8x
Payouts
2x
1st Places
1x
2nd Places
7x
Top 10
All
Code4rena
Jun '22
high
Overpayment of native ETH is not refunded to buyer
high
Accumulated ETH fees of InfinityExchange cannot be retrieved
high
Calling `unstake()` can cause locked funds
medium
fund lose or griefing in all order matching functions [matchOneToOneOrders(), matchOneToManyOrders(), matchOrders(), takeMultipleOneOrders(), takeOrders()] because condition (seller != buyer ) is not checked in any of them
medium
Protocol fee rate can be arbitrarily modified by the owner and the new rate will apply to all existing orders
Mar '22
Feb '22
medium
FeeSplitter: No sanity check to prevent shareholder from being added twice.
medium
NestedFactory: Ensure zero msg.value if transferring from user and inputToken is not ETH
medium
FeeSplitter: Unbounded number of shareholders can cause DOS
medium
isResolverCached() will always return false after removing operator
medium
Ensure on-chain that cache is synced
medium
NestedFactory: User can utilise accidentally sent ETH funds via processOutputOrders() / processInputAndOutputOrders()
Jan '22
medium
tokenBalanceOfAddress of nftOwner becomes permanently incorrect after arbRestake
medium
SherlockClaimManager: Incorrect amounts needed and paid for escalated claims
medium
updateYieldStrategy will freeze some funds with the old Strategy if yieldStrategy fails to withdraw all the funds because of liquidity issues
Dec '21
Nov '21
medium
FeeSplitter: No sanity check to prevent shareholder from being added twice.
medium
NestedFactory: Ensure zero msg.value if transferring from user and inputToken is not ETH
medium
FeeSplitter: Unbounded number of shareholders can cause DOS
medium
isResolverCached() will always return false after removing operator
medium
Ensure on-chain that cache is synced
medium
NestedFactory: User can utilise accidentally sent ETH funds via processOutputOrders() / processInputAndOutputOrders()
Sep '21
