7x
Payouts
1x
1st Places
5x
Top 10
6x
Top 25
All
Sherlock
Code4rena
Feb '24
high
Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win
high
A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters
high
Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType
high
Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes
high
Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping
high
Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`
high
FighterFarm:: reroll won't work for nft id greator than 255 due to input limited to uint8
medium
Erroneous probability calculation in physical attributes can lead to significant issues
medium
Almost all rarity rank combinations cannot be, and are not uniformly, generated
medium
Can mint NFT with the desired attributes by reverting transaction
medium
DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.
medium
Fighter created by mintFromMergingPool can have arbitrary weight and element
Jan '24
Dec '23
medium
Once EntropyRateBps is set too high, can lead to denial-of-service (DoS) due to an invalid ETH amount
medium
CultureIndex.sol#dropTopVotedPiece() - Malicious user can manipulate topVotedPiece to DoS the whole CultureIndex and AuctionHouse
medium
It may be possible to DoS AuctionHouse by specifying malicious creators
Nov '23
