sherlock-audit 2022-10-illuminate-judging issues

sherlock-audit / 2022-10-illuminate-judging

3 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

hyh - autoRedeem might be run before all external PT were redeemed

#239 sherlock-admin closed 1 year ago
1
hyh - Unlimited mint of Illuminate PTs is possible whenever any market is uninitialized and unpaused

#238 sherlock-admin opened 1 year ago
5
__141345__ - Bypass paused `redeem()`

#237 sherlock-admin closed 1 year ago
0
hyh - External PT redeem functions can be reentered to double count the received underlying funds

#236 sherlock-admin opened 1 year ago
4
ak1 - Redeemer.sol: autoRedeem can be called by anyone with valid input to take the incentivefee

#235 sherlock-admin closed 1 year ago
1
HonorLt - Mint Illuminate's ERC5095 indefinitely and auto redeem

#234 sherlock-admin closed 1 year ago
0
HonorLt - Incorrect parameters

#233 sherlock-admin opened 1 year ago
1
minhtrng - Sense redeem is vulnerable to reentrancy

#232 sherlock-admin closed 1 year ago
0
minhtrng - Reentrancy in lending allows overminting of iPT

#231 sherlock-admin closed 1 year ago
0
minhtrng - Deprecation of `base` function

#230 sherlock-admin closed 1 year ago
0
minhtrng - Cant withdraw pre-maturity

#229 sherlock-admin closed 1 year ago
4
hyh - Sense redeem is unavailable and funds are frozen for underlyings whose decimals are smaller than the corresponding IBT decimals

#228 sherlock-admin opened 1 year ago
1
minhtrng - Cant set principal for Notional

#227 sherlock-admin closed 1 year ago
4
HonorLt - scheduleWithdrawal is useless

#226 sherlock-admin closed 1 year ago
0
HonorLt - Wrong default slippage

#225 sherlock-admin closed 1 year ago
1
HonorLt - Converter problems

#224 sherlock-admin closed 1 year ago
0
hyh - Converter cannot be changed in Redeemer

#223 sherlock-admin opened 1 year ago
6
Jeiwan - User can accidentally burn their iPT tokens during redemption

#222 sherlock-admin opened 1 year ago
3
Jeiwan - iPT redeeming is possible when iPT redemptions are paused

#221 sherlock-admin closed 1 year ago
0
hyh - Redeemer autoRedeem will not have meaningful incentives in the case of high decimal underlyings

#220 sherlock-admin closed 1 year ago
2
ak1 - Inadequate access restrictions for Redeem functions in Redeemer.sol

#219 sherlock-admin closed 1 year ago
0
Jeiwan - Missing contract code existence check can cause free and unlimited iPT minting

#218 sherlock-admin closed 1 year ago
0
Jeiwan - Re-entrancy in Sense redemption allows an attacker to inflate holdings and get more underlying tokens

#217 sherlock-admin closed 1 year ago
0
Jeiwan - Anyone can burn anyone else's iPT tokens

#216 sherlock-admin closed 1 year ago
0
Jeiwan - Wrong return value in the Pendle's `lend` function can cause lose of funds or excessive iPT issuance

#215 sherlock-admin closed 1 year ago
1
Jeiwan - Re-entrancy during lending allows an attacker to mint iPT without paying underlying tokens

#214 sherlock-admin closed 1 year ago
0
Jeiwan - Users can receive less tokens during redeeming due to iPT inflation in the `mint` function

#213 sherlock-admin closed 1 year ago
5
HonorLt - User controlled parameters and re-entrancy

#212 sherlock-admin closed 1 year ago
0
hyh - No returning of premium if there is no swap to PT

#211 sherlock-admin opened 1 year ago
1
__141345__ - `autoRedeem()` could be abused to dilute other users fund

#210 sherlock-admin closed 1 year ago
4
HonorLt - Unpaused on redeem functions

#209 sherlock-admin closed 1 year ago
0
HonorLt - Lend or mint after maturity

#208 sherlock-admin opened 1 year ago
1
__141345__ - `maxWithdraw()` should use owner's balance

#207 sherlock-admin closed 1 year ago
0
__141345__ - `Holdings` could be unfair for redeem amount calculation

#206 sherlock-admin closed 1 year ago
3
__141345__ - `autoRedeem()` should check PT allowance

#205 sherlock-admin closed 1 year ago
2
hyh - Griefing attack can block Sense withdrawal altogether

#204 sherlock-admin closed 1 year ago
3
__141345__ - `autoRedeem()` should update allowance afterwards

#203 sherlock-admin closed 1 year ago
0
__141345__ - Slippage control should use `shares` rather than `assets`

#202 sherlock-admin closed 1 year ago
2
__141345__ - Rounding error in slippage control

#201 sherlock-admin closed 1 year ago
0
__141345__ - Hardcoded slippage control

#200 sherlock-admin closed 1 year ago
2
__141345__ - Element and APWine upgrade could break created market

#199 sherlock-admin closed 1 year ago
1
__141345__ - DoS `autoRedeem()` to lock other users fund

#198 sherlock-admin closed 1 year ago
1
__141345__ - Allowance update should use the share, not the amount

#197 sherlock-admin closed 1 year ago
3
cryptphi - User can double mint illuminate PTs through cross-function re-entrancy.

#196 sherlock-admin closed 1 year ago
0
hyh - There are no Illuminate PT transfers from the owner in ERC5095's withdraw and redeem before maturity

#195 sherlock-admin opened 1 year ago
6
HonorLt - Redeem Illuminate before holdings are filled

#194 sherlock-admin closed 1 year ago
2
HonorLt - Compound redeems does not check the return value

#193 sherlock-admin closed 1 year ago
0
ak1 - ERC5095.sol - approval based `redeem` and `withdraw` will not be safe.

#192 sherlock-admin closed 1 year ago
2
ak1 - Redeemer.sol#L168 : setFee never be called .

#191 sherlock-admin closed 1 year ago
0
ak1 - ERC5095.sol#L98 : maxWithdraw should consider owner's balance to return before maturity. Not the contract's balance

#190 sherlock-admin closed 1 year ago
0