Blackhole Mitigation Review

• Total Prize Pool: $4,250 in USDC
  • Warden awards: $3,000 in USDC
  • Judge awards: $1,000 in USDC
  • Scout awards: $250 in USDC
• Warden guidelines for C4 mitigation reviews
• Starts June 18, 2025 20:00 UTC
• Ends June 23, 2025 20:00 UTC

Important note

Each warden must submit a mitigation review for every individual item listed in the Scope section below. Incomplete or insufficient mitigation reviews will not be eligible for awards.

Scope

Branch

https://github.com/BlackHoleDEX/SmartContracts/commits/stable-devnet

Mitigation of High & Medium Severity Issues

Mitigations of all High and Medium issues listed here will be considered in-scope:

Fix	Mitigation of
Commit 9ee840a	S-245: Router Address Validation Logic Error - Prevents Valid Router Assignment
Commit 584ff47	S-176: Reward token in GaugeFactoryCL can be drained by anyone
Commit bf2277b	S-184: Critical Access Control Flaw: Role Removal Logic Incorrectly Grants Unauthorized Roles
Commit c10c8f7	S-17: MinterUpgradeable: double-subtracting smNFT burns causes rebase underpayment
Commit 1d7f64d	S-419: Quorum does not include the againstVotes leading to emissions rate staying the same even if it should decrease
Commit e34ce14	S-114: Logic Error in AVM Original Owner Resolution
Commit 9a39a8e Commit edb952	S-412: Users can cast their votes multiple times for the proposal by transfering their nfts and then voting again
Commit 47cb9f6	S-175: 1e10 fixed farming reward in GaugeFactoryCL
Commit 877c46a	S-82: `Governance emission adjustment ignored when weekly emission above tail threshold
Commit b9533e5	S-416: Status does not update inside the BlackGovernor leading to complete distrubtion of nudge functionality
Commit 9a39a8e Commit edb9523	S-236: checkpoints are incorrectly cleared during transferFrom
Commit c0d68e	S-74: Incorrect Function Call in BribeFactoryV3 recoverERC20AndUpdateData
Commit 2c75927	S-279: isGenesis flag is ineffective to control add liquidity flow in RouterV2.addLiquidity()
Commit 7b5c04a	S-122: Griefing Attack on GenesisPoolManager.sol::depositNativeToken Leading to Denial of Service
Commit 5adeeb8	S-324: Function Return Variable Shadowing Prevents Storage Updates in Solidity
Commit 3f60981	S-406: getVotes inside the BlackGovernor incorrectly provides block.number instead of block.timestamp leading to complete DOS of proposal functionality
Commit 0967e03 Commit edb9523	S-423: getsmNFTPastVotes incorrectly checks for Voting Power leading to some nfts incorrectly being eligble to vote
Commit 0ae885c	S-187: First liquidity provider can DOS the pool of a stable pair
Commit 4dcbd35	S-409: Zero-receiver fund burn
Commit 754397f	S-33: L2Governor.execute() accepts Expired / Defeated proposals, attacker front-runs BlackGovernor nudge(), blocks legitimate emission-rate votes, freezes tail emissions
Commit ed042df	S-410: ERC-2612 Permit Front-Running in RouterV2 Enables DoS of Liquidity Operations

Additional scope to be reviewed

These are additional changes that will be in scope.

Fix	Mitigation of
Commit c958461	S-220
Commit f25a0fc	S-83

Out of Scope

• S-166: Epoch Voting Restrictions Bypassed via deposit_for() for Blacklisted/Non-Whitelisted TokenIDs
• S-48: EIP-712 Domain Type Hash Mismatch Breaks Signature-Based Delegation
• S-52: Governance Deadlock Potential in BlackGovernor.sol due to Quorum Mismatch