5x
Payouts
2x
Top 10
2x
Top 25
4x
Top 50
All
Sherlock
Code4rena
Jan '25
Aug '24
high
Players Claiming Refunds in Canceled Raffles Will Cause ETH to Be Stuck in the `WinnablesTicketManager` Contract
high
Malicious user can block prize distribution and raffle cancellation in `WinnablesTicketManager`
high
Malicious User Can Brick Protocol and Drain Funds by Repeatedly Canceling Raffles in `WinnablesTicketManger`
medium
Admin Can Manipulate Raffle Outcomes by Minting Unlimited Tickets
medium
Admin Can Exploit Raffle System to Steal Funds and Block Prize Claims
Jul '24
high
`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`
high
The maximum number of generations is infinite
high
Number of entities in generation can surpass the 10k number
high
Griefing attack on seller's airdrop benefits
high
Wrong minting logic based on total token count across generations
medium
Pause and unpause functions are inaccessible
medium
NFTs mature too slowly under default settings.
medium
Discrepancy between nfts minted, price of nft when a generation changes & position of `_incrementGeneration()` inside `_mintInternal()` & `_mintNewEntity()`
Feb '24
Jan '24
high
Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`
medium
Protocol and referral fee would be permanently stuck in the Curves contract when selling a token
medium
onBalanceChange causes previously unclaimed rewards to be cleared
medium
Withdrawing with amount = 0 will forcefully set name and symbol to default and disable some functions for token subject
medium
If a user sets their curve token symbol as the default one plus the next token counter instance it will render the whole default naming functionality obsolete