Competitive Audits
First Flights
Judging
Leaderboard
Docs
Toggle theme
Sign up
Log in
All Contests
Core Contracts
Submissions
Public
Core Contracts
Regnum Aurum Acquisition Corp
Hardhat
Real World Assets
NFT
77,280
USDC
Public
77,280
USDC
Feb 3rd, 2025 → Feb 24th, 2025
View repo
6685 / 6685
Submissions
Severity
Tags
#1
Reentrancy in StabilityPool Withdrawals
High
#2
Missing Events for Critical Parameter Changes
Medium
#3
Unauthenticated Oracle Updates
High
#4
Typos in veRAACToken Event Parameters
Low
#5
Lack of Input Validation in RAACNFT.mint()
Low
#6
Flawed Reward Distribution (calculateRaacRewards)
Medium
#7
Hardcoded Exchange Rate (getExchangeRate)
Medium
#8
Inconsistent State Updates in _mintRAACRewards
Medium
#9
Unauthorized Access to Funds
Medium
#10
Lack of Access Control in FeeCollector.sol
Medium
#11
Integer Overflow in Auction.sol
Medium
#12
Gas Limit for Large Batch Operations in scheduleBatch and executeBatch
Medium
#13
Emergency Unlock Logic Incomplete
Low
#14
Anyone can donate huge amounts of malicious tokens to the treasury in order to DoS new deposits
High
#15
Reentrancy Attack via onERC721Received Callback
Medium
#16
Unrestricted fee allocation in FeeCollector contract allows potential misuse
Low
#17
Auction Price Calculation Integer Underflow
Medium
#18
Users unable to remove expired delegations in BoostController
Medium
#19
Lack of validation for pool address when delegating boost can lead to loss of funds or exploit of boost rewards
Medium
#20
Treasury Over-Allocation vulnerability. The allocateFunds function takes a recipient and an amount but doesn't specify a token.
High
#21
Incorrect calculation in BoostController breaks veRAACToken rewards and attacker to capture the entire boost allocation
High
#22
`getBoostMultiplier` always returns maximum boost for any non-zero value
Low
#23
The workingSupply of a pool is incorrectly overwritten (instead of accumulated) when users update their boosts.
High
#24
Missing check if Treasury hold enough funds for allocations
High
#25
delegateBoost not applied correctly
Low
#26
user loss rewards after first claim
High
#27
user can borrow more than expected
High
#28
user can repay loan without paying interest.
High
#29
Unchecked Boost Parameters in setBoostParameters (BaseGauge.sol)
High
#30
DoS vulnerability when someone attempts to become a bidder
Medium
Previous
1
2
3
...
More pages
223
Next
Support
FAQs
Can’t find an answer? Join our Discord or follow us on Twitter.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
What is community judging?
How do I get rewarded?
What is a First Flight?
Give us feedback!