# Vechain | Stargate Hayabusa
## Reports by Severity
High
* \#60334 \[SC-High] Unstake permanently reverts when validator exits after delegator exit (double-decrease of effective stake)
* \#59316 \[SC-High] Off-by-One Unlocks Infinite VTHO Reward Drain from Ghost Stakes
* \#60311 \[SC-High] Double effective-stake decrement freezes unstake permanently after validator exit
* \#60081 \[SC-High] Exited delegator can continue to accrue and claim delegation rewards
* \#60298 \[SC-High] Duplicate effectiveStake decrement path bricks unstake/re-delegate
* \#60372 \[SC-High] Double-Decrement Bug — Effective Stake Underflow Permanently Locks Funds
* \#60373 \[SC-High] Incorrect effective stake decrement when validator exits causes permanent freezing of user stake
* \#59421 \[SC-High] Theft of Unclaimed Yield via Incorrect Period Range Calculation and Lack of Per-User Effective Stake Tracking
* \#60150 \[SC-High] Off-by-one in claim window lets exited delegations harvest post-exit rewards
* \#60151 \[SC-High] Double Reduction of Effective Stake can lead to Stuck Delegations.
* \#59443 \[SC-High] rithmetic Underflow in Effective Stake Accounting Causes Permanent Loss of Funds
* \#60533 \[SC-High] overlap which will lead to loss of fund
* \#60154 \[SC-High] Exited delegations can continue claiming VTHO rewards for future periods
* \#59723 \[SC-High] Double-decrease after exit + validator EXITED leads to underflow and permanent freeze
* \#59730 \[SC-High] Permanent DoS - Users Cannot Unstake After Double Exit Scenario
* \#59733 \[SC-High] Post-exit delegations can drain future rewards
* \#60592 \[SC-High] users are unable to unstake under certain conditions
* \#60069 \[SC-High] Incorrect claimable period calculation Leading to attacker keep claiming even after exiting the delegation.
* \#60049 \[SC-High] Double Effective Stake Decrement Locks Delegators : Unstake Reverts Due to Duplicate EffectiveStake Decrements in Exit Flow
* \#60426 \[SC-High] Rewards Accounting Off-By-One / Skipped/Double Period Exploit leads to "Direct loss of user funds" via incorrect reward distribution; "Theft of unclaimed yield", misallocation of VT...
* \#59752 \[SC-High] Off-by-one bug in \_claimableDelegationPeriods allows claiming yield for periods after exit
* \#59563 \[SC-High] Exited Delegators Can Claim Rewards Indefinitely After Exit
* \#60429 \[SC-High] Double-Decrease of Effective Stake Prevents Delegators from Unstaking
* \#60431 \[SC-High] Unauthorized VTHO reward claims after delegation exit
* \#59776 \[SC-High] Exited delegators can over‑claim VTHO rewards for post‑exit periods due to off‑by‑one error in \_claimableDelegationPeriods
* \#60557 \[SC-High] Double Decrement of Effective Stake in unstake() leads to DoS and Permanent Fund Lock
* \#59802 \[SC-High] Double subtraction of validator effective stake will permanently lock other delegators’ staked VET
* \#60019 \[SC-High] Off-by-one in Stargate.sol \_claimableDelegationPeriods lets exited NFTs siphon validator rewards, leading to protocol insolvency
* \#59919 \[SC-High] Loss of funds - Delegators can claim rewards for periods where they had no stake
* \#60173 \[SC-High] the Phantom Claimable Periods Can Permanently Lock The Staked VET for Ended Delegations
* \#59615 \[SC-High] Off-by-one error in period boundary check allows theft of unclaimed yield after delegation exit
* \#60506 \[SC-High] Double delegatorsEffectiveStake Decrease Permanently Prevents Single NFT from Unstaking
* \#59657 \[SC-High] Delegators Lose First Reward Period When Delegating to Pending Validators
* \#60470 \[SC-High] Double-Decrease of Validator Stake in Stargate.sol
* \#59358 \[SC-High] Off by One Error in Reward Claim Logic Allows Delegators to Steal VTHO for Periods After Delegation Ended
* \#59386 \[SC-High] Fund freeze from double stake subtraction (when validator exits)
* \#60575 \[SC-High] Double Subtraction of Delegator Effective Stake on Exit Can Freeze VET and Break Reward Distribution
* \#59756 \[SC-High] Exiting delegators' stakes can be bricked permanently by the validator signaling an exit after them in the same period
* \#59904 \[SC-High] It's possible to decrease twice delegator stake in certain conditions
* \#60027 \[SC-High] Stuck funds for the later delegators due to an edge case led to double decreasing effective stakes
* \#60004 \[SC-High] Double-Decrease Effective Stake Bug in \`unstake()\`
* \#60102 \[SC-High] Exited delegator could keep claiming rewards stealing them from active delegators which would then lead to freeze of funds
* \#59742 \[SC-High] User Funds get stucked in the contract when validators exits.
* \#60125 \[SC-High] Moving delegations from one validator to another validator will not be possible in exit case for validator 1
* \#59709 \[SC-High] Post-exit Rewards Overpayment (Theft of Unclaimed Yield) Due to Misclamped Claim Window in Stargate
* \#59361 \[SC-High] Off-by-one in \`\_claimableDelegationPeriods\` allows claimRewards() to pay for periods after delegation end — Over-claim / Theft of unclaimed yield
* \#59866 \[SC-High] The delegator's rewards in period 1 cannot be claimed
* \#60028 \[SC-High] A delegator who has requested an exit continues to accumulate rewards
* \#60586 \[SC-High] Incorrect Double Reduction of Effective Stake in Stargate.sol
* \#59665 \[SC-High] Delegators Can Claim Rewards Beyond Delegation End
* \#60169 \[SC-High] Exited Delegations Can Continue to Claim Rewards Due to Logic Fall-through in \`\_claimableDelegationPeriods\`
* \#59727 \[SC-High] Double-Decrease DoS on Exit → Permanent Unstake Revert
* \#59951 \[SC-High] In special cases \`delegatorsEffectiveStake\` may decrease twice and cause staked funds to become locked
* \#60310 \[SC-High] Incorrect Boundary Check in \`\_claimableDelegationPeriods\` Allows Claiming Rewards Beyond Delegation End Period
* \#60080 \[SC-High] Unstake Exit Requests Can Either Lock Funds or Silently Double-Deduct Effective Stake After Validator Exit
* \#59809 \[SC-High] User balances are permanently frozen in specific delegation scenarios
* \#60516 \[SC-High] Incorrect Boundary Check in \`\_claimableDelegationPeriods\` Allows Claiming Rewards Beyond Delegation End Period
* \#60192 \[SC-High] Users can claim delegation rewards after exit (endPeriod) has passed
* \#60553 \[SC-High] The delegator and the validator both exiting consecutively, could lead to underflow in the unstake() and delegate() and stuck staked VET.
* \#60265 \[SC-High] The Attacker can still claim rewards after Exiting From validator
* \#59850 \[SC-High] users funds stuck in the contract permanently
* \#60210 \[SC-High] During a validator EXIT, users will be unable to unstake due to underflow
* \#59564 \[SC-High] Double-calling \`\_updatePeriodEffectiveStake\` during the exit flow makes \`unstake\` revert, trapping staked VET.
* \#60534 \[SC-High] A delegator who signals exit and waits for the validator to finish its period can no longer withdraw in the \`unstake\` function causing permanent loss of funds
* \#60548 \[SC-High] An Exited delegator who has not \`unstaked\` or \`delegated to a validator\`, will be DOS'ed if a validator exits.
* \#60419 \[SC-High] Double Decrease of Effective Stake Leads to DoS and Permanent Loss of Funds
* \#60400 \[SC-High] Off-by-one in claimableDelegationPeriods lets claims beyond exit
* \#60282 \[SC-High] Last delegators for an exited validator may be DoSed from re-delegating or unstaking due to incorrect accounting of period effective stake
* \#59863 \[SC-High] Over-claim of delegation rewards after exit
Medium
* \#60241 \[SC-Medium] Permanent freezing of staked funds caused by accumulation with zero rewards
* \#59570 \[SC-Medium] Access Control Bypass in unstake() Leads to Permanent Freezing of Funds
* \#59997 \[SC-Medium] \`claimRewards\` Fails to Update State for Zero-Value Periods, Causing Permanent Fund Freeze in \`unstake\`
* \#60466 \[SC-Medium] MaxClaimablePeriodsExceeded Lock — Zero-Reward Backlog Permanently Locks NFTs
* \#60539 \[SC-Medium] Critical Withdraw DoS: Zero-Reward Validators Cause Permanent User Fund Lock via Broken Reward-Claim Logic
Low
* \#60318 \[SC-Low] Zero-Cost Boost Bypass for New Levels
* \#60079 \[SC-Low] Critical Historical State Corruption via Stale Checkpoints Leads to Permanent Loss of Future Yield
* \#60597 \[SC-Low] \`hasRequestedExit\` Returns True for not just Requested Exits but also Delegations That Are Already Exited
* \#59795 \[SC-Low] Free Boosts for Levels Added After V3
* \#60386 \[SC-Low] Missing setter for boostPricePerBlock after adding new NFT levels can allow users to bypass intended staking boost
* \#60289 \[SC-Low] Misconfigured Level With maturityBlocks = 0 Allows Skip of Maturity Requirements and Backrun Minting
* \#60578 \[SC-Low] Zero Boost Fee for Newly Added Levels Lets Users Skip Maturity for Free and Avoid Paying Intended VTHO Boost Cost
* \#59814 \[SC-Low] StargateNFT.sol::addLevel function not implement updateLevelBoostPricePerBlock
* \#59841 \[SC-Low] The newly added level cannot have its boost price set because the \`updateLevelBoostPricePerBlock\` function is not exposed
* \#60259 \[SC-Low] Malicious User can bypass maturity period for Newly added levels
* \#60171 \[SC-Low] Levels Added After Deployment Lack Boost Price Initialization, Resulting in Free Boosting
* \#60593 \[SC-Low] No Mechanism to Set \`boostPricePerBlock\` for Levels Added After Initialization
Insight
* \#59244 \[SC-Insight] Missing Event emission on critical state change
* \#60450 \[SC-Insight] Code optimizations and enhancemets for efficient gas usage in several functions
* \#60527 \[SC-Insight] DelegationExitRequested event emits inconsistent exit period values
* \#59844 \[SC-Insight] Incorrect and misleading events when adding levels in \`StargateNFT\`
* \#59411 \[SC-Insight] Inconsistency in \`migrateTokenManager\` in terms of the permitted caller
* \#60525 \[SC-Insight] LevelCirculatingSupplyUpdated not emitted during supply changes
* \#60335 \[SC-Insight] Missing or misleading code comments causes confusion and may lead to unnecessary code changes
* \#60149 \[SC-Insight] \[REVISED] Missing input validation in \`addLevels\` can break multiple staking tier invariant in \`StartgateNFT\`
* \#59993 \[SC-Insight] Unnecessary Call to Get Balance In \`MintingLogic::boostOnBehalfOf()\`
* \#60023 \[SC-Insight] Unchecked address(0) Validator in unstake()
## Reports by Type
Smart Contract
* \#60318 \[SC-Low] Zero-Cost Boost Bypass for New Levels
* \#60334 \[SC-High] Unstake permanently reverts when validator exits after delegator exit (double-decrease of effective stake)
* \#60241 \[SC-Medium] Permanent freezing of staked funds caused by accumulation with zero rewards
* \#59244 \[SC-Insight] Missing Event emission on critical state change
* \#59316 \[SC-High] Off-by-One Unlocks Infinite VTHO Reward Drain from Ghost Stakes
* \#60311 \[SC-High] Double effective-stake decrement freezes unstake permanently after validator exit
* \#60079 \[SC-Low] Critical Historical State Corruption via Stale Checkpoints Leads to Permanent Loss of Future Yield
* \#60081 \[SC-High] Exited delegator can continue to accrue and claim delegation rewards
* \#60298 \[SC-High] Duplicate effectiveStake decrement path bricks unstake/re-delegate
* \#60372 \[SC-High] Double-Decrement Bug — Effective Stake Underflow Permanently Locks Funds
* \#60373 \[SC-High] Incorrect effective stake decrement when validator exits causes permanent freezing of user stake
* \#59421 \[SC-High] Theft of Unclaimed Yield via Incorrect Period Range Calculation and Lack of Per-User Effective Stake Tracking
* \#60150 \[SC-High] Off-by-one in claim window lets exited delegations harvest post-exit rewards
* \#60151 \[SC-High] Double Reduction of Effective Stake can lead to Stuck Delegations.
* \#59443 \[SC-High] rithmetic Underflow in Effective Stake Accounting Causes Permanent Loss of Funds
* \#60533 \[SC-High] overlap which will lead to loss of fund
* \#60154 \[SC-High] Exited delegations can continue claiming VTHO rewards for future periods
* \#59570 \[SC-Medium] Access Control Bypass in unstake() Leads to Permanent Freezing of Funds
* \#59997 \[SC-Medium] \`claimRewards\` Fails to Update State for Zero-Value Periods, Causing Permanent Fund Freeze in \`unstake\`
* \#59723 \[SC-High] Double-decrease after exit + validator EXITED leads to underflow and permanent freeze
* \#59730 \[SC-High] Permanent DoS - Users Cannot Unstake After Double Exit Scenario
* \#59733 \[SC-High] Post-exit delegations can drain future rewards
* \#60592 \[SC-High] users are unable to unstake under certain conditions
* \#60450 \[SC-Insight] Code optimizations and enhancemets for efficient gas usage in several functions
* \#60069 \[SC-High] Incorrect claimable period calculation Leading to attacker keep claiming even after exiting the delegation.
* \#60049 \[SC-High] Double Effective Stake Decrement Locks Delegators : Unstake Reverts Due to Duplicate EffectiveStake Decrements in Exit Flow
* \#60426 \[SC-High] Rewards Accounting Off-By-One / Skipped/Double Period Exploit leads to "Direct loss of user funds" via incorrect reward distribution; "Theft of unclaimed yield", misallocation of VT...
* \#59752 \[SC-High] Off-by-one bug in \_claimableDelegationPeriods allows claiming yield for periods after exit
* \#59563 \[SC-High] Exited Delegators Can Claim Rewards Indefinitely After Exit
* \#60429 \[SC-High] Double-Decrease of Effective Stake Prevents Delegators from Unstaking
* \#60431 \[SC-High] Unauthorized VTHO reward claims after delegation exit
* \#60597 \[SC-Low] \`hasRequestedExit\` Returns True for not just Requested Exits but also Delegations That Are Already Exited
* \#59776 \[SC-High] Exited delegators can over‑claim VTHO rewards for post‑exit periods due to off‑by‑one error in \_claimableDelegationPeriods
* \#60557 \[SC-High] Double Decrement of Effective Stake in unstake() leads to DoS and Permanent Fund Lock
* \#59795 \[SC-Low] Free Boosts for Levels Added After V3
* \#59802 \[SC-High] Double subtraction of validator effective stake will permanently lock other delegators’ staked VET
* \#60019 \[SC-High] Off-by-one in Stargate.sol \_claimableDelegationPeriods lets exited NFTs siphon validator rewards, leading to protocol insolvency
* \#59919 \[SC-High] Loss of funds - Delegators can claim rewards for periods where they had no stake
* \#60173 \[SC-High] the Phantom Claimable Periods Can Permanently Lock The Staked VET for Ended Delegations
* \#60466 \[SC-Medium] MaxClaimablePeriodsExceeded Lock — Zero-Reward Backlog Permanently Locks NFTs
* \#60386 \[SC-Low] Missing setter for boostPricePerBlock after adding new NFT levels can allow users to bypass intended staking boost
* \#59615 \[SC-High] Off-by-one error in period boundary check allows theft of unclaimed yield after delegation exit
* \#60289 \[SC-Low] Misconfigured Level With maturityBlocks = 0 Allows Skip of Maturity Requirements and Backrun Minting
* \#60506 \[SC-High] Double delegatorsEffectiveStake Decrease Permanently Prevents Single NFT from Unstaking
* \#60527 \[SC-Insight] DelegationExitRequested event emits inconsistent exit period values
* \#59657 \[SC-High] Delegators Lose First Reward Period When Delegating to Pending Validators
* \#60470 \[SC-High] Double-Decrease of Validator Stake in Stargate.sol
* \#59358 \[SC-High] Off by One Error in Reward Claim Logic Allows Delegators to Steal VTHO for Periods After Delegation Ended
* \#59386 \[SC-High] Fund freeze from double stake subtraction (when validator exits)
* \#60575 \[SC-High] Double Subtraction of Delegator Effective Stake on Exit Can Freeze VET and Break Reward Distribution
* \#60578 \[SC-Low] Zero Boost Fee for Newly Added Levels Lets Users Skip Maturity for Free and Avoid Paying Intended VTHO Boost Cost
* \#59756 \[SC-High] Exiting delegators' stakes can be bricked permanently by the validator signaling an exit after them in the same period
* \#59844 \[SC-Insight] Incorrect and misleading events when adding levels in \`StargateNFT\`
* \#59904 \[SC-High] It's possible to decrease twice delegator stake in certain conditions
* \#60027 \[SC-High] Stuck funds for the later delegators due to an edge case led to double decreasing effective stakes
* \#60004 \[SC-High] Double-Decrease Effective Stake Bug in \`unstake()\`
* \#60102 \[SC-High] Exited delegator could keep claiming rewards stealing them from active delegators which would then lead to freeze of funds
* \#59742 \[SC-High] User Funds get stucked in the contract when validators exits.
* \#60125 \[SC-High] Moving delegations from one validator to another validator will not be possible in exit case for validator 1
* \#59709 \[SC-High] Post-exit Rewards Overpayment (Theft of Unclaimed Yield) Due to Misclamped Claim Window in Stargate
* \#59361 \[SC-High] Off-by-one in \`\_claimableDelegationPeriods\` allows claimRewards() to pay for periods after delegation end — Over-claim / Theft of unclaimed yield
* \#59866 \[SC-High] The delegator's rewards in period 1 cannot be claimed
* \#60028 \[SC-High] A delegator who has requested an exit continues to accumulate rewards
* \#60586 \[SC-High] Incorrect Double Reduction of Effective Stake in Stargate.sol
* \#59665 \[SC-High] Delegators Can Claim Rewards Beyond Delegation End
* \#60169 \[SC-High] Exited Delegations Can Continue to Claim Rewards Due to Logic Fall-through in \`\_claimableDelegationPeriods\`
* \#59814 \[SC-Low] StargateNFT.sol::addLevel function not implement updateLevelBoostPricePerBlock
* \#59727 \[SC-High] Double-Decrease DoS on Exit → Permanent Unstake Revert
* \#59951 \[SC-High] In special cases \`delegatorsEffectiveStake\` may decrease twice and cause staked funds to become locked
* \#59841 \[SC-Low] The newly added level cannot have its boost price set because the \`updateLevelBoostPricePerBlock\` function is not exposed
* \#60310 \[SC-High] Incorrect Boundary Check in \`\_claimableDelegationPeriods\` Allows Claiming Rewards Beyond Delegation End Period
* \#60259 \[SC-Low] Malicious User can bypass maturity period for Newly added levels
* \#60080 \[SC-High] Unstake Exit Requests Can Either Lock Funds or Silently Double-Deduct Effective Stake After Validator Exit
* \#59411 \[SC-Insight] Inconsistency in \`migrateTokenManager\` in terms of the permitted caller
* \#60171 \[SC-Low] Levels Added After Deployment Lack Boost Price Initialization, Resulting in Free Boosting
* \#59809 \[SC-High] User balances are permanently frozen in specific delegation scenarios
* \#60525 \[SC-Insight] LevelCirculatingSupplyUpdated not emitted during supply changes
* \#60516 \[SC-High] Incorrect Boundary Check in \`\_claimableDelegationPeriods\` Allows Claiming Rewards Beyond Delegation End Period
* \#60335 \[SC-Insight] Missing or misleading code comments causes confusion and may lead to unnecessary code changes
* \#60149 \[SC-Insight] \[REVISED] Missing input validation in \`addLevels\` can break multiple staking tier invariant in \`StartgateNFT\`
* \#60192 \[SC-High] Users can claim delegation rewards after exit (endPeriod) has passed
* \#60593 \[SC-Low] No Mechanism to Set \`boostPricePerBlock\` for Levels Added After Initialization
* \#60553 \[SC-High] The delegator and the validator both exiting consecutively, could lead to underflow in the unstake() and delegate() and stuck staked VET.
* \#60265 \[SC-High] The Attacker can still claim rewards after Exiting From validator
* \#59850 \[SC-High] users funds stuck in the contract permanently
* \#59993 \[SC-Insight] Unnecessary Call to Get Balance In \`MintingLogic::boostOnBehalfOf()\`
* \#60210 \[SC-High] During a validator EXIT, users will be unable to unstake due to underflow
* \#59564 \[SC-High] Double-calling \`\_updatePeriodEffectiveStake\` during the exit flow makes \`unstake\` revert, trapping staked VET.
* \#60534 \[SC-High] A delegator who signals exit and waits for the validator to finish its period can no longer withdraw in the \`unstake\` function causing permanent loss of funds
* \#60539 \[SC-Medium] Critical Withdraw DoS: Zero-Reward Validators Cause Permanent User Fund Lock via Broken Reward-Claim Logic
* \#60548 \[SC-High] An Exited delegator who has not \`unstaked\` or \`delegated to a validator\`, will be DOS'ed if a validator exits.
* \#60419 \[SC-High] Double Decrease of Effective Stake Leads to DoS and Permanent Loss of Funds
* \#60400 \[SC-High] Off-by-one in claimableDelegationPeriods lets claims beyond exit
* \#60282 \[SC-High] Last delegators for an exited validator may be DoSed from re-delegating or unstaking due to incorrect accounting of period effective stake
* \#60023 \[SC-Insight] Unchecked address(0) Validator in unstake()
* \#59863 \[SC-High] Over-claim of delegation rewards after exit
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://reports.immunefi.com/vechain-or-stargate-hayabusa.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.