Competitive Audits
First Flights
Judging
Leaderboard
Docs
Toggle theme
Sign up
Log in
All Contests
Liquid Staking
Submissions
Liquid Staking
Stakelink
Liquid Staking
Stakelink
DeFi
Hardhat
Oracle
50,000
USDC
Public
50,000
USDC
Sep 30th, 2024 → Oct 17th, 2024
View repo
1158 / 1158
Submissions
Severity
Tags
#1
a
Low
#2
WithdrawalPool.sol - Potential DoS from unbounded loop variable.
High
#3
Any User may request to delete vault or delete vault on operatorVCS
Medium
#4
Outdated reward calculation in StakingPool allows profit manipulation and unfair share distribution
Medium
#5
Manipulated Delegatecall Destinations in CommunityVCS.sol and OperatorVCS.sol
High
#6
Users can cause Unbounded GAS in themselves
Low
#7
StakingPool.sol :: donateTokens() allows a malicious user to manipulate the system in such a way that users may receive 0 shares.
High
#8
[M-2] Lack of Withdrawal Amount Validation in LSTRewardsSplitter::withdraw()function
Medium
#9
[M-1] Non-Adherence to CEI Pattern in onTokenTransfer Function
Medium
#10
The use of the `balance` in the `removeSplitter` function to withdraw from the contract is incorrect
Medium
#11
lack validation on the cumulative value of `_fees.basisPoints`
Low
#12
The `LSTRewardsSplitterController::removeSplitter()` function must re-fetch the balance after executing `splitter.splitRewards()` to ensure the correct value is used during withdrawal.
Medium
#13
potencial reentrancy
High
#14
potencial reentrancy
High
#15
CommunityVault::claimRewards claims more token rewards than getRewards() allows it to
Medium
#16
Small rewards may be absorbed leading to asset loss
Medium
#17
Admin can't remove splitter.
Medium
#18
PriorityPool.sol :: claimLSDTokens() if is called with a second claim that is less than the first, the transaction will always revert, making it impossible for the user to claim their tokens.
Medium
#19
cannot be able to withdraw tokens when strategy wrongly set
Medium
#20
unable to remove strategies with token balance
Medium
#21
The `OperatorStakingPool::_withdraw()` function lacks the implementation of token transfer, which prevents tokens from being correctly withdrawn when invoked.
High
#22
The parameter totalShares in StakingRewardsPool is not initialized
Low
#23
Unsafe Conversion of Negative Integer to Unsigned Integer
High
#24
Missing Fee Check in `addSplitter` Function
Medium
#25
Incorrect Accounting of Principal Deposits in LSTRewardsSplitter Contract
Medium
#26
Principal Deposits Can Become Negative in LSTRewardsSplitter
Medium
#27
Inefficient Bubble Sort Implementation in FundFlowController
Medium
#28
_depositLiquidity did not process excess assets
Medium
#29
Underflow in `withdraw` Function Allows Draining of Funds
Low
#30
Missing Fee Validation in LSTRewardsSplitter Constructor
High
Previous
1
2
3
...
More pages
39
Next
Support
FAQs
Can’t find an answer? Join our Discord or follow us on Twitter.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
What is community judging?
How do I get rewarded?
What is a First Flight?
Give us feedback!