sherlock-audit 2022-10-rage-trade-judging issues

sherlock-audit / 2022-10-rage-trade-judging

1 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

DnGmxJuniorVaultManager._getGlpPrice returns price of glp in USD and is used in places that expects USDC

#88 IAm0x52 closed 1 year ago
1
Rage Trade - DnGmxJuniorVault.getPriceX128() will revert for intermediate values larger than 256 bits

#87 IAm0x52 closed 1 year ago
0
Rage Trade - executeBatchDeposit() will revert under certain conditions

#86 IAm0x52 opened 1 year ago
2
Rage Trade - Denial of Service on Batching Manager

#85 jacksanford1 opened 1 year ago
2
Rage Trade - Incorrect "maxAvailable" calc in "maxWithdraw" for Senior Vault

#84 jacksanford1 opened 1 year ago
1
ak1 - Consider setting the depositcap inside the initializer function

#83 github-actions[bot] closed 1 year ago
0
ak1 - Reentrancy guard is missing for deposit, mint in junior and senior vaults

#82 github-actions[bot] closed 1 year ago
0
ak1 - Lack of reentrancy guard for `withdraw` and `redeem` in all contracts

#81 github-actions[bot] closed 1 year ago
0
GimelSec - wethConversionThreshold should has a reasonable limit

#80 github-actions[bot] closed 1 year ago
0
GimelSec - If a user approves junior vault tokens to WithdrawPeriphery, anyone can withdraw/redeem his/her token

#79 github-actions[bot] opened 1 year ago
2
GimelSec - Attackers can manipulate ERC4626 price per share to take an unfair share of future users.

#78 github-actions[bot] closed 1 year ago
0
ak1 - WithdrawPeriphery.sol : Transfer the fund from `fsGlp` before calling the `withdrawToken` and `redeemToken`

#77 github-actions[bot] closed 1 year ago
1
ak1 - DnGmxJuniorVault.sol#L309 : use of call code is recommended instead of `transfer`

#76 github-actions[bot] closed 1 year ago
0
ak1 - DnGmxJuniorVault.sol#L314 : reset the `state.protocolEsGmx` to zero, before unstake

#75 github-actions[bot] closed 1 year ago
0
ak1 - WithdrawPeriphery.sol#L74-L77, DnGmxBatchingManager.sol#L152-L156 : maximum cap check is missed while setting the slippageThreshold

#74 github-actions[bot] closed 1 year ago
0
keccak123 - Incorrect Uniswap Paths

#73 github-actions[bot] closed 1 year ago
1
keccak123 - Deprecated Chainlink oracle function

#72 github-actions[bot] closed 1 year ago
0
keccak123 - No access control on external receiveFlashLoan

#71 github-actions[bot] closed 1 year ago
0
Waze - Unsafe usage ofERC20 transferand transferForm

#70 github-actions[bot] closed 1 year ago
0
tives - GMX reenters the deposit function

#69 github-actions[bot] closed 1 year ago
0
__141345__ - Steal deposit fund in ERC4626 vault by exchange rate manipulation

#68 github-actions[bot] closed 1 year ago
0
0x52 - DnGmxJuniorVaultManager#harvestFees can push junior vault borrowedUSDC above borrow cap and DOS vault

#67 github-actions[bot] opened 1 year ago
3
peanuts - First depositor of sGLP token can break share calculations

#66 github-actions[bot] closed 1 year ago
0
0x52 - Adversary can siphon funds from JuniorVault by sandwiching their own deposits and withdraws

#65 github-actions[bot] closed 1 year ago
1
0xheynacho - CALL() SHOULD BE USED INSTEAD OF TRANSFER() ON AN ADDRESS PAYABLE

#64 github-actions[bot] closed 1 year ago
0
tives - Early user share manipulation with 1 wei

#63 github-actions[bot] closed 1 year ago
0
0x52 - DnGmxJuniorVaultManager#_rebalanceBorrow logic is flawed and could result in vault liquidation

#62 github-actions[bot] opened 1 year ago
2
clems4ever - Wrong price calculation in DnGmxJuniorVaultManager.sol

#61 github-actions[bot] opened 1 year ago
4
clems4ever - Wrong min amount calculation in WithdrawPeriphery.sol

#60 github-actions[bot] closed 1 year ago
4
ctf_sec - User can call executeBatchDeposit any time to unpause the vault and DOS the vault by calling deposit

#59 github-actions[bot] closed 1 year ago
1
ctf_sec - totalAsset() can be manipulated in Junior Vault and Senior Vault.sol, affecting minted share.

#58 github-actions[bot] closed 1 year ago
1
ctf_sec - GMX LP (GLP) token price is vulnerable to manipulation.

#57 github-actions[bot] closed 1 year ago
0
0xSmartContract - If the `renounceOwnership` authorization is used, the project becomes unavailable

#56 github-actions[bot] closed 1 year ago
0
0x52 - WithdrawPeriphery#_convertToToken slippage control is broken for any token other than USDC

#55 github-actions[bot] opened 1 year ago
4
0xSmartContract - There is a risk that the `feeBps` variable is accidentally initialized to 0 and platform loses money

#54 github-actions[bot] closed 1 year ago
0
zimu - Compatibility issue: import different version of contracts from Uniswap

#53 github-actions[bot] closed 1 year ago
0
ctf_sec - RebalanceHedge can revert if there is underflow in DnGmxSeniorVault.sol#availableBorrow, blocking withdraw and deposit in JuniorVault

#52 github-actions[bot] closed 1 year ago
2
zimu - Compatibility issue: imported contracts from aave are not the latest

#51 github-actions[bot] closed 1 year ago
0
simon135 - An attacker can give weth to the contract and can send a little weth and cause the else statement to get caused increasing the seniorVaultWethRewards or deceasing and making it zero

#50 github-actions[bot] closed 1 year ago
2
simon135 - if the owner is resetting the fee recipient an attacker can frontrun the the resetting and the new fee recipient will not get the fees

#49 github-actions[bot] closed 1 year ago
0
defsec - Use `safeTransfer/safeTransferFrom` consistently instead of `transfer/transferFrom`

#48 github-actions[bot] closed 1 year ago
0
ctf_sec - Stale oracle price can be used because the oracle source is lack of price refreshness check.

#47 github-actions[bot] closed 1 year ago
1
ctf_sec - Uniswap V3 conversion swap path is incorrectly hardcoded in DnGmxJuniorVaultManager.sol

#46 github-actions[bot] closed 1 year ago
0
Ruhum - Junior and Senior vault can't handle slippage

#45 github-actions[bot] closed 1 year ago
1
ctf_sec - Pause function also pause withdraw / redeem, locking user's fund.

#44 github-actions[bot] closed 1 year ago
0
cccz - Attacker can manipulate the pricePerShare to profit from future users' deposits

#43 github-actions[bot] closed 1 year ago
0
cccz - WithdrawPeriphery: withdrawToken/redeemToken allows users to withdraw other users' approved shares

#42 github-actions[bot] closed 1 year ago
0
zimu - Unchecked return value of external AAVE call of IPool interface

#41 github-actions[bot] closed 1 year ago
1
zimu - Unchecked return value of external tranfer call

#40 github-actions[bot] closed 1 year ago
0
0x52 - WithdrawPeriphery uses incorrect value for MAX_BPS which will allow much higher slippage than intended

#39 github-actions[bot] opened 1 year ago
2