sherlock-audit 2022-10-astaria-judging issues

sherlock-audit / 2022-10-astaria-judging

6 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

w42d3n - Result of transferfrom not checked.

#295 sherlock-admin closed 1 year ago
0
ak1 - AuctionHouse.sol#L67 : createAuction misses the critical check to verify whether the auction already exists.

#294 sherlock-admin closed 1 year ago
0
Rohan16 - Use safeTransferFrom() instead of transferFrom() for outgoing erc721 transfer

#293 sherlock-admin closed 1 year ago
4
Prefix - Payments can be frontrun by malicious attacker to repay his loans

#292 sherlock-admin closed 1 year ago
0
Picodes - `Auction House` - Auction creator does not pay the `reservePrice`

#291 sherlock-admin closed 1 year ago
0
ak1 - Astaria protocol will miss the ERC1155 based NFT tokens

#290 sherlock-admin closed 1 year ago
0
Sm4rty - flashAction and _releaseToAddress function transfers NFT without any address check

#289 sherlock-admin closed 1 year ago
0
Rohan16 - No address check before transffering NFT

#288 sherlock-admin closed 1 year ago
0
Picodes - `AuctionHouse` - `createBid`: incorrect amount transferred

#287 sherlock-admin closed 1 year ago
0
ak1 - LienToken.sol#L594 : _payment is taking all. It is not refunding the excess amount back to user.

#286 sherlock-admin closed 1 year ago
0
__141345__ - Auction still exists even paid off the loan

#285 sherlock-admin closed 1 year ago
8
HonorLt - Re-entrancy

#284 sherlock-admin closed 1 year ago
4
chainNue - Bidder lost asset If auction is cancelled

#283 sherlock-admin closed 1 year ago
0
Sm4rty - Use safetransferFrom instead of transferFrom for NFT(ERC721) transfers

#282 sherlock-admin closed 1 year ago
0
HonorLt - commitToLiens via AstariaRouter will not work

#281 sherlock-admin closed 1 year ago
0
w42d3n - ERC4626 does not work with fee-on-transfer tokens

#280 sherlock-admin closed 1 year ago
4
ak1 - UniqueValidator.sol#L29-L30 : events - LogLeaf and LogDetails are not used anywhere

#279 sherlock-admin closed 1 year ago
0
bin2chen - _payment() maybe overpayment

#278 sherlock-admin closed 1 year ago
0
Jeiwan - Liquidity providers can lose funds when a withdraw proxy is not set for an epoch

#277 sherlock-admin closed 1 year ago
5
Jeiwan - Denial of service in `AstariaRouter.commitToLiens`

#276 sherlock-admin closed 1 year ago
0
Jeiwan - Only one lien can be created per collateral, vault, and strategy

#275 sherlock-admin closed 1 year ago
1
Jeiwan - Incorrect maximum potential debt calculation causes denial of service

#274 sherlock-admin closed 1 year ago
0
Jeiwan - An auction can never be extended due to an underflow

#273 sherlock-admin closed 1 year ago
0
Jeiwan - The implied value of a public vault can be impaired, liquidity providers can lose funds

#272 sherlock-admin opened 1 year ago
0
Jeiwan - Liquidity providers can lose funds due to vault share price manipulation

#271 sherlock-admin closed 1 year ago
0
Jeiwan - Funds can be lost when repaying liens

#270 sherlock-admin closed 1 year ago
0
Jeiwan - A buyout is paid by liquidity providers, not by a borrower

#269 sherlock-admin closed 1 year ago
1
Jeiwan - A borrower can steal auctioned collateral for current bidder

#268 sherlock-admin closed 1 year ago
0
Jeiwan - Cancelling an auction doesn't repay the entire debt and doesn't unlock collateral

#267 sherlock-admin closed 1 year ago
0
bin2chen - Auction#reservePrice maybe less than required

#266 sherlock-admin closed 1 year ago
4
peanuts - initiator in createAuction can be set to address(0)

#265 sherlock-admin closed 1 year ago
0
bin2chen - new loans "max duration" is not restricted

#264 sherlock-admin opened 1 year ago
0
peanuts - initiatorFee in createAuction() has no upperbound and can be set at a percentage above 100%

#263 sherlock-admin closed 1 year ago
0
__141345__ - Over payment should be returned

#262 sherlock-admin closed 1 year ago
0
__141345__ - Multiple lien positions liquidations could cause fund loss

#261 sherlock-admin closed 1 year ago
5
__141345__ - Steal deposit fund in ERC4626 vault by exchange rate manipulation

#260 sherlock-admin closed 1 year ago
0
__141345__ - `LIEN_TOKEN.ownerOf(i)` should be `LIEN_TOKEN.ownerOf(liensRemaining[i])`

#259 sherlock-admin opened 1 year ago
0
__141345__ - If an auction has no bidder, the NFT ownership should go back to the loan lenders

#258 sherlock-admin opened 1 year ago
5
chainNue - Existing Auction can be overwritten, any high bidder will lost their spot and asset

#257 sherlock-admin closed 1 year ago
0
HonorLt - _validateCommitment validations

#256 sherlock-admin closed 1 year ago
0
HonorLt - Strategist fee is not used

#255 sherlock-admin closed 1 year ago
0
HonorLt - Admin privilleges

#254 sherlock-admin closed 1 year ago
0
chainNue - Auction's `firstBidTime` already initiated before any user bid the Auction lead to miss-information and shorten auction duration

#253 sherlock-admin closed 1 year ago
0
tives - makePayment doesn’t divide the paymentAmount by the receiving liens

#252 sherlock-admin closed 1 year ago
0
tives - invalid potentialDebt calculation

#251 sherlock-admin closed 1 year ago
0
HonorLt - Strategist nonce replay

#250 sherlock-admin closed 1 year ago
0
tives - LienToken._deleteLienPosition is public

#249 sherlock-admin closed 1 year ago
0
tives - There are no checks or refunds for excessive payments in makePayment

#248 sherlock-admin closed 1 year ago
0
tives - Liens for the same vault with same parameters cannot me minted

#247 sherlock-admin closed 1 year ago
0
HonorLt - ecrecover returns zero address for invalid signatures

#246 sherlock-admin closed 1 year ago
0