Immunefi Audit Competitions

Ctrlk

Powered by GitBook

On this page

ZeroLend

Reports by Severity

Critical | High | Medium | Insight

Critical

28912 - [SC - Critical] Attackers can control the vote result and ampli...
29031 - [SC - Critical] VestedZeroNFT tokens can be directly stolen thr...
29062 - [SC - Critical] Attacker can steal locked balance of staked nft...
29103 - [SC - Critical] Omnichain Stakers can permanently lose access t...
29135 - [SC - Critical] OmnichainStakingsolunstakeLP and OmnichainStaki...
29204 - [SC - Critical] Direct theft of Users VestedZeroNFT by using sp...
29211 - [SC - Critical] Voting manipulation cause by the possibility to...
29288 - [SC - Critical] all NFTs can be stolen by calling VestedZeroNFT...

High

28910 - [SC - High] Bool check wrong in registerGauge
28955 - [SC - High] Malicious user can transfer all unclaimed rewar...
28988 - [SC - High] Mechanism for distributing extra reward tokens ...
28992 - [SC - High] Permanent freezing of additional reward tokens
29012 - [SC - High] Votes manipulation in PoolVoter
29019 - [SC - High] The ZeroLendToken contract in the Governance mo...
29026 - [SC - High] Hackers can steal the unclaimed yield to get th...
29078 - [SC - High] Theft of unclaimed yield due to the wrong calcu...
29095 - [SC - High] The lockers supply can be arbitrarily inflated ...
29101 - [SC - High] Staking in BaseLocker is broken
29120 - [SC - High] Bug in reward distribution logic leads to theft...
29121 - [SC - High] Any rewards sent to the PoolVoter will be undis...
29122 - [SC - High] All reward tokens can be stolen by an attacker ...
29137 - [SC - High] ZeroLend token is not behaving properly while c...
29145 - [SC - High] zeroLendToken is bricked to use for whitelisted...
29181 - [SC - High] Tautology in PoolVoterregisterGauge makes it im...
29189 - [SC - High] ZeroLendToken doesnt allow whitelisted users to...
29213 - [SC - High] The function always revert if _stakeNFT True d...
29267 - [SC - High] Wrong implementation causing some functions in ...
29270 - [SC - High] The main functionality of the contract EarlyZER...

Medium

28875 - [SC - Medium] Unauthorized minting of vested NFTs
28885 - [SC - Medium] Lack of check for Lockend in merge LockerToken ...
28892 - [SC - Medium] ZeroLockermerge can make a voting lock last lon...
28938 - [SC - Medium] Attacker can invalidate users supplyWithPermit ...
28943 - [SC - Medium] DoS when user want to supply repay asset using...
28970 - [SC - Medium] Attacker can grief a user by making his supplyW...
28987 - [SC - Medium] Manipulation of governance is possible by minti...
29052 - [SC - Medium] Pool funds could be locked due to Division by zero
29059 - [SC - Medium] Race condition in StakingBonus will result in s...
29068 - [SC - Medium] AaveOracle contract does not verify price stale...
29069 - [SC - Medium] Ability to deny users from repaying and supplyi...
29123 - [SC - Medium] Griefing attack for VestedZeroNFT
29130 - [SC - Medium] Unlimited Minting of VestedZeroNFT
29139 - [SC - Medium] Griefing attack to cause users to suffer penalt...
29170 - [SC - Medium] DoS by front-runnable externall call
29198 - [SC - Medium] Griefing attack to cause the rewards of a user ...
29286 - [SC - Medium] MultiSigWalletremoveOwner - L The bug allows th...

Insight

29047 - [SC - Insight] Reward is lost when totalSupply
29149 - [SC - Insight] DoS in Zero Registry configuration updation
29175 - [SC - Insight] Granting DEFAULT_ADMIN_ROLE to the deployer in ...
29186 - [SC - Insight] ValidationLogicvalidateBorrow - L-L Incorrect i...
29188 - [SC - Insight] StakingBonuscalculateBonus wrongly utilizes BPS
29190 - [SC - Insight] Permanent freezing of up to wei of yield each ...
29225 - [SC - Insight] EarlyZEROVesting is having a rounding issue and...
29244 - [SC - Insight] Using permit inside the function can lead to Do...
29249 - [SC - Insight] Using permit inside the function can lead to Do...
29262 - [SC - Insight] Some users can get more rewards than others whi...
29322 - [SC - Insight] Use safeTransfer instead of transfer
29328 - [SC - Insight] zkSync ACLManager EOA as EMERGENCY_ADMIN
29329 - [SC - Insight] Manta ACLManager EOA as EMERGENCY_ADMIN
29331 - [SC - Insight] Manta ACLManager EOA as RISK_ADMIN
29332 - [SC - Insight] Manta ReservesSetupHelper EOA as owner
29342 - [SC - Insight] Lack of chainID validation allows reuse of sign...
29344 - [SC - Insight] Price assets deposited manipulation

Reports by Type

Smart Contract

28875 - [SC - Medium] Unauthorized minting of vested NFTs
28885 - [SC - Medium] Lack of check for Lockend in merge LockerToken ...
28892 - [SC - Medium] ZeroLockermerge can make a voting lock last lon...
28910 - [SC - High] Bool check wrong in registerGauge
28912 - [SC - Critical] Attackers can control the vote result and ampli...
28938 - [SC - Medium] Attacker can invalidate users supplyWithPermit ...
28943 - [SC - Medium] DoS when user want to supply repay asset using...
28955 - [SC - High] Malicious user can transfer all unclaimed rewar...
28970 - [SC - Medium] Attacker can grief a user by making his supplyW...
28987 - [SC - Medium] Manipulation of governance is possible by minti...
28988 - [SC - High] Mechanism for distributing extra reward tokens ...
28992 - [SC - High] Permanent freezing of additional reward tokens
29012 - [SC - High] Votes manipulation in PoolVoter
29019 - [SC - High] The ZeroLendToken contract in the Governance mo...
29026 - [SC - High] Hackers can steal the unclaimed yield to get th...
29031 - [SC - Critical] VestedZeroNFT tokens can be directly stolen thr...
29047 - [SC - Insight] Reward is lost when totalSupply
29052 - [SC - Medium] Pool funds could be locked due to Division by zero
29059 - [SC - Medium] Race condition in StakingBonus will result in s...
29062 - [SC - Critical] Attacker can steal locked balance of staked nft...
29068 - [SC - Medium] AaveOracle contract does not verify price stale...
29069 - [SC - Medium] Ability to deny users from repaying and supplyi...
29078 - [SC - High] Theft of unclaimed yield due to the wrong calcu...
29095 - [SC - High] The lockers supply can be arbitrarily inflated ...
29101 - [SC - High] Staking in BaseLocker is broken
29103 - [SC - Critical] Omnichain Stakers can permanently lose access t...
29120 - [SC - High] Bug in reward distribution logic leads to theft...
29121 - [SC - High] Any rewards sent to the PoolVoter will be undis...
29122 - [SC - High] All reward tokens can be stolen by an attacker ...
29123 - [SC - Medium] Griefing attack for VestedZeroNFT
29130 - [SC - Medium] Unlimited Minting of VestedZeroNFT
29135 - [SC - Critical] OmnichainStakingsolunstakeLP and OmnichainStaki...
29137 - [SC - High] ZeroLend token is not behaving properly while c...
29139 - [SC - Medium] Griefing attack to cause users to suffer penalt...
29145 - [SC - High] zeroLendToken is bricked to use for whitelisted...
29149 - [SC - Insight] DoS in Zero Registry configuration updation
29170 - [SC - Medium] DoS by front-runnable externall call
29175 - [SC - Insight] Granting DEFAULT_ADMIN_ROLE to the deployer in ...
29181 - [SC - High] Tautology in PoolVoterregisterGauge makes it im...
29186 - [SC - Insight] ValidationLogicvalidateBorrow - L-L Incorrect i...
29188 - [SC - Insight] StakingBonuscalculateBonus wrongly utilizes BPS
29189 - [SC - High] ZeroLendToken doesnt allow whitelisted users to...
29190 - [SC - Insight] Permanent freezing of up to wei of yield each ...
29198 - [SC - Medium] Griefing attack to cause the rewards of a user ...
29204 - [SC - Critical] Direct theft of Users VestedZeroNFT by using sp...
29211 - [SC - Critical] Voting manipulation cause by the possibility to...
29213 - [SC - High] The function always revert if _stakeNFT True d...
29225 - [SC - Insight] EarlyZEROVesting is having a rounding issue and...
29244 - [SC - Insight] Using permit inside the function can lead to Do...
29249 - [SC - Insight] Using permit inside the function can lead to Do...
29262 - [SC - Insight] Some users can get more rewards than others whi...
29267 - [SC - High] Wrong implementation causing some functions in ...
29270 - [SC - High] The main functionality of the contract EarlyZER...
29286 - [SC - Medium] MultiSigWalletremoveOwner - L The bug allows th...
29288 - [SC - Critical] all NFTs can be stolen by calling VestedZeroNFT...
29322 - [SC - Insight] Use safeTransfer instead of transfer
29328 - [SC - Insight] zkSync ACLManager EOA as EMERGENCY_ADMIN
29329 - [SC - Insight] Manta ACLManager EOA as EMERGENCY_ADMIN
29331 - [SC - Insight] Manta ACLManager EOA as RISK_ADMIN
29332 - [SC - Insight] Manta ReservesSetupHelper EOA as owner
29342 - [SC - Insight] Lack of chainID validation allows reuse of sign...
29344 - [SC - Insight] Price assets deposited manipulation

PreviousIOP _ ThunderNFT 34980 - [Smart Contract - Critical] Order side manipulation can lead to theft of NF Next28875 - [SC - Medium] Unauthorized minting of vested NFTs

Last updated 1 year ago

Was this helpful?

Reports by Severity
Reports by Type

Was this helpful?