Low] Missing array length check for non constan
  • Attackathon _ Fuel Network 32695 - [Blockchain_DLT - Insight] increasing processing for public nodes
  • Attackathon _ Fuel Network 32696 - [Smart Contract - High] incorrect setting of non_negative value i
  • Attackathon _ Fuel Network 32700 - [Smart Contract - High] double increasing underlying value in cei
  • Attackathon _ Fuel Network 32703 - [Smart Contract - Low] Unexpected variable shadowing during ir ge
  • Attackathon _ Fuel Network 32706 - [Smart Contract - High] the function subtract in signed libs like
  • Attackathon _ Fuel Network 32728 - [Smart Contract - Low] Incorrect literal type inference
  • Attackathon _ Fuel Network 32730 - [Smart Contract - Low] The Sway compiler currently disallows read
  • Attackathon _ Fuel Network 32768 - [Blockchain_DLT - Medium] WDCM and WQCM doesnt respect the fuel-s
  • Attackathon _ Fuel Network 32786 - [Smart Contract - Low] incorrect set of i bits to which it should
  • Attackathon _ Fuel Network 32812 - [Smart Contract - Low] Sway-libSRC- Buffer overflow in swap_confi
  • Attackathon _ Fuel Network 32825 - [Blockchain_DLT - High] Consensus between -bit and -bit system ca
  • Attackathon _ Fuel Network 32835 - [Smart Contract - Insight] sway compiler doesnt prevent function
  • Attackathon _ Fuel Network 32849 - [Smart Contract - Low] Insufficient array construction element ty
  • Attackathon _ Fuel Network 32854 - [Smart Contract - Low] Sway-libstd-libcompiler Storage collision
  • Attackathon _ Fuel Network 32859 - [Smart Contract - Low] Incorrect argument pointer creation
  • Attackathon _ Fuel Network 32860 - [Blockchain_DLT - Insight] Resource Abuse CCP instruction is load
  • Attackathon _ Fuel Network 32872 - [Smart Contract - High] Incorrect load_store_to_memcopy optimizat
  • Attackathon _ Fuel Network 32884 - [Smart Contract - Medium] Compilerstd-lib storage collison betwee
  • Attackathon _ Fuel Network 32886 - [Smart Contract - Medium] Incorrect function purity check
  • Attackathon _ Fuel Network 32924 - [Smart Contract - Insight] sways legacy storage namespacing is br
  • Attackathon _ Fuel Network 32935 - [Smart Contract - Insight] Insufficient trait duplication check
  • Attackathon _ Fuel Network 32937 - [Smart Contract - Insight] Fallback function can be directly call
  • Attackathon _ Fuel Network 32938 - [Smart Contract - Insight] Insufficient declaration shadowing che
  • Attackathon _ Fuel Network 32965 - [Blockchain_DLT - Critical] Messages to L included even on revert
  • Attackathon _ Fuel Network 32973 - [Smart Contract - Medium] Impl block dependency overwriting
  • Attackathon _ Fuel Network 32978 - [Blockchain_DLT - Insight] isolating the node from the networkcau
  • Attackathon _ Fuel Network 32979 - [Smart Contract - Low] operations with StorageVec incorrectly rev
  • Attackathon _ Fuel Network 32987 - [Blockchain_DLT - Insight] Sending a message with ETH and data to
  • Attackathon _ Fuel Network 33039 - [Smart Contract - High] The subtraction function is not correctly
  • Attackathon _ Fuel Network 33045 - [Smart Contract - Low] Compiler Dead Code Elimination inconsisten
  • Attackathon _ Fuel Network 33101 - [Smart Contract - Insight] Associated functions that were impleme
  • Attackathon _ Fuel Network 33139 - [Smart Contract - Insight] Unreachable panic in sway compiler whe
  • Attackathon _ Fuel Network 33140 - [Smart Contract - Insight] Sway compiler crash when compile malic
  • Attackathon _ Fuel Network 33168 - [Smart Contract - High] Incorrect Sign Determination In Multiply
  • Attackathon _ Fuel Network 33170 - [Smart Contract - Medium] UFP Exp In Sway-lib Logic Vulnerability
  • Attackathon _ Fuel Network 33171 - [Smart Contract - Insight] panic on unwrapping in decl_to_type_in
  • Attackathon _ Fuel Network 33172 - [Smart Contract - Insight] OOB in type_check_analyze of ImplTrait
  • Attackathon _ Fuel Network 33175 - [Smart Contract - High] Sway-lib Subtract i Logic Vulnerability
  • Attackathon _ Fuel Network 33181 - [Smart Contract - Insight] users messages might encode incorrect
  • Attackathon _ Fuel Network 33186 - [Smart Contract - Medium] _compute_bytecode_root goes to an infin
  • Attackathon _ Fuel Network 33191 - [Smart Contract - Insight] Sway Formatting Behaves Differently Ba
  • Attackathon _ Fuel Network 33193 - [Blockchain_DLT - Medium] Fuel SDKs ABI Decoder Behaves Different
  • Attackathon _ Fuel Network 33195 - [Smart Contract - High] Incorrect Calculations in Subtraction Fun
  • Attackathon _ Fuel Network 33203 - [Smart Contract - Insight] function inlining doesnt consider asm
  • Attackathon _ Fuel Network 33207 - [Smart Contract - Insight] users created message when withdrawing
  • Attackathon _ Fuel Network 33227 - [Smart Contract - High] Lack of overflow protection in the pow fu
  • Attackathon _ Fuel Network 33233 - [Smart Contract - Medium] Incorrect Implementation of Unsigned -b
  • Attackathon _ Fuel Network 33239 - [Smart Contract - Low] Incorrect Implementation of IFP Min Functi
  • Attackathon _ Fuel Network 33240 - [Smart Contract - Insight] Incorrect Bitness in IFP Types
  • Attackathon _ Fuel Network 33242 - [Smart Contract - High] Incorrect Implementation of IFP Multiply
  • Attackathon _ Fuel Network 33248 - [Smart Contract - High] Incorrect Implementation of IFP Floor and
  • Attackathon _ Fuel Network 33267 - [Smart Contract - High] Bug in Multiply and Divide function
  • Attackathon _ Fuel Network 33286 - [Smart Contract - Insight] panic on unwrapping in type_check_trai
  • Attackathon _ Fuel Network 33295 - [Smart Contract - Low] Bug in array decoding can lead to critical
  • Attackathon _ Fuel Network 33302 - [Smart Contract - Medium] Exp function does not work correctly
  • Attackathon _ Fuel Network 33303 - [Smart Contract - Medium] Incorrect sign change
  • Attackathon _ Fuel Network 33331 - [Smart Contract - High] Overflow in Types Less Than u
  • Attackathon _ Fuel Network 33346 - [Blockchain_DLT - Low] Incorrect error handling when executing bl
  • Attackathon _ Fuel Network 33351 - [Smart Contract - Critical] ABI supertraits methods are available
  • Attackathon _ Fuel Network 33360 - [Blockchain_DLT - Medium] The typescript SDK has no awareness of
  • Attackathon _ Fuel Network 33401 - [Smart Contract - Insight] insight compiler crash - trait dummy m
  • Attackathon _ Fuel Network 33407 - [Smart Contract - Insight] Missing Zero-Check for to Address in w
  • Attackathon _ Fuel Network 33433 - [Smart Contract - Low] Self-append in Bytes data structure causes
  • Attackathon _ Fuel Network 33444 - [Smart Contract - Insight] Sway compiler crash for access out-of-
  • Attackathon _ Fuel Network 33450 - [Blockchain_DLT - Insight] fuel_gas_price_algorithm AlgorithmV ma
  • Attackathon _ Fuel Network 33451 - [Smart Contract - Medium] Incorrect code size estimation can bypa
  • Attackathon _ Fuel Network 33487 - [Smart Contract - Insight] Flags Do Not Affect Types Less Than u
  • Attackathon _ Fuel Network 33488 - [Smart Contract - Medium] Insecure implementation of StorageMap c
  • Attackathon _ Fuel Network 33519 - [Smart Contract - Critical] Silent Stack overflow on variables be
• IDEX
  • Boost _ IDEX 34239 - [Smart Contract - Insight] Dont validate stale price in Pyth Network
  • Boost _ IDEX 34428 - [Smart Contract - Insight] Incorrect Condition in validateExitQuoteQuantityAndC
  • Boost _ IDEX 34437 - [Smart Contract - Insight] User positions could be unfairly liquidated due to s
  • Boost _ IDEX 34494 - [Smart Contract - High] Tokens deposit in ExchangeStargateVAdapterlzCompose is
  • Boost _ IDEX 34566 - [Smart Contract - Insight] Withdrawingsolwithdraw_delegatecall - Its possible f
• Immunefi Arbitration
  • 29318 - [SC - Insight] Timelock contract should use canExecuteTransact...
  • 29341 - [SC - Insight] Unsafe Downcast vulnerability this can lead to ...
  • 29347 - [SC - Insight] Chainlinks latestRoundData might return stale o...
  • 29348 - [SC - Insight] Token price returned by PriceConsumer may be in...
  • 29384 - [SC - Insight] Malicious project can remove the ImmunefiGuard ...
  • 29432 - [SC - Low] Malicious project can grief reward payouts from...
  • 29445 - [SC - Insight] latestRoundData Call May Result Stale
  • 29467 - [SC - Low] RewardTimelockexecuteRewardTransaction - L Inco...
  • 29483 - [SC - Insight] RewardTimelockcanExecuteTransaction - Reward tr...
  • 29484 - [SC - Insight] Potential Loss of Precision in Conversion from ...
  • 29513 - [SC - Insight] Critical reentrancy vulnerability in executeRew...
  • 29604 - [SC - Insight] VaultDelegatesendReward - Token fees not subtra...
  • 29738 - [SC - Low] Missing Chainlink circuit breaker check allows ...
  • 29744 - [SC - Insight] Projects can pay rewards at up to below market...
  • 29760 - [SC - Insight] Enforcing Multiple Rewards During Arbitration B...
• Lido: Mellow Vault
  • Boost _ Lido_ Mellow Vault 34756 - [Smart Contract - Insight] Missing calldata forwarding in Vaultde
• Mitigation Audit | Folks Finance
  • Mitigation Audit _ Folks Finance 34929 - [Smart Contract - Critical] Accounting Discrepancy in Fee R
  • Mitigation Audit _ Folks Finance 34942 - [Smart Contract - Insight] In function function getTwapPric
  • Mitigation Audit _ Folks Finance 35089 - [Smart Contract - Insight] Malicious actor can control inte
• Puffer Finance
  • 28612 - [SC - Insight] EigenLayers share rate can be massively inflate...
  • 28613 - [SC - Medium] User will lose funds
  • 28623 - [SC - Low] Timelock transaction that consume more then _ g...
  • 28625 - [SC - Insight] Gas griefing is possible on external call
  • 28629 - [SC - Insight] Missing restricted modifier on claimWithdrawalF...
  • 28630 - [SC - Insight] Improper Validation for Partial Filling of INCH...
  • 28632 - [SC - Insight] Setting delay at MINIMUM_DELAY in timelock fails
  • 28645 - [SC - Insight] Attacker Prevents All Users From Withdrawing Fu...
  • 28646 - [SC - Insight] Resubmission with Pause Bypass Potential Exploi...
  • 28650 - [SC - Insight] Protocol Insolvency due to the over inflated ca...
  • 28656 - [SC - Insight] Blocking redeemwithdraw from vault
  • 28660 - [SC - Insight] pufETHsrcTimelock_setDelay - L State constant M...
  • 28663 - [SC - Low] Deposit of stETH fails due to LIDOs - wei corno...
  • 28665 - [SC - Low] Underflow risk in receive function due to discr...
  • 28687 - [SC - Low] Timelocks executeTransaction incorrectly delete...
  • 28688 - [SC - Insight] Unhandled Failure of _executeTransaction Call i...
  • 28689 - [SC - Medium] incorrect lidoLockedETH value can block full re...
  • 28695 - [SC - Insight] pufETHsrcTimelockexecuteTransaction - L The tim...
  • 28698 - [SC - Insight] User can frontrun claim transaction to make cla...
  • 28702 - [SC - Insight] Malicious users can frontrun permits to DoS swaps
  • 28729 - [SC - Insight] MINIMUM_DELAY uses incorrect value of days ins...
  • 28732 - [SC - Insight] External Call from Eigen Layer can fail silentl...
  • 28773 - [SC - Insight] The function claimWithdrawalFromEigenLayer can ...
  • 28775 - [SC - Insight] pufETHsrcTimelocksolexecuteTransaction - This b...
  • 28777 - [SC - Low] pufETHsrcTimelocksolexecuteTransaction - This b...
  • 28779 - [SC - Insight] Missing sender address check in receive may lea...
  • 28788 - [SC - Critical] Slash during a withdrawal from EigenLayer will ...
  • 28789 - [SC - Low] Return value of call is not checked causing fai...
  • 28792 - [SC - Low] Return value of low level isnt checked executio...
  • 28796 - [SC - Low] The PufferVaultgetPendingLidoETHAmount will ret...
  • 28813 - [SC - Insight] PufferVaultclaimWithdrawalFromLido according to...
  • 28827 - [SC - Insight] Multi requestid claims can trigger DOS
  • 28833 - [SC - Insight] Missing slippage protection in functions deposi...
  • 28852 - [SC - Insight] Reverting permit transactions caught in the cat...
  • 28921 - [SC - Medium] Possibly protocol insolvency during a LIDO slas...
  • 28934 - [SC - Insight] TimelockcancelTransaction does not check asser...
  • 28942 - [SC - Insight] Self Destruction of inchRouter can lead to loss...
  • 28946 - [SC - Low] The assets accounting of the vault can become o...
  • 28947 - [SC - Insight] Info
  • 28964 - [SC - Insight] Claiming withdrawals from Lido can lead to unbo...
  • 28971 - [SC - Low] Double spending or double execution of transact...
  • 28991 - [SC - Insight] Contract uint delay variable cannot be set to i...
  • 29006 - [SC - Medium] Lack of Success check of the Timelock executeT...
  • 29015 - [SC - Low] Boolean return value of addresscall function no...
  • 29017 - [SC - Insight] Timelock is not capable of performing payable t...
  • 29033 - [SC - High] Queued data will be lost if Tx is unsuccessful ...
  • 29054 - [SC - Medium] Lido discounted withdrawals are not accounted for
  • 29060 - [SC - Medium] initiateETHWithdrawalsFromLido decreases totalA...
  • 29067 - [SC - Low] Puffer Finance Missing Verification of Externa...
  • 29073 - [SC - Insight] excuteTransaction in timelock contract will una...
  • 29080 - [SC - Insight] Uninitialized uups upgradeable can lead to loss...
  • 29081 - [SC - Insight] No constructor should be used to set in upgrade...
  • 29082 - [SC - Insight] Restricted modifier should not be used with int...
  • 29099 - [SC - Insight] Actual amount of stETH deposited is less than t...
  • 29106 - [SC - High] Insufficient Handling of Partial Failures in Wi...
  • 29110 - [SC - Insight] Insecure Token Allowance Management in PufferDe...
  • 29111 - [SC - Insight] Silent Failure of ERC Permit Calls in PufferDep...
  • 29116 - [SC - Low] Using deposit results in more shares for the sa...
• Shardeum Ancillaries
  • Boost _ Shardeum_ Ancillaries 33040 - [Websites and Applications - Low] API CSRF protection bypass leading to arbitrary operator-cli command execution
  • Boost _ Shardeum_ Ancillaries 33392 - [Websites and Applications - Insight] Validator GUI password bruteforcing is possible using the proxies
  • Boost _ Shardeum_ Ancillaries 33490 - [Websites and Applications - Insight] Abusing blacklist functionality to get victims IP to be banned
  • Boost _ Shardeum_ Ancillaries 33522 - [Websites and Applications - Insight] Exposed Redis Service Vulnerability on apishardeumorg
  • Boost _ Shardeum_ Ancillaries 33558 - [Websites and Applications - Insight] In some instances the socket can be made to hang
  • Boost _ Shardeum_ Ancillaries 33571 - [Websites and Applications - Medium] Taking down the websocket server via malicious methods object override
  • Boost _ Shardeum_ Ancillaries 33577 - [Websites and Applications - Insight] Taking down the HTTP server via jayson -day vulnerability
  • Boost _ Shardeum_ Ancillaries 33692 - [Websites and Applications - Low] Reflected XSS in validator node endpoints leads to node shutdown via validator-gui
  • Boost _ Shardeum_ Ancillaries 33809 - [Websites and Applications - Insight] Blocking the user from interacting with GUI via rate-limiting abuse
  • Boost _ Shardeum_ Ancillaries 34298 - [Websites and Applications - Medium] archive-server can be killed by connected shardus-instance
  • Boost _ Shardeum_ Ancillaries 34367 - [Websites and Applications - Low] CSRF vulnerability due to missing SameSiteStrict attribute resulting blackhat to perform authenticated action
  • Boost _ Shardeum_ Ancillaries 34392 - [Websites and Applications - Medium] JSON-RPC Complete Password Recovery Through Timing Attack
  • Boost _ Shardeum_ Ancillaries 34473 - [Websites and Applications - Low] Insight XSS in json rpc server without CSP bypass
  • Boost _ Shardeum_ Ancillaries 34474 - [Websites and Applications - Insight] SQL injection in json-rpc-server within thetxStatusSaver function via the IP argument leads to application shutdown
  • Boost _ Shardeum_ Ancillaries 34475 - [Websites and Applications - Low] CSRF in Json RPC Server allows requesting authenticated API endpoints
  • Boost _ Shardeum_ Ancillaries 34492 - [Websites and Applications - Insight] DoS via unbounded tx id list processing in api endpoints
  • Boost _ Shardeum_ Ancillaries 34508 - [Websites and Applications - Critical] Malicious archiver can overwtite account data on any active archiver
• Shardeum Core
  • 32942 - [BC - Low] The ChainID and URL parameters that can modify ...
  • 32982 - [BC - Critical] Crashing all Validators Vulnerability in eth_g...
  • 32993 - [BC - Critical] Crashing Validators by triggering an uncaught e...
  • 33044 - [BC - Medium] Preventing the network from loading by disconne...
  • 33086 - [BC - Critical] Complete shutdown of the transaction processing...
  • 33151 - [BC - Critical] Front running initial account data distribution
  • 33222 - [BC - Critical] An attacker can control which nodes can and can...
  • 33254 - [BC - Medium] The signature used to Gossip an UnjoinRequest h...
  • 33277 - [BC - Critical] Validators can be crashed via GET
  • 33278 - [BC - Critical] Improper input validation leads to DOS and tota...
  • 33395 - [BC - Insight] DoS attack on peer nodes through gossip-valid-j...
  • 33424 - [BC - Critical] Improper input validation in safeJsonParse lead...
  • 33428 - [BC - Critical] Validators can be crashed via pp
  • 33473 - [BC - High] Cross-chain replay attacks are possible due to ...
  • 33483 - [BC - Critical] shardeum validator bypass loop breaking increme...
  • 33520 - [BC - Insight] Inconsistent consensus issue for BlakeF precomp...
  • 33576 - [BC - High] Lack of deduplication in joinarchiver requests ...
  • 33632 - [BC - Critical] Signature forgery on behalf of other nodes lead...
  • 33637 - [BC - Critical] In get_tx_timestamp a prototype pollution bri...
  • 33638 - [BC - Critical] In remove_timestamp_cache a prototype polluti...
  • 33655 - [BC - Critical] Complete shutdown of the transaction processing...
  • 33696 - [BC - Critical] Failure to validate golden ticket admin cert
  • 33735 - [BC - Insight] Network split due to the sync issue in PP modul...
  • 33745 - [BC - Critical] A math quirk in Javascript allows anyone to tak...
  • 33750 - [BC - Critical] Abusing setCertTime Transactions to drain node ...
  • 33766 - [BC - Critical] Improper input validation in TransactionConsenu...
  • 33813 - [BC - Insight] Double slashing of validators
  • 33848 - [BC - High] For the first cycles of the network a maliciou...
  • 33872 - [BC - Critical] Infinite loop in shardeum
  • 33922 - [BC - Critical] Steal Rewards and Take over Network by Faking A...
  • 33925 - [BC - Critical] Improper input validation in fixDeserializedWra...
  • 33941 - [BC - Critical] A missing check for the type of a variable allo...
  • 33946 - [BC - Critical] Lack of voter deduplication in sync_trie_hashes...
  • 33963 - [BC - Critical] Crashing the network by filling timestamp cache...
  • 33972 - [BC - Critical] Inflating the votes of the hash for a malicious...
  • 34012 - [BC - Critical] Improper input validation in repair_oos_account...
  • 34019 - [BC - Critical] Lack of vote validation in sync_trie_hashes lea...
  • 34020 - [BC - Critical] An alternative entry point with a separated but...
  • 34053 - [BC - Critical] Malicious HTTP responses allow systemic applica...
  • 34093 - [BC - Critical] lib-net can be used to force oom reap of shardu...
  • 34201 - [BC - Critical] Prototype pollution vulnerability in remove_tim...
  • 34252 - [BC - Critical] Bypass Certificate Signing Validation
  • 34349 - [BC - High] Archiver Join Limit Logic Error
  • 34353 - [BC - Critical] Killing nodes by polluting tx timestamp cache o...
  • 34364 - [BC - Insight] pp deserialization denial of service issue
  • 34422 - [BC - High] Forcing the new POQo system to fail preventing ...
  • 34456 - [BC - Critical] Lack of consensus validation in repair_oos_acco...
  • 34476 - [BC - Critical] remove_timestamp_cache prototype pollution lead...
  • 34481 - [BC - Critical] Bypassing sender verification in gossip-final-s...
  • 34484 - [BC - Critical] Tricking legit node to signed maliciously contr...
  • 34489 - [BC - Insight] ActivetsValidateRecordTypes do not check all th...
  • 34500 - [BC - Critical] Prototype pollution vulnerability in get_tx_tim...
• ThunderNFT | IOP
  • IOP _ ThunderNFT 34455 - [Smart Contract - Low] Double Token Vulnerability leads to drain funds
  • IOP _ ThunderNFT 34496 - [Smart Contract - High] Users cant withdraw their funds for removed assets
  • IOP _ ThunderNFT 34519 - [Smart Contract - High] users cant withdraw their tokens when specific asse
  • IOP _ ThunderNFT 34522 - [Smart Contract - Low] Self-transfer would inflate the balance
  • IOP _ ThunderNFT 34534 - [Smart Contract - Critical] Maker will always only get token even if specif
  • IOP _ ThunderNFT 34542 - [Smart Contract - Insight] Not Handling Balance Entries Properly in the Wit
  • IOP _ ThunderNFT 34545 - [Smart Contract - Low] Smart contract can be taken over by malicious user b
  • IOP _ ThunderNFT 34560 - [Smart Contract - Critical] Updating sell-maker-orders does not provide ref
  • IOP _ ThunderNFT 34565 - [Smart Contract - High] Selling maker cant cancel to retrieve his funds whe
  • IOP _ ThunderNFT 34567 - [Smart Contract - Medium] users with current bid order can not update their
  • IOP _ ThunderNFT 34578 - [Smart Contract - Insight] unds Not Locked During Order Placement
  • IOP _ ThunderNFT 34585 - [Smart Contract - High] Permanent freezing of NFTS that seller deposit into
  • IOP _ ThunderNFT 34587 - [Smart Contract - High] Users might temporarily get their funds locked in P
  • IOP _ ThunderNFT 34605 - [Smart Contract - Critical] ERC tokens can be stolen because the amount is
  • IOP _ ThunderNFT 34629 - [Smart Contract - Critical] Theft of Deposited Funds
  • IOP _ ThunderNFT 34630 - [Smart Contract - Critical] Incorrect Token Sale Amount
  • IOP _ ThunderNFT 34636 - [Smart Contract - Critical] The amount is set to when creating the Executio
  • IOP _ ThunderNFT 34642 - [Smart Contract - High] strategy de-listing causes sellers NFTs locked on T
  • IOP _ ThunderNFT 34659 - [Smart Contract - Low] Pool Balance Inflation
  • IOP _ ThunderNFT 34677 - [Smart Contract - Insight] NFTs can not be canceled since the cancel_order
  • IOP _ ThunderNFT 34702 - [Smart Contract - Low] the function register_royalty_info does not allow to
  • IOP _ ThunderNFT 34714 - [Smart Contract - Medium] owner of NFT who have sell orderlisting NFT can n
  • IOP _ ThunderNFT 34736 - [Smart Contract - Critical] ERC tokens are stuck on the contract if more th
  • IOP _ ThunderNFT 34760 - [Smart Contract - Low] Off-by-one error in get_supported_asset
  • IOP _ ThunderNFT 34761 - [Smart Contract - Low] Off-by-one error in get_whitelisted_strategy
  • IOP _ ThunderNFT 34791 - [Smart Contract - Low] Incompatibility with SRC might lead to inability of
  • IOP _ ThunderNFT 34800 - [Smart Contract - Critical] Improper input validation in order update funct
  • IOP _ ThunderNFT 34816 - [Smart Contract - High] users cant call update_order to update the strategy
  • IOP _ ThunderNFT 34839 - [Smart Contract - Low] Royalty Fee limit is not enforced for registered col
  • IOP _ ThunderNFT 34848 - [Smart Contract - Low] Incorrect verification of deposit asset leads to cre
  • IOP _ ThunderNFT 34906 - [Smart Contract - Low] Existing Sell order can be executed despite payment
  • IOP _ ThunderNFT 34930 - [Smart Contract - Critical] User can only trade token when ERC is used
  • IOP _ ThunderNFT 34934 - [Smart Contract - Critical] thunder_exchangeupdate_order can be abused to s
  • IOP _ ThunderNFT 34943 - [Smart Contract - High] User cant withdraw asset from pool after asset_mana
  • IOP _ ThunderNFT 34949 - [Smart Contract - Critical] Missing proper validation when updating order
  • IOP _ ThunderNFT 34955 - [Smart Contract - Critical] Nfts of type may be stolen by updating an order
  • IOP _ ThunderNFT 34957 - [Smart Contract - Critical] executionResults always returns an amount of le
  • IOP _ ThunderNFT 34958 - [Smart Contract - Critical] Incorrect Setting of Amount in ExecutionResult
  • IOP _ ThunderNFT 34962 - [Smart Contract - Low] tranfer_from function have critical issue which lead
  • IOP _ ThunderNFT 34963 - [Smart Contract - Insight] Invalid orders persist in storage maps with no i
  • IOP _ ThunderNFT 34964 - [Smart Contract - Low] Faulty Index out of Bounds
  • IOP _ ThunderNFT 34966 - [Smart Contract - High] Royalty or protocol fee of will DoS executing order
  • IOP _ ThunderNFT 34967 - [Smart Contract - Insight] Insights Report
  • IOP _ ThunderNFT 34973 - [Smart Contract - Low] royalty_managerregister_royalty_info might not work
  • IOP _ ThunderNFT 34975 - [Smart Contract - Low] Read out of index
  • IOP _ ThunderNFT 34980 - [Smart Contract - Critical] Order side manipulation can lead to theft of NF
• ZeroLend
  • 28875 - [SC - Medium] Unauthorized minting of vested NFTs
  • 28885 - [SC - Medium] Lack of check for Lockend in merge LockerToken ...
  • 28892 - [SC - Medium] ZeroLockermerge can make a voting lock last lon...
  • 28910 - [SC - High] Bool check wrong in registerGauge
  • 28912 - [SC - Critical] Attackers can control the vote result and ampli...
  • 28938 - [SC - Medium] Attacker can invalidate users supplyWithPermit ...
  • 28943 - [SC - Medium] DoS when user want to supply repay asset using...
  • 28955 - [SC - High] Malicious user can transfer all unclaimed rewar...
  • 28970 - [SC - Medium] Attacker can grief a user by making his supplyW...
  • 28987 - [SC - Medium] Manipulation of governance is possible by minti...
  • 28988 - [SC - High] Mechanism for distributing extra reward tokens ...
  • 28992 - [SC - High] Permanent freezing of additional reward tokens
  • 29012 - [SC - High] Votes manipulation in PoolVoter
  • 29019 - [SC - High] The ZeroLendToken contract in the Governance mo...
  • 29026 - [SC - High] Hackers can steal the unclaimed yield to get th...
  • 29031 - [SC - Critical] VestedZeroNFT tokens can be directly stolen thr...
  • 29047 - [SC - Insight] Reward is lost when totalSupply
  • 29052 - [SC - Medium] Pool funds could be locked due to Division by zero
  • 29059 - [SC - Medium] Race condition in StakingBonus will result in s...
  • 29062 - [SC - Critical] Attacker can steal locked balance of staked nft...
  • 29068 - [SC - Medium] AaveOracle contract does not verify price stale...
  • 29069 - [SC - Medium] Ability to deny users from repaying and supplyi...
  • 29078 - [SC - High] Theft of unclaimed yield due to the wrong calcu...
  • 29095 - [SC - High] The lockers supply can be arbitrarily inflated ...
  • 29101 - [SC - High] Staking in BaseLocker is broken
  • 29103 - [SC - Critical] Omnichain Stakers can permanently lose access t...
  • 29120 - [SC - High] Bug in reward distribution logic leads to theft...
  • 29121 - [SC - High] Any rewards sent to the PoolVoter will be undis...
  • 29122 - [SC - High] All reward tokens can be stolen by an attacker ...
  • 29123 - [SC - Medium] Griefing attack for VestedZeroNFT
  • 29130 - [SC - Medium] Unlimited Minting of VestedZeroNFT
  • 29135 - [SC - Critical] OmnichainStakingsolunstakeLP and OmnichainStaki...
  • 29137 - [SC - High] ZeroLend token is not behaving properly while c...
  • 29139 - [SC - Medium] Griefing attack to cause users to suffer penalt...
  • 29145 - [SC - High] zeroLendToken is bricked to use for whitelisted...
  • 29149 - [SC - Insight] DoS in Zero Registry configuration updation
  • 29170 - [SC - Medium] DoS by front-runnable externall call
  • 29175 - [SC - Insight] Granting DEFAULT_ADMIN_ROLE to the deployer in ...
  • 29181 - [SC - High] Tautology in PoolVoterregisterGauge makes it im...
  • 29186 - [SC - Insight] ValidationLogicvalidateBorrow - L-L Incorrect i...
  • 29188 - [SC - Insight] StakingBonuscalculateBonus wrongly utilizes BPS
  • 29189 - [SC - High] ZeroLendToken doesnt allow whitelisted users to...
  • 29190 - [SC - Insight] Permanent freezing of up to wei of yield each ...
  • 29198 - [SC - Medium] Griefing attack to cause the rewards of a user ...
  • 29204 - [SC - Critical] Direct theft of Users VestedZeroNFT by using sp...
  • 29211 - [SC - Critical] Voting manipulation cause by the possibility to...
  • 29213 - [SC - High] The function always revert if _stakeNFT True d...
  • 29225 - [SC - Insight] EarlyZEROVesting is having a rounding issue and...
  • 29244 - [SC - Insight] Using permit inside the function can lead to Do...
  • 29249 - [SC - Insight] Using permit inside the function can lead to Do...
  • 29262 - [SC - Insight] Some users can get more rewards than others whi...
  • 29267 - [SC - High] Wrong implementation causing some functions in ...
  • 29270 - [SC - High] The main functionality of the contract EarlyZER...
  • 29286 - [SC - Medium] MultiSigWalletremoveOwner - L The bug allows th...
  • 29288 - [SC - Critical] all NFTs can be stolen by calling VestedZeroNFT...
  • 29322 - [SC - Insight] Use safeTransfer instead of transfer
  • 29328 - [SC - Insight] zkSync ACLManager EOA as EMERGENCY_ADMIN
  • 29329 - [SC - Insight] Manta ACLManager EOA as EMERGENCY_ADMIN
  • 29331 - [SC - Insight] Manta ACLManager EOA as RISK_ADMIN
  • 29332 - [SC - Insight] Manta ReservesSetupHelper EOA as owner
  • 29342 - [SC - Insight] Lack of chainID validation allows reuse of sign...
  • 29344 - [SC - Insight] Price assets deposited manipulation
• Swaylend | IOP
  • #35853 [SC-Medium] permissonless constructor always for front-running owner initialization.
  • #36034 [SC-Medium] truncation in the `present_value_borrow()` can lead to loss of accrued borrow interests.
  • #35908 [SC-Low] If the collateral token''s decimal is <= the base token decimal in a market, `collateral_value_to_sell()` will always revert & `available_to_borrow()` will return a wrong amount tha...
  • #35732 [SC-Low] Withdrawals can not be paused which could lead to protocol insolvency in case of issues
  • #35768 [SC-Insight] `Market.set_pyth_contract_id` should emit an event
  • #35831 [SC-High] By bypassing base_borrow_min limitation borrows can create inabsorbable loans
  • #35684 [SC-Critical] Incorrect Pyth Oracle Price Feed Process Leads to Wrong Collateral Value Calculation
  • #36158 [SC-Low] `Market.collateral_value_to_sell` will always revert if collateral_configuration
  • #36138 [SC-Insight] `Market.update_collateral_asset` should reuse old configuration's `asset_id`
  • #36137 [SC-Medium] `absorb_internal` might be DOSed
  • #36117 [SC-High] Permanent freezing of tokens when user sends extra tokens as update fee
  • #36108 [SC-Insight] `recipient` with a NULL address will lead to permanent loss of minted coins
  • #35724 [SC-Low] Users can withdraw collateral even when the admin pauses the contract.
  • #36065 [SC-Insight] `Market.update_market_configuration` should reuse old configuration's `base_token.decimals`
  • #35815 [SC-Medium] `Market.present_value_borrow` should be roundUp
  • #35760 [SC-Low] `market::available_to_borrow()` compares the collateral in USD against the borrow in base units
  • #35758 [SC-Critical] Loss of yield to the protocol due to incorrect interest rate applied
  • #35999 [SC-Insight] Incorrect event name
  • #35750 [SC-High] User loss due to Pyth oracle update fee being smaller than the msg amount sent
  • #35794 [SC-Insight] `Market.absorb` can be called when `Market.supply_collateral` is paused
  • #35767 [SC-Critical] constanct value is used to check `price.confidence`
  • #35876 [SC-High] Users will lose funds on calls to critical functions if the prices are not updated
  • #35793 [SC-High] `src-20.burn` should use "==" instead of ">="
  • #35761 [SC-Low] Unhandled smaller base decimals than 6 or bigger than the collateral's decimals
  • #35708 [SC-Insight] Adding too many collaterals will halt the protocol operation
• Acre
  • #34836 [SC-Medium] Malicious party can make it impossible for debt to be completely repaid by donating a few tbtc to `stBTC.sol`
  • #34959 [SC-Low] `mintDebt` returns a wrong value
  • #35014 [SC-Low] incorrect rounding in mintdebt function might allow minimal shares dilution
  • #34978 [SC-Low] protocol runs insolvent due to incorrect reliance on depositbalance which doesn t match holder balances
  • #35026 [SC-Low] `repayDebt` in stbtc returns a worng value
  • #34995 [SC-Low] `mintDebt()` and `repayDebt()` should return `assets` and not `shares`
  • #34712 [SC-Medium] Malicious users can block repay debt transactions with no cost
  • #34998 [SC-Insight] Deposited assets in an old dispatcher may be lost when swapping to a new dispatcher
  • #34672 [SC-Low] Protocol runs insolvent due to incorrect reliance on depositBalance which doesn't match holder balances
  • #34999 [SC-Low] The tBTC in the MezoAllocator itself is not considered in the withdrawal function
  • #34748 [SC-Low] Last withdrawer can be prevented from withdrawing their assets
  • #34729 [SC-Low] `releaseDeposit` will likely fail, putting funds in MezoAllocator at risk of being permanently stuck
  • #34851 [SC-Low] Adversary can freeze users' fund in stBTC using donation attack on MezoAllocator
• Shardeum Core II
  • #36029 [BC-Insight] Node.js crash on counterMap overflow
  • #35696 [BC-Critical] Specifically crafted penalty TX may cause total network shutdown.
  • #35694 [BC-Critical] Consensus can be bypassed by single validator node from transaction execution group
  • #35601 [BC-Critical] Consensus algorithm doesn't deduplicate votes, allowing a malicious validator to completely falsify transactions
  • #35695 [BC-Critical] validateTxnFields check for internal transactions can be bypassed
  • #35531 [BC-Critical] Absence of signature deduplication for receipt in the binary_repair_oos_accounts P2P handler
  • #36024 [BC-Insight] Use of Vulnerable function results in prediction of archivers
  • #35965 [BC-Insight] Unverified data in safety sync
  • #35707 [BC-Critical] Reusing old transaction receipt to rollback account balance
  • #35415 [BC-Insight] [Informational] debugMiddleware query parameters can be partially modified by request submitter or via MITM
  • #35839 [BC-Critical] Slash avoidance: Ineffective controls on unstaking allow unstaking before taking an action that should be slashed
  • #35526 [BC-Critical] An attacker can change the account balance after the transaction has been processed.
  • #35641 [BC-Insight] node p2p remote denial of service
  • #35697 [BC-Insight] [Informational] Code logic contains potential risk of full network shutdown
  • #35710 [BC-Insight] addressToPartition input is unsanitized, allowing to take whole network down
• Shardeum Ancillaries II
  • #35598 [W&A-Insight] Access to debug endpoints without any protection
  • #35351 [W&A-Insight] Password Length Bypass in Shardeum Authentication System
  • #35537 [W&A-Insight] json rpc server websocket remote crash
  • #35996 [W&A-Insight] malicious explorer can cause denial of service in json rpc server and even cras
  • #35979 [W&A-High] malicious archiver malicious validator can overwrite data on any active archiver
  • #36025 [W&A-Critical] A malicious validator can overwrite the account data of any archive server connected to it.
  • #35452 [W&A-High] Admin Panel Accessed
  • #36005 [W&A-Insight] Reflected URL Manipulation and Phishing Risk
  • #35972 [W&A-Insight] Operator-GUI Weak JWT Token Generation Led To Generate same JWT Tokens Even if The User Has it's Unique "nodeId"
  • #35447 [W&A-High] Zero Click Full Account Takeover
  • #35446 [W&A-Insight] IDOR Able to change other user information
  • #35903 [W&A-High] SQL Injection Allows a Malicious Archiver to Overwrite Receipt/originalTxData Database on Any Active Archiver in the Network
  • #35824 [W&A-Medium] `/set-config` replay attack is possible in production mode after archiver restart
  • #35157 [W&A-Insight] Unauthorized Access to Shardeum Config Store using default credentials
  • #35709 [W&A-Critical] Potential DoS of archiver-server during network restoration via get_account_data_archiver call
  • #35534 [W&A-Insight] json rpc server remote crash
• Anvil
  • #36303 [SC-Medium] attackers can cause griefing attack to cause stake transactions of timebasedcolla
  • #36501 [SC-Medium] Signature Front-Running Vulnerability in CollateralVault
  • #36268 [SC-Medium] stake with signature can be front-run lead to user's stake failed
  • #36267 [SC-Insight] tokens can be stuck forever in uniswapliquidator because function retrievetokens
  • #36136 [SC-Insight] Fee calculation error in withdraw function of collateralVault contract
  • #36092 [SC-Insight] Collateralizable Contracts May Retain Status Unconditionally
  • #36540 [SC-Insight] users can withdraw funds at incorrect fee rate
  • #36567 [SC-Insight] Anyone can cancel anyone's LOC
  • #36554 [SC-Critical] Time Based Collateral Pool Users can release more than their due share of the pool, drawing from the due share of other users
  • #36552 [SC-Medium] DoS for the user's calling `stake` and `stakeReleasableTokensFrom` function
  • #36532 [SC-Medium] Frontrun to invalidate collateralizable approval signature
  • #36306 [SC-Insight] Incorrect nonce value emitted in `TimeBasedCollateralPool::_resetPool` event
  • #36475 [SC-Medium] Token allowance signature can be front-run
  • #36450 [SC-Low] contract timebasedcollateralpool will be unable to process new user transactions
  • #36346 [SC-Insight] Typehash Discrepancy in CollateralizableTokenAllowanceAdjustment
  • #36340 [SC-Insight] TimeBasedCollateralPool::_resetAccountTokenStateIfApplicable does not adjust tokenEpochExitBalances after redeeming the account's unstake Units
  • #36309 [SC-Low] TimeBasedCollateralPool: After _resetPool gets called (internally) a depositor can break most functionalities of the smart contract
• Anvil: Letters of Credit
  • #36807 [SC-Critical] attackers can create dynamic loc with any credited amount with very small co...
  • #36931 [SC-Critical] critical creators can modifyloccollateral of dynamic loc to release ....
  • #36910 [SC-Critical] LoC: The creator can withdraw the entire collateral of a Dynamic LoC making it insolvent
  • #36970 [SC-Insight] Missing `_disableInitializer()` implementation
  • #36999 [SC-Insight] Incomplete Adjustment of `globalAmountInDynamicUse` During LOC Liquidation Causes Accumulated Dust and DoS Risk
• Page