issues
search
sherlock-audit
/
2022-09-notional-judging
4
stars
2
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Jeiwan - Deprecated Balancer Price Oracles could lead to locked funds in the Balancer strategy vaults
#46
sherlock-admin
opened
1 year ago
3
Jeiwan - Flawed decimals check could lock funds in a 2-token Balancer Strategy Vault
#45
sherlock-admin
closed
1 year ago
0
Lambda - transfer should not be used for transferring ETH
#44
sherlock-admin
closed
1 year ago
0
Lambda - ExchangeRate age not checked
#43
sherlock-admin
closed
1 year ago
0
0x52 - Settlement slippage is not implemented correctly which may lead to some vaults being impossible to settle
#42
sherlock-admin
opened
1 year ago
2
0x52 - StrategyUtils#_executeDynamicTradeExactIn returns incorrect amountBought if buyToken is wstETH and tradeUnwrapped is true
#41
sherlock-admin
closed
1 year ago
0
8olidity - use safecast
#40
rcstanciu
closed
1 year ago
0
8olidity - TransferUnderlyingToVaultDirect () error may lead to vault not receive money
#39
rcstanciu
closed
1 year ago
0
0x52 - TwoTokenPoolMixin allows secondary token to have decimals >18 due to incorrect require statement
#38
rcstanciu
closed
1 year ago
0
0xNazgul - [NAZ-M1] Use `safeTransfer()/safeTransferFrom()` Instead of `transfer()/transferFrom()`
#37
rcstanciu
closed
1 year ago
0
8olidity - MaxBorrowMarketIndex does not limit borrowAndEnterVault() DOS
#36
rcstanciu
closed
1 year ago
0
supernova - Lack of storage Gap in Upgradeable contracts
#35
rcstanciu
closed
1 year ago
0
cccz - When tokenType != Ether, need to check msg.value == 0
#34
rcstanciu
closed
1 year ago
0
0x52 - UniV2Adapter#getExecutionData doesn't properly handle native ETH swaps
#33
rcstanciu
opened
1 year ago
2
0x52 - Deployments.sol uses the wrong address for UNIV2 router which causes all Uniswap V2 calls to fail
#32
rcstanciu
opened
1 year ago
2
0x52 - TradingUtils#_executeTrade contains logical error that can cause loss of funds if trade.buyToken is ETH or WETH
#31
rcstanciu
closed
1 year ago
0
0x52 - TradingUtils#_approve is problematic for tokens like USDT that requires allowance to be zero before calling approve
#30
rcstanciu
closed
1 year ago
0
Waze - safetransferfrom doesn't check the codesize of the token address, which may lead to fund loss.
#29
rcstanciu
closed
1 year ago
0
Waze - Latest RoundData from Chainlink May Return Outdated Results
#28
rcstanciu
closed
1 year ago
0
Waze - Low-level delegatecall function may not revert as it fails.
#27
rcstanciu
closed
1 year ago
0
Waze - Unsafe transfer when using transferNativeTokenOut() from GenericToken Lib can result in revert.
#26
rcstanciu
closed
1 year ago
0
0xSmartContract - Storage Write Removal Bug On Conditional Early Termination
#25
rcstanciu
closed
1 year ago
0
0xSmartContract - Low-level transfer via call() can fail silently
#24
rcstanciu
closed
1 year ago
0
rajatbeladiya - chainlink’s latestRoundData might return stale or incorrect price
#23
rcstanciu
closed
1 year ago
0
Arbitrary-Execution - Idiosyncratic fCash can prevent a user from improving their collateral ratio
#22
rcstanciu
closed
1 year ago
0
Arbitrary-Execution - Idiosyncratic fCash can prevent users from exiting a vault pre-maturity
#21
rcstanciu
closed
1 year ago
2
Arbitrary-Execution - When `ONLY_VAULT_DELEVERAGE` is enabled a vault can force an arbitrary address to liquidate an unhealthy vault account
#20
rcstanciu
closed
1 year ago
1
Arbitrary-Execution - `deleverageAccount` can be used by an address to enter a vault that would otherwise be restricted by the `requireValidAccount` check in `enterVault`
#19
rcstanciu
opened
1 year ago
2
Arbitrary-Execution - The check against `debtOutstandingAboveMinBorrow` in `_depositLiquidatorAmount` should be `<=` and not `<`
#18
rcstanciu
closed
1 year ago
2
Arbitrary-Execution - `deleverageAccount` can still be called when a vault is paused
#17
rcstanciu
opened
1 year ago
5
Arbitrary-Execution - Vault owner has outsized control over user accounts
#16
rcstanciu
closed
1 year ago
2
Arbitrary-Execution - `checkReturnCode` function in `GenericToken` library lacks type safety
#15
rcstanciu
closed
1 year ago
1
Arbitrary-Execution - Users are required to redeem a non-zero `vaultSharesToRedeem` when calling `exitVault` prior to maturity
#14
rcstanciu
closed
1 year ago
3
Arbitrary-Execution - `requireValidAccount` does not prevent the vault address itself from opening a position
#13
rcstanciu
closed
1 year ago
2
Arbitrary-Execution - `ALLOW_REENTRANCY` logic is dangerous and should be carefully considered
#12
rcstanciu
closed
1 year ago
1
Arbitrary-Execution - `getRouterImplementation` is susceptible to function selector collisions
#11
rcstanciu
closed
1 year ago
0
jacksanford - Test
#10
rcstanciu
closed
1 year ago
0
GimelSec - -
#9
rcstanciu
closed
1 year ago
0
GimelSec - -
#8
rcstanciu
closed
1 year ago
0
GimelSec - -
#7
rcstanciu
closed
1 year ago
0
GimelSec - -
#6
rcstanciu
closed
1 year ago
0
Bnke0x0 - Malicious governance can use updateVault()/updateSecondaryBorrowCapacity() to steal WETH from buyers
#5
rcstanciu
closed
1 year ago
0
Bnke0x0 - User's may accidentally overpay in depositVaultCashToStrategyTokens()/repaySecondaryCurrencyFromVault()/_redeem() and the excess will be paid to the vault creator
#4
rcstanciu
closed
1 year ago
0
Bnke0x0 - underlying Token can be stuck into the Strategy contract
#3
rcstanciu
closed
1 year ago
0
Bnke0x0 - Overpayment of native ETH is not refunded to the buyer
#2
rcstanciu
closed
1 year ago
0
evertkors - test
#1
rcstanciu
closed
1 year ago
0
Previous