# ZeroLend

## Reports by Severity

[Critical](#critical) | [High](#high) | [Medium](#medium) | [Insight](#insight)

<details>

<summary>Critical</summary>

* [28912 - \[SC - Critical\] Attackers can control the vote result and ampli...](/zerolend/28912-sc-critical-attackers-can-control-the-vote-result-and-ampli....md)
* [29031 - \[SC - Critical\] VestedZeroNFT tokens can be directly stolen thr...](/zerolend/29031-sc-critical-vestedzeronft-tokens-can-be-directly-stolen-thr....md)
* [29062 - \[SC - Critical\] Attacker can steal locked balance of staked nft...](/zerolend/29062-sc-critical-attacker-can-steal-locked-balance-of-staked-nft....md)
* [29103 - \[SC - Critical\] Omnichain Stakers can permanently lose access t...](/zerolend/29103-sc-critical-omnichain-stakers-can-permanently-lose-access-t....md)
* [29135 - \[SC - Critical\] OmnichainStakingsolunstakeLP and OmnichainStaki...](/zerolend/29135-sc-critical-omnichainstakingsolunstakelp-and-omnichainstaki....md)
* [29204 - \[SC - Critical\] Direct theft of Users VestedZeroNFT by using sp...](/zerolend/29204-sc-critical-direct-theft-of-users-vestedzeronft-by-using-sp....md)
* [29211 - \[SC - Critical\] Voting manipulation cause by the possibility to...](/zerolend/29211-sc-critical-voting-manipulation-cause-by-the-possibility-to....md)
* [29288 - \[SC - Critical\] all NFTs can be stolen by calling VestedZeroNFT...](/zerolend/29288-sc-critical-all-nfts-can-be-stolen-by-calling-vestedzeronft....md)

</details>

<details>

<summary>High</summary>

* [28910 - \[SC - High\] Bool check wrong in registerGauge](/zerolend/28910-sc-high-bool-check-wrong-in-registergauge.md)
* [28955 - \[SC - High\] Malicious user can transfer all unclaimed rewar...](/zerolend/28955-sc-high-malicious-user-can-transfer-all-unclaimed-rewar....md)
* [28988 - \[SC - High\] Mechanism for distributing extra reward tokens ...](/zerolend/28988-sc-high-mechanism-for-distributing-extra-reward-tokens-....md)
* [28992 - \[SC - High\] Permanent freezing of additional reward tokens](/zerolend/28992-sc-high-permanent-freezing-of-additional-reward-tokens.md)
* [29012 - \[SC - High\] Votes manipulation in PoolVoter](/zerolend/29012-sc-high-votes-manipulation-in-poolvoter.md)
* [29019 - \[SC - High\] The ZeroLendToken contract in the Governance mo...](/zerolend/29019-sc-high-the-zerolendtoken-contract-in-the-governance-mo....md)
* [29026 - \[SC - High\] Hackers can steal the unclaimed yield to get th...](/zerolend/29026-sc-high-hackers-can-steal-the-unclaimed-yield-to-get-th....md)
* [29078 - \[SC - High\] Theft of unclaimed yield due to the wrong calcu...](/zerolend/29078-sc-high-theft-of-unclaimed-yield-due-to-the-wrong-calcu....md)
* [29095 - \[SC - High\] The lockers supply can be arbitrarily inflated ...](/zerolend/29095-sc-high-the-lockers-supply-can-be-arbitrarily-inflated-....md)
* [29101 - \[SC - High\] Staking in BaseLocker is broken](/zerolend/29101-sc-high-staking-in-baselocker-is-broken.md)
* [29120 - \[SC - High\] Bug in reward distribution logic leads to theft...](/zerolend/29120-sc-high-bug-in-reward-distribution-logic-leads-to-theft....md)
* [29121 - \[SC - High\] Any rewards sent to the PoolVoter will be undis...](/zerolend/29121-sc-high-any-rewards-sent-to-the-poolvoter-will-be-undis....md)
* [29122 - \[SC - High\] All reward tokens can be stolen by an attacker ...](/zerolend/29122-sc-high-all-reward-tokens-can-be-stolen-by-an-attacker-....md)
* [29137 - \[SC - High\] ZeroLend token is not behaving properly while c...](/zerolend/29137-sc-high-zerolend-token-is-not-behaving-properly-while-c....md)
* [29145 - \[SC - High\] zeroLendToken is bricked to use for whitelisted...](/zerolend/29145-sc-high-zerolendtoken-is-bricked-to-use-for-whitelisted....md)
* [29181 - \[SC - High\] Tautology in PoolVoterregisterGauge makes it im...](/zerolend/29181-sc-high-tautology-in-poolvoterregistergauge-makes-it-im....md)
* [29189 - \[SC - High\] ZeroLendToken doesnt allow whitelisted users to...](/zerolend/29189-sc-high-zerolendtoken-doesnt-allow-whitelisted-users-to....md)
* [29213 - \[SC - High\] The function always revert if \_stakeNFT True d...](/zerolend/29213-sc-high-the-function-always-revert-if-_stakenft-true-d....md)
* [29267 - \[SC - High\] Wrong implementation causing some functions in ...](/zerolend/29267-sc-high-wrong-implementation-causing-some-functions-in-....md)
* [29270 - \[SC - High\] The main functionality of the contract EarlyZER...](/zerolend/29270-sc-high-the-main-functionality-of-the-contract-earlyzer....md)

</details>

<details>

<summary>Medium</summary>

* [28875 - \[SC - Medium\] Unauthorized minting of vested NFTs](/zerolend/28875-sc-medium-unauthorized-minting-of-vested-nfts.md)
* [28885 - \[SC - Medium\] Lack of check for Lockend in merge LockerToken ...](/zerolend/28885-sc-medium-lack-of-check-for-lockend-in-merge-lockertoken-....md)
* [28892 - \[SC - Medium\] ZeroLockermerge can make a voting lock last lon...](/zerolend/28892-sc-medium-zerolockermerge-can-make-a-voting-lock-last-lon....md)
* [28938 - \[SC - Medium\] Attacker can invalidate users supplyWithPermit ...](/zerolend/28938-sc-medium-attacker-can-invalidate-users-supplywithpermit-....md)
* [28943 - \[SC - Medium\] DoS when user want to supply repay asset using...](/zerolend/28943-sc-medium-dos-when-user-want-to-supply-repay-asset-using....md)
* [28970 - \[SC - Medium\] Attacker can grief a user by making his supplyW...](/zerolend/28970-sc-medium-attacker-can-grief-a-user-by-making-his-supplyw....md)
* [28987 - \[SC - Medium\] Manipulation of governance is possible by minti...](/zerolend/28987-sc-medium-manipulation-of-governance-is-possible-by-minti....md)
* [29052 - \[SC - Medium\] Pool funds could be locked due to Division by zero](/zerolend/29052-sc-medium-pool-funds-could-be-locked-due-to-division-by-zero.md)
* [29059 - \[SC - Medium\] Race condition in StakingBonus will result in s...](/zerolend/29059-sc-medium-race-condition-in-stakingbonus-will-result-in-s....md)
* [29068 - \[SC - Medium\] AaveOracle contract does not verify price stale...](/zerolend/29068-sc-medium-aaveoracle-contract-does-not-verify-price-stale....md)
* [29069 - \[SC - Medium\] Ability to deny users from repaying and supplyi...](/zerolend/29069-sc-medium-ability-to-deny-users-from-repaying-and-supplyi....md)
* [29123 - \[SC - Medium\] Griefing attack for VestedZeroNFT](/zerolend/29123-sc-medium-griefing-attack-for-vestedzeronft.md)
* [29130 - \[SC - Medium\] Unlimited Minting of VestedZeroNFT](/zerolend/29130-sc-medium-unlimited-minting-of-vestedzeronft.md)
* [29139 - \[SC - Medium\] Griefing attack to cause users to suffer penalt...](/zerolend/29139-sc-medium-griefing-attack-to-cause-users-to-suffer-penalt....md)
* [29170 - \[SC - Medium\] DoS by front-runnable externall call](/zerolend/29170-sc-medium-dos-by-front-runnable-externall-call.md)
* [29198 - \[SC - Medium\] Griefing attack to cause the rewards of a user ...](/zerolend/29198-sc-medium-griefing-attack-to-cause-the-rewards-of-a-user-....md)
* [29286 - \[SC - Medium\] MultiSigWalletremoveOwner - L The bug allows th...](/zerolend/29286-sc-medium-multisigwalletremoveowner-l-the-bug-allows-th....md)

</details>

<details>

<summary>Insight</summary>

* [29047 - \[SC - Insight\] Reward is lost when totalSupply](/zerolend/29047-sc-insight-reward-is-lost-when-totalsupply.md)
* [29149 - \[SC - Insight\] DoS in Zero Registry configuration updation](/zerolend/29149-sc-insight-dos-in-zero-registry-configuration-updation.md)
* [29175 - \[SC - Insight\] Granting DEFAULT\_ADMIN\_ROLE to the deployer in ...](/zerolend/29175-sc-insight-granting-default_admin_role-to-the-deployer-in-....md)
* [29186 - \[SC - Insight\] ValidationLogicvalidateBorrow - L-L Incorrect i...](/zerolend/29186-sc-insight-validationlogicvalidateborrow-l-l-incorrect-i....md)
* [29188 - \[SC - Insight\] StakingBonuscalculateBonus wrongly utilizes BPS](/zerolend/29188-sc-insight-stakingbonuscalculatebonus-wrongly-utilizes-bps.md)
* [29190 - \[SC - Insight\] Permanent freezing of up to wei of yield each ...](/zerolend/29190-sc-insight-permanent-freezing-of-up-to-wei-of-yield-each-....md)
* [29225 - \[SC - Insight\] EarlyZEROVesting is having a rounding issue and...](/zerolend/29225-sc-insight-earlyzerovesting-is-having-a-rounding-issue-and....md)
* [29244 - \[SC - Insight\] Using permit inside the function can lead to Do...](/zerolend/29244-sc-insight-using-permit-inside-the-function-can-lead-to-do....md)
* [29249 - \[SC - Insight\] Using permit inside the function can lead to Do...](/zerolend/29249-sc-insight-using-permit-inside-the-function-can-lead-to-do....md)
* [29262 - \[SC - Insight\] Some users can get more rewards than others whi...](/zerolend/29262-sc-insight-some-users-can-get-more-rewards-than-others-whi....md)
* [29322 - \[SC - Insight\] Use safeTransfer instead of transfer](/zerolend/29322-sc-insight-use-safetransfer-instead-of-transfer.md)
* [29328 - \[SC - Insight\] zkSync ACLManager EOA as EMERGENCY\_ADMIN](/zerolend/29328-sc-insight-zksync-aclmanager-eoa-as-emergency_admin.md)
* [29329 - \[SC - Insight\] Manta ACLManager EOA as EMERGENCY\_ADMIN](/zerolend/29329-sc-insight-manta-aclmanager-eoa-as-emergency_admin.md)
* [29331 - \[SC - Insight\] Manta ACLManager EOA as RISK\_ADMIN](/zerolend/29331-sc-insight-manta-aclmanager-eoa-as-risk_admin.md)
* [29332 - \[SC - Insight\] Manta ReservesSetupHelper EOA as owner](/zerolend/29332-sc-insight-manta-reservessetuphelper-eoa-as-owner.md)
* [29342 - \[SC - Insight\] Lack of chainID validation allows reuse of sign...](/zerolend/29342-sc-insight-lack-of-chainid-validation-allows-reuse-of-sign....md)
* [29344 - \[SC - Insight\] Price assets deposited manipulation](/zerolend/29344-sc-insight-price-assets-deposited-manipulation.md)

</details>

## Reports by Type

[Smart Contract](#smart-contract)

<details>

<summary>Smart Contract</summary>

* [28875 - \[SC - Medium\] Unauthorized minting of vested NFTs](/zerolend/28875-sc-medium-unauthorized-minting-of-vested-nfts.md)
* [28885 - \[SC - Medium\] Lack of check for Lockend in merge LockerToken ...](/zerolend/28885-sc-medium-lack-of-check-for-lockend-in-merge-lockertoken-....md)
* [28892 - \[SC - Medium\] ZeroLockermerge can make a voting lock last lon...](/zerolend/28892-sc-medium-zerolockermerge-can-make-a-voting-lock-last-lon....md)
* [28910 - \[SC - High\] Bool check wrong in registerGauge](/zerolend/28910-sc-high-bool-check-wrong-in-registergauge.md)
* [28912 - \[SC - Critical\] Attackers can control the vote result and ampli...](/zerolend/28912-sc-critical-attackers-can-control-the-vote-result-and-ampli....md)
* [28938 - \[SC - Medium\] Attacker can invalidate users supplyWithPermit ...](/zerolend/28938-sc-medium-attacker-can-invalidate-users-supplywithpermit-....md)
* [28943 - \[SC - Medium\] DoS when user want to supply repay asset using...](/zerolend/28943-sc-medium-dos-when-user-want-to-supply-repay-asset-using....md)
* [28955 - \[SC - High\] Malicious user can transfer all unclaimed rewar...](/zerolend/28955-sc-high-malicious-user-can-transfer-all-unclaimed-rewar....md)
* [28970 - \[SC - Medium\] Attacker can grief a user by making his supplyW...](/zerolend/28970-sc-medium-attacker-can-grief-a-user-by-making-his-supplyw....md)
* [28987 - \[SC - Medium\] Manipulation of governance is possible by minti...](/zerolend/28987-sc-medium-manipulation-of-governance-is-possible-by-minti....md)
* [28988 - \[SC - High\] Mechanism for distributing extra reward tokens ...](/zerolend/28988-sc-high-mechanism-for-distributing-extra-reward-tokens-....md)
* [28992 - \[SC - High\] Permanent freezing of additional reward tokens](/zerolend/28992-sc-high-permanent-freezing-of-additional-reward-tokens.md)
* [29012 - \[SC - High\] Votes manipulation in PoolVoter](/zerolend/29012-sc-high-votes-manipulation-in-poolvoter.md)
* [29019 - \[SC - High\] The ZeroLendToken contract in the Governance mo...](/zerolend/29019-sc-high-the-zerolendtoken-contract-in-the-governance-mo....md)
* [29026 - \[SC - High\] Hackers can steal the unclaimed yield to get th...](/zerolend/29026-sc-high-hackers-can-steal-the-unclaimed-yield-to-get-th....md)
* [29031 - \[SC - Critical\] VestedZeroNFT tokens can be directly stolen thr...](/zerolend/29031-sc-critical-vestedzeronft-tokens-can-be-directly-stolen-thr....md)
* [29047 - \[SC - Insight\] Reward is lost when totalSupply](/zerolend/29047-sc-insight-reward-is-lost-when-totalsupply.md)
* [29052 - \[SC - Medium\] Pool funds could be locked due to Division by zero](/zerolend/29052-sc-medium-pool-funds-could-be-locked-due-to-division-by-zero.md)
* [29059 - \[SC - Medium\] Race condition in StakingBonus will result in s...](/zerolend/29059-sc-medium-race-condition-in-stakingbonus-will-result-in-s....md)
* [29062 - \[SC - Critical\] Attacker can steal locked balance of staked nft...](/zerolend/29062-sc-critical-attacker-can-steal-locked-balance-of-staked-nft....md)
* [29068 - \[SC - Medium\] AaveOracle contract does not verify price stale...](/zerolend/29068-sc-medium-aaveoracle-contract-does-not-verify-price-stale....md)
* [29069 - \[SC - Medium\] Ability to deny users from repaying and supplyi...](/zerolend/29069-sc-medium-ability-to-deny-users-from-repaying-and-supplyi....md)
* [29078 - \[SC - High\] Theft of unclaimed yield due to the wrong calcu...](/zerolend/29078-sc-high-theft-of-unclaimed-yield-due-to-the-wrong-calcu....md)
* [29095 - \[SC - High\] The lockers supply can be arbitrarily inflated ...](/zerolend/29095-sc-high-the-lockers-supply-can-be-arbitrarily-inflated-....md)
* [29101 - \[SC - High\] Staking in BaseLocker is broken](/zerolend/29101-sc-high-staking-in-baselocker-is-broken.md)
* [29103 - \[SC - Critical\] Omnichain Stakers can permanently lose access t...](/zerolend/29103-sc-critical-omnichain-stakers-can-permanently-lose-access-t....md)
* [29120 - \[SC - High\] Bug in reward distribution logic leads to theft...](/zerolend/29120-sc-high-bug-in-reward-distribution-logic-leads-to-theft....md)
* [29121 - \[SC - High\] Any rewards sent to the PoolVoter will be undis...](/zerolend/29121-sc-high-any-rewards-sent-to-the-poolvoter-will-be-undis....md)
* [29122 - \[SC - High\] All reward tokens can be stolen by an attacker ...](/zerolend/29122-sc-high-all-reward-tokens-can-be-stolen-by-an-attacker-....md)
* [29123 - \[SC - Medium\] Griefing attack for VestedZeroNFT](/zerolend/29123-sc-medium-griefing-attack-for-vestedzeronft.md)
* [29130 - \[SC - Medium\] Unlimited Minting of VestedZeroNFT](/zerolend/29130-sc-medium-unlimited-minting-of-vestedzeronft.md)
* [29135 - \[SC - Critical\] OmnichainStakingsolunstakeLP and OmnichainStaki...](/zerolend/29135-sc-critical-omnichainstakingsolunstakelp-and-omnichainstaki....md)
* [29137 - \[SC - High\] ZeroLend token is not behaving properly while c...](/zerolend/29137-sc-high-zerolend-token-is-not-behaving-properly-while-c....md)
* [29139 - \[SC - Medium\] Griefing attack to cause users to suffer penalt...](/zerolend/29139-sc-medium-griefing-attack-to-cause-users-to-suffer-penalt....md)
* [29145 - \[SC - High\] zeroLendToken is bricked to use for whitelisted...](/zerolend/29145-sc-high-zerolendtoken-is-bricked-to-use-for-whitelisted....md)
* [29149 - \[SC - Insight\] DoS in Zero Registry configuration updation](/zerolend/29149-sc-insight-dos-in-zero-registry-configuration-updation.md)
* [29170 - \[SC - Medium\] DoS by front-runnable externall call](/zerolend/29170-sc-medium-dos-by-front-runnable-externall-call.md)
* [29175 - \[SC - Insight\] Granting DEFAULT\_ADMIN\_ROLE to the deployer in ...](/zerolend/29175-sc-insight-granting-default_admin_role-to-the-deployer-in-....md)
* [29181 - \[SC - High\] Tautology in PoolVoterregisterGauge makes it im...](/zerolend/29181-sc-high-tautology-in-poolvoterregistergauge-makes-it-im....md)
* [29186 - \[SC - Insight\] ValidationLogicvalidateBorrow - L-L Incorrect i...](/zerolend/29186-sc-insight-validationlogicvalidateborrow-l-l-incorrect-i....md)
* [29188 - \[SC - Insight\] StakingBonuscalculateBonus wrongly utilizes BPS](/zerolend/29188-sc-insight-stakingbonuscalculatebonus-wrongly-utilizes-bps.md)
* [29189 - \[SC - High\] ZeroLendToken doesnt allow whitelisted users to...](/zerolend/29189-sc-high-zerolendtoken-doesnt-allow-whitelisted-users-to....md)
* [29190 - \[SC - Insight\] Permanent freezing of up to wei of yield each ...](/zerolend/29190-sc-insight-permanent-freezing-of-up-to-wei-of-yield-each-....md)
* [29198 - \[SC - Medium\] Griefing attack to cause the rewards of a user ...](/zerolend/29198-sc-medium-griefing-attack-to-cause-the-rewards-of-a-user-....md)
* [29204 - \[SC - Critical\] Direct theft of Users VestedZeroNFT by using sp...](/zerolend/29204-sc-critical-direct-theft-of-users-vestedzeronft-by-using-sp....md)
* [29211 - \[SC - Critical\] Voting manipulation cause by the possibility to...](/zerolend/29211-sc-critical-voting-manipulation-cause-by-the-possibility-to....md)
* [29213 - \[SC - High\] The function always revert if \_stakeNFT True d...](/zerolend/29213-sc-high-the-function-always-revert-if-_stakenft-true-d....md)
* [29225 - \[SC - Insight\] EarlyZEROVesting is having a rounding issue and...](/zerolend/29225-sc-insight-earlyzerovesting-is-having-a-rounding-issue-and....md)
* [29244 - \[SC - Insight\] Using permit inside the function can lead to Do...](/zerolend/29244-sc-insight-using-permit-inside-the-function-can-lead-to-do....md)
* [29249 - \[SC - Insight\] Using permit inside the function can lead to Do...](/zerolend/29249-sc-insight-using-permit-inside-the-function-can-lead-to-do....md)
* [29262 - \[SC - Insight\] Some users can get more rewards than others whi...](/zerolend/29262-sc-insight-some-users-can-get-more-rewards-than-others-whi....md)
* [29267 - \[SC - High\] Wrong implementation causing some functions in ...](/zerolend/29267-sc-high-wrong-implementation-causing-some-functions-in-....md)
* [29270 - \[SC - High\] The main functionality of the contract EarlyZER...](/zerolend/29270-sc-high-the-main-functionality-of-the-contract-earlyzer....md)
* [29286 - \[SC - Medium\] MultiSigWalletremoveOwner - L The bug allows th...](/zerolend/29286-sc-medium-multisigwalletremoveowner-l-the-bug-allows-th....md)
* [29288 - \[SC - Critical\] all NFTs can be stolen by calling VestedZeroNFT...](/zerolend/29288-sc-critical-all-nfts-can-be-stolen-by-calling-vestedzeronft....md)
* [29322 - \[SC - Insight\] Use safeTransfer instead of transfer](/zerolend/29322-sc-insight-use-safetransfer-instead-of-transfer.md)
* [29328 - \[SC - Insight\] zkSync ACLManager EOA as EMERGENCY\_ADMIN](/zerolend/29328-sc-insight-zksync-aclmanager-eoa-as-emergency_admin.md)
* [29329 - \[SC - Insight\] Manta ACLManager EOA as EMERGENCY\_ADMIN](/zerolend/29329-sc-insight-manta-aclmanager-eoa-as-emergency_admin.md)
* [29331 - \[SC - Insight\] Manta ACLManager EOA as RISK\_ADMIN](/zerolend/29331-sc-insight-manta-aclmanager-eoa-as-risk_admin.md)
* [29332 - \[SC - Insight\] Manta ReservesSetupHelper EOA as owner](/zerolend/29332-sc-insight-manta-reservessetuphelper-eoa-as-owner.md)
* [29342 - \[SC - Insight\] Lack of chainID validation allows reuse of sign...](/zerolend/29342-sc-insight-lack-of-chainid-validation-allows-reuse-of-sign....md)
* [29344 - \[SC - Insight\] Price assets deposited manipulation](/zerolend/29344-sc-insight-price-assets-deposited-manipulation.md)

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://reports.immunefi.com/zerolend.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.