Payouts
3rd Places
Top 10
Top 25
All
Sherlock
Code4rena
Jul '24
high
User can vote twice once the lock duration elapses
high
Any unclaimed and undistributed bribe rewards are locked in the BribeRewarder contract
high
The `vote` function does not work in case there is `BribeRewarder` assigned to the pool
medium
`addToPosition` access control can be bypassed
medium
The `fundAndBribe` of `BribeRewarder` is not compatible with fee on transfer tokens
medium
Denial of Service attack for bribe mechanism
Feb '24
high
A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters
high
Player can mint more fighter NFTs during claim of rewards by leveraging reentrancy on the `claimRewards() function `
high
Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`
medium
Can mint NFT with the desired attributes by reverting transaction