sherlock-audit 2022-10-illuminate-judging issues

sherlock-audit / 2022-10-illuminate-judging

3 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

ak1 - ERC5095.sol : redeem and withdraw MUST emit the Redeem event.

#189 sherlock-admin closed 2 years ago
2
JohnSmith - Incorrect returned amount check prevents users to lend

#188 sherlock-admin closed 2 years ago
0
JohnSmith - Wrong time check on change fee in Redeemer

#187 sherlock-admin closed 2 years ago
0
JohnSmith - Can not change fee used in Redeemer

#186 sherlock-admin closed 2 years ago
0
JohnSmith - `mint` does not mint

#185 sherlock-admin closed 2 years ago
0
JohnSmith - `preview*` functions do not follow EIP5095

#184 sherlock-admin closed 2 years ago
0
JohnSmith - Loss of tokens on deposit

#183 sherlock-admin closed 2 years ago
0
JohnSmith - Function `convertToUnderlying(uint256 s)` does not follow EIP5095

#182 sherlock-admin closed 2 years ago
0
hyh - Illuminate PT token pool operations results can be manipulated by sandwich attacks

#181 sherlock-admin closed 2 years ago
1
hyh - Marketplace's and Lender's batch functions performing delegatecalls are payable

#180 sherlock-admin closed 2 years ago
1
hyh - Yield, Swivel, Element, APWine and Sense lend() are subject to reentracy resulting in Illuminate PT over-mint

#179 sherlock-admin opened 2 years ago
7
pashov - `redeem` does not work for Illuminate principal tokens

#178 sherlock-admin closed 2 years ago
1
pashov - Griefing attack vector in `Lender.sol` `mint()` can result in big value loss for users

#177 sherlock-admin closed 2 years ago
0
pashov - ERC5095 slippage checks can easily be manipulated with a flash loan, because they use `preview` on-chain

#176 sherlock-admin closed 2 years ago
1
pashov - `Marketplace.sol` is checking the incorrect variable for slippage

#175 sherlock-admin closed 2 years ago
3
pashov - ERC5095 hardcoded slippage tolerance is too low - it is 1% and can result in DoS for users

#174 sherlock-admin closed 2 years ago
2
pashov - ERC5095::mint checks slippage with underlying amount when it should check with principal (shares) amount

#173 sherlock-admin closed 2 years ago
0
pashov - Maturity expiration check is missing for `Sense` in `Redeemer.sol`

#172 sherlock-admin closed 2 years ago
1
pashov - Missing token approvals can result in DoS in `Marketplace.sol`

#171 sherlock-admin closed 2 years ago
0
windowhan_kalosec - Attacker can overissue Illuminate tokens due to lend function reentrancy and absense user input validation

#170 sherlock-admin closed 2 years ago
0
0x52 - Redeemer#redeem for Sense can never redeem because it never approves cTokens to be transferred by Converter

#169 sherlock-admin closed 2 years ago
1
pashov - Compromised or malicious owner can easily rug 100% of user tokens held in `Lender.sol`

#168 sherlock-admin closed 2 years ago
0
pashov - Some tokens (USDT) expect to always have zero allowances before approving a non-uint256.max amount

#167 sherlock-admin closed 2 years ago
8
0x52 - Redeemer#redeem for Sense slippage check is not adequete due to token decimal mismatch

#166 sherlock-admin closed 2 years ago
0
pashov - For at least the first 3 days after launch the users will lose 99.999% of their value locked to fees

#165 sherlock-admin closed 2 years ago
0
0x52 - Lender#lend for Sense has mismatched decimals

#164 sherlock-admin opened 2 years ago
1
cryptphi - Anyone is able to redeem underlying asset from ERC5095 contract pre-maturity

#163 sherlock-admin closed 2 years ago
2
cryptphi - Anybody can withdraw underlying asset without ERC5095 token burn before maturity without burning leading to theft of funds

#162 sherlock-admin closed 2 years ago
0
0x52 - Lender#lend for APWine doesn't validate that pool is swapping same underlying as market underlying

#161 sherlock-admin closed 2 years ago
1
cryptphi - setFee() in Redeemer contract would always revert.

#160 sherlock-admin closed 2 years ago
0
8olidity - `transferFYTs()` can bypass `withdraw()`

#159 sherlock-admin closed 2 years ago
1
8olidity - delegatecall() modify Marketplace.sol State variables

#158 sherlock-admin closed 2 years ago
0
8olidity - `Marketplace::burn()` Logic problem

#157 sherlock-admin closed 2 years ago
0
Tomo - No error handling leads to loss of lender funds

#156 sherlock-admin closed 2 years ago
0
Tomo - Not converted at the correct value.

#155 sherlock-admin closed 2 years ago
0
Tomo - Unsupported transfer-with-fee tokens

#154 sherlock-admin closed 2 years ago
0
ctf_sec - IMPORTANT: User can mint arbitrary amount of principle token by passing invalid parameter in the Lender.sol#mint because Safe.transferFrom(IERC20(principal), msg.sender, address(this), a) does not check IERC20 code size.

#153 sherlock-admin closed 2 years ago
0
ctf_sec - Malicious actor can hijack to Converter execution flow and perform malicious approval in Converter.sol

#152 sherlock-admin closed 2 years ago
2
ctf_sec - In Redeemer.sol contract, allowance is not properly given to underlying contract before redeeming.

#151 sherlock-admin closed 2 years ago
1
ctf_sec - The address for swivel contract and pendle contract and tempus contract cannot be updated in the Redeemer.sol

#150 sherlock-admin closed 2 years ago
2
hyh - Funds will be lost for Swivel lend() caller if it be run with another Yield Space pool and zero premiumSlippage

#149 sherlock-admin closed 2 years ago
1
ctf_sec - Redeemed amount in Redeemer.sol#authRedeem may be truncated

#148 sherlock-admin closed 2 years ago
1
hyh - Slippage control is rendered void by misusing asset amount to be sold as a slippage base

#147 sherlock-admin closed 2 years ago
1
ctf_sec - Redeem function for Sense finance does not check the maturity.

#146 sherlock-admin closed 2 years ago
1
ctf_sec - Swivel redeem function parameter signature mismatch in Redeemer.sol

#145 sherlock-admin closed 2 years ago
9
ctf_sec - function autoRedeem should check the principle token allowance instead of the underlying token allowance in Redeemer.sol

#144 sherlock-admin closed 2 years ago
1
ctf_sec - Redeem function for Swivel, Yield, Element, Pendle, APWine, Tempus and Notional protocols and Sense missing unpaused modifier in Redeemer.sol

#143 sherlock-admin closed 2 years ago
0
ctf_sec - Swivel lending function missing slippage check in Lender.sol

#142 sherlock-admin closed 2 years ago
1
ctf_sec - Tempus depositAndFix function signature mismatch in Lender.sol

#141 sherlock-admin closed 2 years ago
2
ctf_sec - principal value for element, pendle, APWine, Tempus, and Sense lending function is not validated.

#140 sherlock-admin closed 2 years ago
0

Previous Next