Contest Findings
#
- 🟥 It is rated Critical by maintainer
- 🟧 It is rated High by maintainer
- 🟨 It is rated Medium by maintainer
- 🟩 It is rated Low by maintainer
- ✨ I think it’s high value
- 🎯 It is an solo findings
202303
#
- [🟧] The late deposit in Carousel contract can be used to avoid deposit fee
🔗
- [🟧] Deposits that have already been mint in the rolloverQueue can still be delisted,
resulting in the deposits of other users not being mint
🔗
- [🟨] All tiles in Tray are predictable
🔗
- [🟨] The Bio contract may be used for XSS attack
🔗
- [🟧] [✨] Underflow of lpPosition.points during withdrawLP causes huge reward minting
🔗
- [🟧] Later stakers may reduce the reward that early stakers have got
🔗
- [🟧]
registerTrustedNode
should be controlled by Governance
identity instead of owner
🔗
- [🟨]
addBlackList
function can be frontrunned to transfer assets in advance
🔗