0xrex
Rankings
#15 90-day
#296 All-time
#373 2024
High-risk
15 Total
Medium-risk
14 Total
Activity
8 Audits
February 2025
4 February 2025
Liquid Ron
High-risk
Identified a finding grouped with:
The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositorsMedium-risk
Identified a finding grouped with:
User can earn rewards by frontrunning the new rewards accumulation in Ron staking without actually delegating his tokensMedium-risk
Identified a finding grouped with:
Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical FunctionsJanuary 2025
3 January 2025
Chainlink Payment Abstraction
Identified 1 confirmed finding
Finding not yet public
December 2024
19 December 2024
SecondSwap
High-risk
Identified a finding grouped with:
`SecondSwap_Marketplace` vesting listing order affects how much the vesting buyers can claim at a given stepMedium-risk
Identified a finding grouped with:
Missing option to remove tokens from the `isTokenSupport` mapping can result in huge financial loss for users and the protocolMedium-risk
Selected for report
November 2024
29 November 2024
Concrete
Identified 14 confirmed findings
Finding not yet public
September 2024
3 September 2024
Phi
High-risk
Identified a finding grouped with:
Exposed `_removeCredIdPerAddress` & `_addCredIdPerAddress` allows anyone to cause issues to current holders as well as upcoming onesHigh-risk
Identified a finding grouped with:
Reentrancy Vulnerability Allows Bypass of Cooldown, Leading to Unfair Reward Extraction Through Flash LoanHigh-risk
Identified a finding grouped with:
`shareBalance` bloating eventually blocks curator rewards distributionHigh-risk
Identified a finding grouped with:
Reentrancy Vulnerability Allows Bypass of Cooldown, Leading to Unfair Reward Extraction Through Flash LoanAugust 2024
6 August 2024
TraitForge
Medium-risk
Identified a finding grouped with:
Discrepancy between nfts minted, price of nft when a generation changes & position of `_incrementGeneration()` inside `_mintInternal()` & `_mintNewEntity()`High-risk
Identified a finding grouped with:
`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`High-risk
Identified a finding grouped with:
Wrong minting logic based on total token count across generationsJuly 2024
29 July 2024
Munchables
Medium-risk
Identified a finding grouped with:
Users can farm on zero-tax land if the landlord locked tokens before the LandManager deploymentHigh-risk
Identified a finding grouped with:
Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid PlotHigh-risk
Identified a finding grouped with:
[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTsMay 2024
27 May 2024
Munchables
High-risk
Identified a finding grouped with:
Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens
17 May 2024
NOYA
High-risk
Identified a finding grouped with:
`AccountingManager::resetMiddle` will not behave as expectedMedium-risk
Identified a finding grouped with:
The total deposit amount limit in `AccountingManager.sol` can be bypassedMedium-risk
Identified a finding grouped with:
Attacker can increase the length of `withdrawQueue` by withdrawing 0 amount of tokens frequentlyMedium-risk
Identified a finding grouped with:
First depositor can make subsequent depositor lose all of her or his depositMedium-risk
Identified a finding grouped with:
Dust donation might DOS all connectors to create new holding positions, by preventing removing existing holding positionsHigh-risk
Identified a finding grouped with:
`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`
8 May 2024
LoopFi