High
Total
Medium
Solo
Total
Total Earnings
#222 All Time
Payouts
2nd Places
Top 10
Top 25
All
Sherlock
Code4rena
Cantina
CodeHawks
Jan '25
Aug '24
Jul '24
high
The maximum number of generations is infinite
high
Number of entities in generation can surpass the 10k number
high
Wrong minting logic based on total token count across generations
medium
There is no slippage check in the `nuke()` function.
medium
Forger Entities can forge more times than intended
medium
`Golden God` Tokens can be minted twice per generation
May '24
Mar '24
medium
Repayments and liquidations can be forced to revert by an attacker that repays miniscule amount of shares
medium
V3Vault is not ERC-4626 compliant
medium
Lack of safety buffer in `_checkLoanIsHealthy` could subject users who take out the max loan into a forced liquidation
medium
Users can lend and borrow above allowed limitations
Feb '24
medium
high
Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win
high
A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters
high
Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType
high
Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes
high
Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping
high
Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`
medium
NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)
medium
Can mint NFT with the desired attributes by reverting transaction
Jan '24
high
high
high
Dec '23
high
Incorrect amounts of ETH are transferred to the DAO treasury in `ERC20TokenEmitter::buyToken()`, causing a value leak in every transaction
medium
Violation of ERC-721 Standard in VerbsToken:tokenURI Implementation
medium
`encodedData` argument of `hashStruct` is not calculated perfectly for EIP712 singed messages in `CultureIndex.sol`
medium
It may be possible to DoS AuctionHouse by specifying malicious creators
Oct '23
7,146.08 USDC • 1 total finding • Code4rena • shaka
#4
Sep '23
high
Users Lose Funds and Market Functionality Breaks When Market Reachs 65k Id
high
New orders can overwrite active orders when order id reaches 65000
high
Flag can be overriden by another user
medium
Primary short liquidation can not be completed in the last hour of the liquidation timeline
medium
Lack of essential stale check in oracleCircuitBreaker()
low
Changes in `dittoShorterRate` affect retroactively to accrued Ditto yield shares
low
The protocol allows less flags to be generated than possible which could lead to a DoS of the primary liquidation process
Jul '23
high
`Vault.mintYieldFee` FUNCTION CAN BE CALLED BY ANYONE TO MINT `Vault Shares` TO ANY RECIPIENT ADDRESS
medium
deposit function does not check for the `maxMint` amount.
medium
Unintended or Malicious Use of Prize Winners' Hooks
medium
Transfer of Vault tokens can cause accounting errors in other contracts
Jun '23
high
No check for expired `priceSig` in `setSymbolsPrice`
high
`LibMuon` verifications hash collisions
high
`depositAndAllocateForPartyB` allocates the wrong amount
high
Users can DOS liquidation process by increasing their nonce
high
Party A can be liquidated with outdated price data
medium
`partyA` can inflate the uPnL with no cost
medium
The liquidation process can get stuck if the liquidators do not submit the symbol prices in the given time
medium
Wrong calculation of solvency after request to close and after close position
medium
Position can fall below minimum acceptable quote value after partial closing
May '23
high
Spot price of USSD/DAI pool can be manipulated
high
Wrong address for `BTC/USD` Chainlink aggregator contract
high
The calculations of DAI price in `StableOracleDAI.sol:getPriceUSD()` are incorrect
high
Anyone can mint and burn tokens for/from the USSD contract
high
No slippage protection for swaps
medium
Chainlink price feed data could be stale
medium
Removing collateral token changes order in array
Apr '23
Mar '23
high
A temporary issue shows in the staking functionality which leads to the users receiving less minted tokens.
high
An attacker can manipulate the preDepositvePrice to steal from other users.
high
`WstEth` derivative assumes a ~1=1 peg of stETH to ETH
medium
Possible DoS on `unstake()`
medium
Missing derivative limit and deposit availability checks will revert the whole `stake()` function
Feb '23