sherlock-audit 2022-10-mover-judging issues

sherlock-audit / 2022-10-mover-judging

1 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Lambda - Signatures for CardTopupTrusted are usable after a chain fork

#86 sherlock-admin closed 2 years ago
0
Lambda - CardTopupTrusted signatures can be used multiple times / replayed

#85 sherlock-admin closed 2 years ago
0
ctf_sec - Incompatability with deflationary / fee-on-transfer tokens

#84 sherlock-admin closed 2 years ago
0
Lambda - CardTopupPermit calls can be griefed

#83 sherlock-admin closed 2 years ago
1
sorrynotsorry - Loss of surplus Eth

#82 sherlock-admin closed 2 years ago
0
Lambda - Synapse Bridge: Calldata with different to address can be provided

#81 sherlock-admin closed 2 years ago
0
sorrynotsorry - Rebasing tokens

#80 sherlock-admin closed 2 years ago
0
cryptphi - Anyone can frontrun and initialize HardenedTopupProxy to become admin and perform admin activities

#79 sherlock-admin closed 2 years ago
0
cryptphi - executeSwap() function would always revert.

#78 sherlock-admin closed 2 years ago
0
ctf_sec - function CardTopupTrusted and function CardTopupMPTProof and function _processTopup in HardenedTopupProxy.sol may revert because these functions access msg.value but missing payable keywords.

#77 sherlock-admin closed 2 years ago
0
cryptphi - Anyone can frontrun and initialize Whitelist Contract to become admin and carry out admin activities

#76 sherlock-admin closed 2 years ago
0
Ch_301 - the swap will fail on `ExchangeProxy.sol`

#75 sherlock-admin closed 2 years ago
0
Chom - Signature replay if HardenedTopupProxy is deployed on multiple chains

#74 sherlock-admin closed 2 years ago
0
supernova - Funds can get locked during ExecuteSwap

#73 sherlock-admin closed 2 years ago
0
0x52 - Adversary can steal contract fees when topup token is USDC by spoofing _bridgeType and _bridgeTxData

#72 sherlock-admin closed 2 years ago
0
Dravee - `minAmount` can be above `maxAmount`

#71 sherlock-admin closed 2 years ago
1
dipp - Fee-on-transfer/deflationary tokens not supported

#70 sherlock-admin closed 2 years ago
0
Dravee - Fees are unbounded

#69 sherlock-admin closed 2 years ago
0
Dravee - The admin can DOS any topup function by setting `allowanceTreshold` to `0`

#68 sherlock-admin closed 2 years ago
1
Dravee - `executorAddress` can be `address(this)`

#67 sherlock-admin closed 2 years ago
0
8olidity - UPGRADEABLE CONTRACT IS MISSING A __GAP[50] STORAGE VARIABLE TO ALLOW FOR NEW STORAGE VARIABLES IN LATER VERSIONS

#66 sherlock-admin closed 2 years ago
0
dipp - Expected minimum amount received checked before fee is deducted

#65 sherlock-admin closed 2 years ago
1
Dravee - Consistently check account balance before and after transfers for Fee-On-Transfer discrepancies

#64 sherlock-admin closed 2 years ago
0
__141345__ - Signature replay

#63 sherlock-admin closed 2 years ago
0
pashov - `ecrecover` is vulnerable to signature malleability and can also return the zero address for the signer

#62 sherlock-admin closed 2 years ago
0
minhquanym - Lacking slippage check in ExchangeProxy

#61 sherlock-admin closed 2 years ago
1
minhquanym - Anyone can steal fee in ExchangeProxy to do the swap

#60 sherlock-admin closed 2 years ago
1
pashov - Malicious admin can rug the user's topups & swaps

#59 sherlock-admin closed 2 years ago
0
pashov - `safeIncreaseAllowance` will result in a DoS with USDT (and other such non-ERC20 conforming tokens)

#58 sherlock-admin closed 2 years ago
1
caventa - Nonces not used in signed data

#57 sherlock-admin closed 2 years ago
1
Miguel - Using the wrong token decimals for ERC20 tokens(usdc)

#56 sherlock-admin closed 2 years ago
1
dipp - chainId is not checked for Synapse bridging

#55 sherlock-admin closed 2 years ago
1
dipp - _bridgeTxData not checked when using the Synapse bridge could allow a user to topup without providing funds

#54 sherlock-admin closed 2 years ago
2
Chom - Missing slippage control. If swap using another protocol that doesn't support slippage control, users may lose all fund to MEV bots

#53 sherlock-admin closed 2 years ago
1
GalloDaSballo - H-01 - All Fees can be stolen by using them as input amounts - (Works on any exchange)

#52 sherlock-admin closed 2 years ago
1
GalloDaSballo - TODO M-04 No guarantee of no slippage | No guarantee of proper swap

#51 sherlock-admin closed 2 years ago
0
GalloDaSballo - M-03 Blockhash doesn't work for current block

#50 sherlock-admin closed 2 years ago
1
GalloDaSballo - M-02 All the arbitrary data is unchecked against user rugging themselves

#49 sherlock-admin closed 2 years ago
1
GalloDaSballo - L-02 Frontrun of initializers

#48 sherlock-admin closed 2 years ago
0
GalloDaSballo - L-01 Extra value will be lost

#47 sherlock-admin closed 2 years ago
0
GalloDaSballo - M-01 `executeSwap` doesn't work

#46 sherlock-admin closed 2 years ago
0
0xSmartContract - No Storage Gap for Upgradeable Contracts

#45 sherlock-admin closed 2 years ago
0
0xSmartContract - Missing ReEntrancy Guard to `executeSwapDirect` function

#44 sherlock-admin closed 2 years ago
1
seyni - Missing check in `ExchangeProxy.executeSwapDirect` lead to users potentially losing a significant amount of their assets

#43 sherlock-admin closed 2 years ago
0
berndartmueller - The time-dependent signature check is not safe

#42 sherlock-admin closed 2 years ago
3
berndartmueller - The yield distributor can transfer accidentally sent funds

#41 sherlock-admin closed 2 years ago
2
berndartmueller - The Synapse bridge integration does not validate the low-level call function parameter and can lead to incorrect bridging

#40 sherlock-admin closed 2 years ago
2
berndartmueller - Protocol does not work with fee-on-transfer tokens

#39 sherlock-admin closed 2 years ago
1
berndartmueller - Collected fees can be used by anyone to top-up

#38 sherlock-admin closed 2 years ago
1
berndartmueller - Previous yield distributor can drain collected fees

#37 sherlock-admin closed 2 years ago
2

Previous Next