issues
search
sherlock-audit
/
2022-10-rage-trade-judging
1
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
DnGmxJuniorVaultManager._getGlpPrice returns price of glp in USD and is used in places that expects USDC
#88
IAm0x52
closed
1 year ago
1
Rage Trade - DnGmxJuniorVault.getPriceX128() will revert for intermediate values larger than 256 bits
#87
IAm0x52
closed
1 year ago
0
Rage Trade - executeBatchDeposit() will revert under certain conditions
#86
IAm0x52
opened
1 year ago
2
Rage Trade - Denial of Service on Batching Manager
#85
jacksanford1
opened
1 year ago
2
Rage Trade - Incorrect "maxAvailable" calc in "maxWithdraw" for Senior Vault
#84
jacksanford1
opened
1 year ago
1
ak1 - Consider setting the depositcap inside the initializer function
#83
github-actions[bot]
closed
1 year ago
0
ak1 - Reentrancy guard is missing for deposit, mint in junior and senior vaults
#82
github-actions[bot]
closed
1 year ago
0
ak1 - Lack of reentrancy guard for `withdraw` and `redeem` in all contracts
#81
github-actions[bot]
closed
1 year ago
0
GimelSec - wethConversionThreshold should has a reasonable limit
#80
github-actions[bot]
closed
1 year ago
0
GimelSec - If a user approves junior vault tokens to WithdrawPeriphery, anyone can withdraw/redeem his/her token
#79
github-actions[bot]
opened
1 year ago
2
GimelSec - Attackers can manipulate ERC4626 price per share to take an unfair share of future users.
#78
github-actions[bot]
closed
1 year ago
0
ak1 - WithdrawPeriphery.sol : Transfer the fund from `fsGlp` before calling the `withdrawToken` and `redeemToken`
#77
github-actions[bot]
closed
1 year ago
1
ak1 - DnGmxJuniorVault.sol#L309 : use of call code is recommended instead of `transfer`
#76
github-actions[bot]
closed
1 year ago
0
ak1 - DnGmxJuniorVault.sol#L314 : reset the `state.protocolEsGmx` to zero, before unstake
#75
github-actions[bot]
closed
1 year ago
0
ak1 - WithdrawPeriphery.sol#L74-L77, DnGmxBatchingManager.sol#L152-L156 : maximum cap check is missed while setting the slippageThreshold
#74
github-actions[bot]
closed
1 year ago
0
keccak123 - Incorrect Uniswap Paths
#73
github-actions[bot]
closed
1 year ago
1
keccak123 - Deprecated Chainlink oracle function
#72
github-actions[bot]
closed
1 year ago
0
keccak123 - No access control on external receiveFlashLoan
#71
github-actions[bot]
closed
1 year ago
0
Waze - Unsafe usage ofERC20 transferand transferForm
#70
github-actions[bot]
closed
1 year ago
0
tives - GMX reenters the deposit function
#69
github-actions[bot]
closed
1 year ago
0
__141345__ - Steal deposit fund in ERC4626 vault by exchange rate manipulation
#68
github-actions[bot]
closed
1 year ago
0
0x52 - DnGmxJuniorVaultManager#harvestFees can push junior vault borrowedUSDC above borrow cap and DOS vault
#67
github-actions[bot]
opened
1 year ago
3
peanuts - First depositor of sGLP token can break share calculations
#66
github-actions[bot]
closed
1 year ago
0
0x52 - Adversary can siphon funds from JuniorVault by sandwiching their own deposits and withdraws
#65
github-actions[bot]
closed
1 year ago
1
0xheynacho - CALL() SHOULD BE USED INSTEAD OF TRANSFER() ON AN ADDRESS PAYABLE
#64
github-actions[bot]
closed
1 year ago
0
tives - Early user share manipulation with 1 wei
#63
github-actions[bot]
closed
1 year ago
0
0x52 - DnGmxJuniorVaultManager#_rebalanceBorrow logic is flawed and could result in vault liquidation
#62
github-actions[bot]
opened
1 year ago
2
clems4ever - Wrong price calculation in DnGmxJuniorVaultManager.sol
#61
github-actions[bot]
opened
1 year ago
4
clems4ever - Wrong min amount calculation in WithdrawPeriphery.sol
#60
github-actions[bot]
closed
1 year ago
4
ctf_sec - User can call executeBatchDeposit any time to unpause the vault and DOS the vault by calling deposit
#59
github-actions[bot]
closed
1 year ago
1
ctf_sec - totalAsset() can be manipulated in Junior Vault and Senior Vault.sol, affecting minted share.
#58
github-actions[bot]
closed
1 year ago
1
ctf_sec - GMX LP (GLP) token price is vulnerable to manipulation.
#57
github-actions[bot]
closed
1 year ago
0
0xSmartContract - If the `renounceOwnership` authorization is used, the project becomes unavailable
#56
github-actions[bot]
closed
1 year ago
0
0x52 - WithdrawPeriphery#_convertToToken slippage control is broken for any token other than USDC
#55
github-actions[bot]
opened
1 year ago
4
0xSmartContract - There is a risk that the `feeBps` variable is accidentally initialized to 0 and platform loses money
#54
github-actions[bot]
closed
1 year ago
0
zimu - Compatibility issue: import different version of contracts from Uniswap
#53
github-actions[bot]
closed
1 year ago
0
ctf_sec - RebalanceHedge can revert if there is underflow in DnGmxSeniorVault.sol#availableBorrow, blocking withdraw and deposit in JuniorVault
#52
github-actions[bot]
closed
1 year ago
2
zimu - Compatibility issue: imported contracts from aave are not the latest
#51
github-actions[bot]
closed
1 year ago
0
simon135 - An attacker can give weth to the contract and can send a little weth and cause the else statement to get caused increasing the seniorVaultWethRewards or deceasing and making it zero
#50
github-actions[bot]
closed
1 year ago
2
simon135 - if the owner is resetting the fee recipient an attacker can frontrun the the resetting and the new fee recipient will not get the fees
#49
github-actions[bot]
closed
1 year ago
0
defsec - Use `safeTransfer/safeTransferFrom` consistently instead of `transfer/transferFrom`
#48
github-actions[bot]
closed
1 year ago
0
ctf_sec - Stale oracle price can be used because the oracle source is lack of price refreshness check.
#47
github-actions[bot]
closed
1 year ago
1
ctf_sec - Uniswap V3 conversion swap path is incorrectly hardcoded in DnGmxJuniorVaultManager.sol
#46
github-actions[bot]
closed
1 year ago
0
Ruhum - Junior and Senior vault can't handle slippage
#45
github-actions[bot]
closed
1 year ago
1
ctf_sec - Pause function also pause withdraw / redeem, locking user's fund.
#44
github-actions[bot]
closed
1 year ago
0
cccz - Attacker can manipulate the pricePerShare to profit from future users' deposits
#43
github-actions[bot]
closed
1 year ago
0
cccz - WithdrawPeriphery: withdrawToken/redeemToken allows users to withdraw other users' approved shares
#42
github-actions[bot]
closed
1 year ago
0
zimu - Unchecked return value of external AAVE call of IPool interface
#41
github-actions[bot]
closed
1 year ago
1
zimu - Unchecked return value of external tranfer call
#40
github-actions[bot]
closed
1 year ago
0
0x52 - WithdrawPeriphery uses incorrect value for MAX_BPS which will allow much higher slippage than intended
#39
github-actions[bot]
opened
1 year ago
2
Next