Critical | High | Medium | Insight
Critical
- 28912 - [SC - Critical] Attackers can control the vote result and ampli...
- 29031 - [SC - Critical] VestedZeroNFT tokens can be directly stolen thr...
- 29062 - [SC - Critical] Attacker can steal locked balance of staked nft...
- 29103 - [SC - Critical] Omnichain Stakers can permanently lose access t...
- 29135 - [SC - Critical] OmnichainStakingsolunstakeLP and OmnichainStaki...
- 29204 - [SC - Critical] Direct theft of Users VestedZeroNFT by using sp...
- 29211 - [SC - Critical] Voting manipulation cause by the possibility to...
- 29288 - [SC - Critical] all NFTs can be stolen by calling VestedZeroNFT...
High
- 28910 - [SC - High] Bool check wrong in registerGauge
- 28955 - [SC - High] Malicious user can transfer all unclaimed rewar...
- 28988 - [SC - High] Mechanism for distributing extra reward tokens ...
- 28992 - [SC - High] Permanent freezing of additional reward tokens
- 29012 - [SC - High] Votes manipulation in PoolVoter
- 29019 - [SC - High] The ZeroLendToken contract in the Governance mo...
- 29026 - [SC - High] Hackers can steal the unclaimed yield to get th...
- 29078 - [SC - High] Theft of unclaimed yield due to the wrong calcu...
- 29095 - [SC - High] The lockers supply can be arbitrarily inflated ...
- 29101 - [SC - High] Staking in BaseLocker is broken
- 29120 - [SC - High] Bug in reward distribution logic leads to theft...
- 29121 - [SC - High] Any rewards sent to the PoolVoter will be undis...
- 29122 - [SC - High] All reward tokens can be stolen by an attacker ...
- 29137 - [SC - High] ZeroLend token is not behaving properly while c...
- 29145 - [SC - High] zeroLendToken is bricked to use for whitelisted...
- 29181 - [SC - High] Tautology in PoolVoterregisterGauge makes it im...
- 29189 - [SC - High] ZeroLendToken doesnt allow whitelisted users to...
- 29213 - [SC - High] The function always revert if _stakeNFT True d...
- 29267 - [SC - High] Wrong implementation causing some functions in ...
- 29270 - [SC - High] The main functionality of the contract EarlyZER...
Medium
- 28875 - [SC - Medium] Unauthorized minting of vested NFTs
- 28885 - [SC - Medium] Lack of check for Lockend in merge LockerToken ...
- 28892 - [SC - Medium] ZeroLockermerge can make a voting lock last lon...
- 28938 - [SC - Medium] Attacker can invalidate users supplyWithPermit ...
- 28943 - [SC - Medium] DoS when user want to supply repay asset using...
- 28970 - [SC - Medium] Attacker can grief a user by making his supplyW...
- 28987 - [SC - Medium] Manipulation of governance is possible by minti...
- 29052 - [SC - Medium] Pool funds could be locked due to Division by zero
- 29059 - [SC - Medium] Race condition in StakingBonus will result in s...
- 29068 - [SC - Medium] AaveOracle contract does not verify price stale...
- 29069 - [SC - Medium] Ability to deny users from repaying and supplyi...
- 29123 - [SC - Medium] Griefing attack for VestedZeroNFT
- 29130 - [SC - Medium] Unlimited Minting of VestedZeroNFT
- 29139 - [SC - Medium] Griefing attack to cause users to suffer penalt...
- 29170 - [SC - Medium] DoS by front-runnable externall call
- 29198 - [SC - Medium] Griefing attack to cause the rewards of a user ...
- 29286 - [SC - Medium] MultiSigWalletremoveOwner - L The bug allows th...
Insight
- 29047 - [SC - Insight] Reward is lost when totalSupply
- 29149 - [SC - Insight] DoS in Zero Registry configuration updation
- 29175 - [SC - Insight] Granting DEFAULT_ADMIN_ROLE to the deployer in ...
- 29186 - [SC - Insight] ValidationLogicvalidateBorrow - L-L Incorrect i...
- 29188 - [SC - Insight] StakingBonuscalculateBonus wrongly utilizes BPS
- 29190 - [SC - Insight] Permanent freezing of up to wei of yield each ...
- 29225 - [SC - Insight] EarlyZEROVesting is having a rounding issue and...
- 29244 - [SC - Insight] Using permit inside the function can lead to Do...
- 29249 - [SC - Insight] Using permit inside the function can lead to Do...
- 29262 - [SC - Insight] Some users can get more rewards than others whi...
- 29322 - [SC - Insight] Use safeTransfer instead of transfer
- 29328 - [SC - Insight] zkSync ACLManager EOA as EMERGENCY_ADMIN
- 29329 - [SC - Insight] Manta ACLManager EOA as EMERGENCY_ADMIN
- 29331 - [SC - Insight] Manta ACLManager EOA as RISK_ADMIN
- 29332 - [SC - Insight] Manta ReservesSetupHelper EOA as owner
- 29342 - [SC - Insight] Lack of chainID validation allows reuse of sign...
- 29344 - [SC - Insight] Price assets deposited manipulation
Smart Contract
- 28875 - [SC - Medium] Unauthorized minting of vested NFTs
- 28885 - [SC - Medium] Lack of check for Lockend in merge LockerToken ...
- 28892 - [SC - Medium] ZeroLockermerge can make a voting lock last lon...
- 28910 - [SC - High] Bool check wrong in registerGauge
- 28912 - [SC - Critical] Attackers can control the vote result and ampli...
- 28938 - [SC - Medium] Attacker can invalidate users supplyWithPermit ...
- 28943 - [SC - Medium] DoS when user want to supply repay asset using...
- 28955 - [SC - High] Malicious user can transfer all unclaimed rewar...
- 28970 - [SC - Medium] Attacker can grief a user by making his supplyW...
- 28987 - [SC - Medium] Manipulation of governance is possible by minti...
- 28988 - [SC - High] Mechanism for distributing extra reward tokens ...
- 28992 - [SC - High] Permanent freezing of additional reward tokens
- 29012 - [SC - High] Votes manipulation in PoolVoter
- 29019 - [SC - High] The ZeroLendToken contract in the Governance mo...
- 29026 - [SC - High] Hackers can steal the unclaimed yield to get th...
- 29031 - [SC - Critical] VestedZeroNFT tokens can be directly stolen thr...
- 29047 - [SC - Insight] Reward is lost when totalSupply
- 29052 - [SC - Medium] Pool funds could be locked due to Division by zero
- 29059 - [SC - Medium] Race condition in StakingBonus will result in s...
- 29062 - [SC - Critical] Attacker can steal locked balance of staked nft...
- 29068 - [SC - Medium] AaveOracle contract does not verify price stale...
- 29069 - [SC - Medium] Ability to deny users from repaying and supplyi...
- 29078 - [SC - High] Theft of unclaimed yield due to the wrong calcu...
- 29095 - [SC - High] The lockers supply can be arbitrarily inflated ...
- 29101 - [SC - High] Staking in BaseLocker is broken
- 29103 - [SC - Critical] Omnichain Stakers can permanently lose access t...
- 29120 - [SC - High] Bug in reward distribution logic leads to theft...
- 29121 - [SC - High] Any rewards sent to the PoolVoter will be undis...
- 29122 - [SC - High] All reward tokens can be stolen by an attacker ...
- 29123 - [SC - Medium] Griefing attack for VestedZeroNFT
- 29130 - [SC - Medium] Unlimited Minting of VestedZeroNFT
- 29135 - [SC - Critical] OmnichainStakingsolunstakeLP and OmnichainStaki...
- 29137 - [SC - High] ZeroLend token is not behaving properly while c...
- 29139 - [SC - Medium] Griefing attack to cause users to suffer penalt...
- 29145 - [SC - High] zeroLendToken is bricked to use for whitelisted...
- 29149 - [SC - Insight] DoS in Zero Registry configuration updation
- 29170 - [SC - Medium] DoS by front-runnable externall call
- 29175 - [SC - Insight] Granting DEFAULT_ADMIN_ROLE to the deployer in ...
- 29181 - [SC - High] Tautology in PoolVoterregisterGauge makes it im...
- 29186 - [SC - Insight] ValidationLogicvalidateBorrow - L-L Incorrect i...
- 29188 - [SC - Insight] StakingBonuscalculateBonus wrongly utilizes BPS
- 29189 - [SC - High] ZeroLendToken doesnt allow whitelisted users to...
- 29190 - [SC - Insight] Permanent freezing of up to wei of yield each ...
- 29198 - [SC - Medium] Griefing attack to cause the rewards of a user ...
- 29204 - [SC - Critical] Direct theft of Users VestedZeroNFT by using sp...
- 29211 - [SC - Critical] Voting manipulation cause by the possibility to...
- 29213 - [SC - High] The function always revert if _stakeNFT True d...
- 29225 - [SC - Insight] EarlyZEROVesting is having a rounding issue and...
- 29244 - [SC - Insight] Using permit inside the function can lead to Do...
- 29249 - [SC - Insight] Using permit inside the function can lead to Do...
- 29262 - [SC - Insight] Some users can get more rewards than others whi...
- 29267 - [SC - High] Wrong implementation causing some functions in ...
- 29270 - [SC - High] The main functionality of the contract EarlyZER...
- 29286 - [SC - Medium] MultiSigWalletremoveOwner - L The bug allows th...
- 29288 - [SC - Critical] all NFTs can be stolen by calling VestedZeroNFT...
- 29322 - [SC - Insight] Use safeTransfer instead of transfer
- 29328 - [SC - Insight] zkSync ACLManager EOA as EMERGENCY_ADMIN
- 29329 - [SC - Insight] Manta ACLManager EOA as EMERGENCY_ADMIN
- 29331 - [SC - Insight] Manta ACLManager EOA as RISK_ADMIN
- 29332 - [SC - Insight] Manta ReservesSetupHelper EOA as owner
- 29342 - [SC - Insight] Lack of chainID validation allows reuse of sign...
- 29344 - [SC - Insight] Price assets deposited manipulation