issues
search
sherlock-audit
/
2022-09-notional-judging
4
stars
2
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Phase 2
#146
Evert0x
opened
1 year ago
0
Phase 1
#145
Evert0x
closed
1 year ago
0
TomJ - User will Lose Ether when sending `msg.value` to vault with `tokenType` not being Ether
#144
sherlock-admin
closed
1 year ago
0
hyh - Bloated liquidationRate can be set to a Vault
#143
sherlock-admin
closed
1 year ago
1
ak1 - TwoTokenPoolMixin.sol : the token's decimals could not be same. Calculation based on token decimal will not give correct result.
#142
sherlock-admin
closed
1 year ago
0
Sm4rty - Use of Depreciated version of Openzeppelin Libraries
#141
sherlock-admin
closed
1 year ago
0
ak1 - Boosted3TokenPoolMixin.sol : Three token's decimal could be different. The further calculation based on these decimal value will not be correct.
#140
sherlock-admin
closed
1 year ago
0
vlad - Incorrect voting due to increment logic of proposal IDs
#139
sherlock-admin
closed
1 year ago
1
ak1 - wstETHChainlinkOracle.sol#L26-L44 : valid time check is missed while getting the price feed data.
#138
sherlock-admin
closed
1 year ago
0
vlad - Incorrect usage of `msg.sig`
#137
sherlock-admin
closed
1 year ago
0
ak1 - oracle : latestRoundData will not tell the latest price feed data.
#136
sherlock-admin
closed
1 year ago
0
hyh - MetaStable2TokenAuraVault allows only up to 1bp weight for Balancer TWAP oracle
#135
sherlock-admin
opened
1 year ago
3
GimelSec - `VaultAccountStorage.maturity` is uint32, which will break in 2106
#134
sherlock-admin
closed
1 year ago
1
GimelSec - Price oracle could get a stale price
#133
sherlock-admin
opened
1 year ago
1
GimelSec - Secondary currencies can be fee-on-transfer tokens
#132
sherlock-admin
closed
1 year ago
2
Chom - TradingModule getOraclePrice is not supporting token with decimals != 18
#131
sherlock-admin
closed
1 year ago
2
GimelSec - one maturity could exhaust `VaultBorrowCapacity`
#130
sherlock-admin
closed
1 year ago
1
GalloDaSballo - M-03 Incorrect "linear projection" for exponential math in calculating BPT value
#129
sherlock-admin
closed
1 year ago
2
Chom - TradingModule oracle is missing check for stale price in roundID
#128
sherlock-admin
closed
1 year ago
0
GalloDaSballo - M-02 wstETH Feed Doesn't check for Freshness
#127
sherlock-admin
closed
1 year ago
0
GalloDaSballo - M-01 Loss of Reward Tokens for AuraStaking
#126
sherlock-admin
closed
1 year ago
2
cccz - The owner can increase minCollateralRatio through the updateVault function, so that the account is liquidated due to insufficient collateral
#125
sherlock-admin
closed
1 year ago
0
ctf_sec - getGetAmplificationParameter() precision is not used, which result in accounting issue in MetaStable2TokenAuraHelper.sol and in Boosted3TokenAuraHelper.sol
#124
sherlock-admin
opened
1 year ago
2
ctf_sec - slippage protection is disabled because the trade limit is hardcoded to 0 when Sell residual secondary balance in_executeDynamicTradeExactIn in StragetyUtils.sol
#123
sherlock-admin
closed
1 year ago
1
Chom - Unexpected behavior for UniV2Adapter, UniV3Adapter, and ZeroExAdapter when msgValue is not zero
#122
sherlock-admin
closed
1 year ago
0
Chom - UniswapV2 has swapExactETHForTokens which takes native ETH but why you are saying msgValue is always zero for UniswapV2?
#121
sherlock-admin
closed
1 year ago
0
ctf_sec - Linear Pool in Balancer does use joinPool() and exitPool() for transactions involving their Balancer Pool Tokens (BPT)
#120
sherlock-admin
closed
1 year ago
0
Chom - Boosted3TokenAuraVault and MetaStable2TokenAuraVault will only be usable until February 7, 2106
#119
sherlock-admin
closed
1 year ago
0
ctf_sec - stakingContext.auraRewardPool.withdrawAndUnwrap boolean return value not handled in Boosted3TokenPoolUtils.sol and TwoTokenPoolUtils.sol
#118
sherlock-admin
opened
1 year ago
2
ctf_sec - stakingContext.auraBooster.deposit boolean return value not handled in Boosted3TokenPoolUtils.sol
#117
sherlock-admin
opened
1 year ago
2
ctf_sec - Deployments.BALANCER_VAULT.swap uint256 amonutsOut return value not handled in BalancerUtils.sol
#116
sherlock-admin
closed
1 year ago
0
ctf_sec - When the transaction revert, the require check does not indicate the revert reason, which makes both developer and users very difficult to figure out why the transaction revert
#115
sherlock-admin
closed
1 year ago
0
ctf_sec - Compromised admin can maxOracleFreshnessInSeconds to 0 to block oracle and block trading in the TradingModule.sol
#114
sherlock-admin
closed
1 year ago
0
csanuragjain - One vault can enter another vault
#113
sherlock-admin
closed
1 year ago
1
hansfriese - `AuraStakingMixin.claimRewardTokens()` might revert for some edge cases.
#112
sherlock-admin
closed
1 year ago
0
hansfriese - Possible rounding error during `1 / oraclePrice` calculation in `TradingUtils._getLimitAmount()`.
#111
sherlock-admin
closed
1 year ago
1
hansfriese - `TradingUtils._executeTrade()` doesn't check `preTradeBalance` properly.
#110
sherlock-admin
opened
1 year ago
2
csanuragjain - Missing zero approval
#109
sherlock-admin
closed
1 year ago
0
ethan-crypto - Medium: Usage of depreciated .transfer() method in redeemFromNotional can result in revert, especially for flash loan liquidator accounts.
#108
sherlock-admin
closed
1 year ago
0
ethan-crypto - Medium: Sending ether with call to exitVault to cover shortfall in cash from lending eth can result in revert for contract accounts.
#107
sherlock-admin
closed
1 year ago
0
csanuragjain - Duplicate reward can lead to deduction of extra fees than required
#106
sherlock-admin
closed
1 year ago
1
csanuragjain - Attacker can make settleVaultNormal unavailable by increasing cooldown period
#105
sherlock-admin
closed
1 year ago
1
xiaoming90 - Users Can Gain Additional Vault Shares When Rolling Position Via Re-Entrancy Attack
#104
sherlock-admin
closed
1 year ago
0
xiaoming90 - Malicious Users Can Force An Emergency Settlement On Any Vault
#103
sherlock-admin
closed
1 year ago
1
xiaoming90 - Malicious Users Can Settle More BPT Than Needed During Emergency Settlement
#102
sherlock-admin
closed
1 year ago
2
lemonmon - `Boosted3TokenAuraVault::_depositFromNotional` lacks the check for the settlement window
#101
sherlock-admin
closed
1 year ago
0
lemonmon - `BalancerUtils::_normalizeBalances` will silently underflow if decimals are bigger than 18
#100
sherlock-admin
closed
1 year ago
0
lemonmon - `StrategyUtils::_executeDynamicTradeExactIn` does not wrap steth
#99
sherlock-admin
opened
1 year ago
2
lemonmon - `TradingUtils::_executeTrade` will leak ETH to WETH
#98
sherlock-admin
opened
1 year ago
3
lemonmon - `TradingUtils::_executeInternal` fail to approve WETH
#97
sherlock-admin
closed
1 year ago
0
Next