sherlock-audit 2022-10-illuminate-judging issues

sherlock-audit / 2022-10-illuminate-judging

3 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

ctf_sec - ISwivel(swivelAddr).initiate(o, a, s) return value not handled for Swivel lending in Lender.sol

#139 sherlock-admin closed 1 year ago
1
ctf_sec - The address for swivel contract and pendle contract cannot be updated in the Lender.sol

#138 sherlock-admin closed 1 year ago
2
ctf_sec - Lack of timelock for withdraw fee, lack of timelock for change admin and lack of two step admin transfer in Lender.sol and Redeemer.sol

#137 sherlock-admin closed 1 year ago
0
ctf_sec - Lido unwrap fails because the approve is missing before unwrap in Converter.sol

#136 sherlock-admin closed 1 year ago
1
hansfriese - Incorrect revert on mint

#135 sherlock-admin closed 1 year ago
2
hansfriese - Inconsistent use of preview and action functions

#134 sherlock-admin closed 1 year ago
0
ctf_sec - Compound Redeem may fail silently in Converter.sol

#133 sherlock-admin closed 1 year ago
2
hansfriese - Can not change the fee of the Redeemer

#132 sherlock-admin closed 1 year ago
0
hansfriese - `ERC5095.previewRedeem()` and `ERC5095.previewWithdraw()` check the maturity condition wrongly.

#131 sherlock-admin closed 1 year ago
1
hansfriese - `ERC5095.mint()` uses the wrong slippage limit.

#130 sherlock-admin closed 1 year ago
0
hansfriese - `ERC5095.maxWithdraw()` returns the incorrect output.

#129 sherlock-admin closed 1 year ago
2
hansfriese - `ERC5095.maxRedeem()` returns the incorrect output.

#128 sherlock-admin closed 1 year ago
2
hansfriese - Some `Lender.lend()` functions don't validate `p` parameter properly.

#127 sherlock-admin closed 1 year ago
2
hansfriese - First redemption on one market should trigger redemption on other markets

#126 sherlock-admin closed 1 year ago
2
hansfriese - Burn iPT token only for positive redemption

#125 sherlock-admin closed 1 year ago
2
hansfriese - `ERC5095.withdraw()` and `ERC5095.redeem()` don't transfer the principal token to the contract when they work before maturity.

#124 sherlock-admin closed 1 year ago
1
hansfriese - `Redeemer.autoRedeem()` checks the allowance incorrectly.

#123 sherlock-admin closed 1 year ago
1
ctf_sec - AAVE withdraw guaranteed to revert in 0 withdraw amount in Converter.sol

#122 sherlock-admin closed 1 year ago
1
ctf_sec - AAVE withdrawal function signature miss match from both AAVE V2 and AAVE V3 in Converter.sol

#121 sherlock-admin closed 1 year ago
0
IllIllI - Users can mint free Illuminate PTs if underlying decimals don't match external PTs

#120 sherlock-admin opened 1 year ago
1
IllIllI - Holders of worthless external PTs can stick other Illuminate PT holders with bad debts

#119 sherlock-admin opened 1 year ago
8
IllIllI - Wrong Illuminate PT allowance checks lead to loss of principal

#118 sherlock-admin opened 1 year ago
10
IllIllI - Sense PTs can never be redeemed

#117 sherlock-admin opened 1 year ago
1
IllIllI - Fee-on-transfer underlyings can be used to mint Illuminate PTs without fees

#116 sherlock-admin opened 1 year ago
12
IllIllI - Illuminate's PTs burn more tokens than are necessary

#115 sherlock-admin closed 1 year ago
8
IllIllI - Illuminate's PT doesn't respect users' slippage specifications

#114 sherlock-admin opened 1 year ago
9
IllIllI - Illuminate redemptions don't account for protocol pauses/temporary blocklistings

#113 sherlock-admin opened 1 year ago
3
IllIllI - `setPrincipal()` does not ensure that the right maturity has been provided

#112 sherlock-admin closed 1 year ago
2
IllIllI - Sense PT redemptions do not allow for known loss scenarios

#111 sherlock-admin opened 1 year ago
9
IllIllI - Notional PT redemptions do not use flash-resistant prices

#110 sherlock-admin opened 1 year ago
7
IllIllI - APWine PT redemptions can be blocked forever

#109 sherlock-admin opened 1 year ago
4
IllIllI - Illuminate PTs can be used to mint other Illuminate PTs

#108 sherlock-admin opened 1 year ago
0
neumo - Converter is not approved to spend Redeemer's tokens for the case of Sense

#107 sherlock-admin closed 1 year ago
0
IllIllI - No markets can be created since Illuminate PTs are not ERC-4626 tokens

#106 sherlock-admin closed 1 year ago
8
IllIllI - The Pendle version of `lend()` uses the wrong function for swapping fee-on-transfer tokens

#105 sherlock-admin opened 1 year ago
4
IllIllI - ERC777 transfer hooks can be used to bypass fees for markets that support Swivel

#104 sherlock-admin opened 1 year ago
1
IllIllI - No checks that immutable pools match the market

#103 sherlock-admin closed 1 year ago
2
IllIllI - One can never lend via the Sense flavor of `lend()`

#102 sherlock-admin closed 1 year ago
8
IllIllI - Yield/Illuminate lending only works when the user exposes themselves to slippage

#101 sherlock-admin closed 1 year ago
1
ctf_sec - The pool address in MarketPlace.sol cannot be updated.

#100 sherlock-admin closed 1 year ago
2
IllIllI - There can only ever be one market with USDT as the underlying

#99 sherlock-admin opened 1 year ago
2
IllIllI - Tempus lending only works with unlimited slippage

#98 sherlock-admin closed 1 year ago
3
IllIllI - `IAPWineRouter` can be used to lock all protocol fees

#97 sherlock-admin closed 1 year ago
1
IllIllI - Low-severity findings

#96 sherlock-admin closed 1 year ago
2
ctf_sec - Slippage check should happens after the trade in MarketPlace.sol

#95 sherlock-admin closed 1 year ago
1
caventa - Typo in maxWithdraw function could provide wrong return value

#94 sherlock-admin closed 1 year ago
0
bin2chen - redeem() maybe lost underlying asset

#93 sherlock-admin closed 1 year ago
2
bin2chen - withdraw() Logical problem

#92 sherlock-admin closed 1 year ago
2
bin2chen - mint() wrong pass parameter

#91 sherlock-admin closed 1 year ago
1
bin2chen - deposit()/mint() check maturity wrong

#90 sherlock-admin closed 1 year ago
0

Previous Next