issues
search
sherlock-audit
/
2022-11-bullvbear-judging
0
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
saian - No check for `sellOrder.asset == order.asset`
#150
sherlock-admin
closed
1 year ago
0
Tajobin - It is possible to match contracts that expire in the next block
#149
sherlock-admin
closed
1 year ago
1
Zarf - Checks-Effects-Interaction pattern not followed
#148
sherlock-admin
closed
1 year ago
0
Bahurum - `settleContract` gas usage can be increased by bull making settling unprofitable for bear
#147
sherlock-admin
closed
1 year ago
0
Deivitto - `block.timestamp` used as time proxy
#146
sherlock-admin
closed
1 year ago
0
Deivitto - A position can be permanently lost
#145
sherlock-admin
closed
1 year ago
0
saian - Fee on transfer tokens is not supported
#144
sherlock-admin
closed
1 year ago
0
Deivitto - If wrongly assigned `weth` to `0x0`, `deposit` of `WETH` won't work
#143
sherlock-admin
closed
1 year ago
0
ElKu - Malicious Bull can make the Bear pay a very high gas fee by manipulating the NFT receive function
#142
sherlock-admin
closed
1 year ago
0
minhquanym - Attacker can burn ERC20 funds in the contract
#141
sherlock-admin
closed
1 year ago
2
curiousapple - [Medium-1] Due to external call done before state updates, bulls can add extra gas overhead for bears to settle.
#140
sherlock-admin
closed
1 year ago
4
Deivitto - Unbounded loop can run out of gas
#139
sherlock-admin
closed
1 year ago
0
0xbepresent - The transferPosition() function does not check if the recipient is a contract
#138
sherlock-admin
closed
1 year ago
0
carrot - Missing settled orders check
#137
sherlock-admin
closed
1 year ago
2
Deivitto - Single-step ownership transfer can block important setter functions and lock fees
#136
sherlock-admin
closed
1 year ago
0
Zarf - Fee-on-transfer tokens not might leak funds
#135
sherlock-admin
closed
1 year ago
0
neumo - Reentrancy in withdrawToken could lead to funds drained
#134
sherlock-admin
closed
1 year ago
0
Tajobin - Fake SellOrders and Orders can be used for price manipulation
#133
sherlock-admin
closed
1 year ago
0
minhquanym - Wrong put option mechanism, bear should not receive premium in any case.
#132
sherlock-admin
closed
1 year ago
1
GimelSec - It should use timelock on `allowedAsset` and `allowedCollection`
#131
sherlock-admin
closed
1 year ago
0
GimelSec - It doesn't handle fee-on-transfer/deflationary tokens
#130
sherlock-admin
opened
1 year ago
2
GimelSec - It should store contractId instead of recipient in `withdrawableCollectionTokenId`
#129
sherlock-admin
closed
1 year ago
0
carrot - Allow changing of recipient for withdrawToken
#128
sherlock-admin
closed
1 year ago
1
GimelSec - Attackers can use `reclaimContract()` to transfer assets in protocol to address(0)
#127
sherlock-admin
opened
1 year ago
2
GimelSec - Malicious Bulls can use `transferPosition()` to bypass `checkIsValidOrder()`.
#126
sherlock-admin
closed
1 year ago
0
Bahurum - Reentrancy in `settleContract` with ERC777 `asset`
#125
sherlock-admin
closed
1 year ago
0
Mukund - The code don't use nonce to identify orders, instead it uses order hash which is not best practice and could cause some issues like: duplicate nonce for different orders, can't quickly identify cancelled orders without order's all info, can't cancel multiple orders, can't cancel order without knowing order's all parameters
#124
sherlock-admin
closed
1 year ago
1
0v3rf10w - Med: Incompatability with fee-on-transfer tokens
#123
sherlock-admin
closed
1 year ago
0
carrot - Re-entrancy in certain functions
#122
sherlock-admin
closed
1 year ago
0
Bahurum - `transferPosition()` to `address(0)` allows matching the same order multiple times
#121
sherlock-admin
closed
1 year ago
0
pashov - The protocol does not support fee-on-transfer or rebasing ERC20 tokens
#120
sherlock-admin
closed
1 year ago
0
carrot - Orders can be matched multiple time costing multiple premiums
#119
sherlock-admin
closed
1 year ago
0
curiousapple - [High-1] Any bull can override the already matched order with the new bear, resulting in a loss for the previous bear instantly.
#118
sherlock-admin
closed
1 year ago
0
pashov - `batchMatchOrders` won't work with ether transfers
#117
sherlock-admin
closed
1 year ago
1
pashov - Using a vulnerable ECDSA library can result in signature malleability
#116
sherlock-admin
closed
1 year ago
2
WATCHPUG - Misc
#115
sherlock-admin
closed
1 year ago
0
WATCHPUG - Bull can `transferPosition()` to `address(0)` and the original order can be matched again
#114
sherlock-admin
opened
1 year ago
3
hansfriese - Protocol can lose the fee and withdrawal function can become useless.
#113
sherlock-admin
closed
1 year ago
0
hansfriese - The NFT might be locked inside the protocol forever after the contract was settled.
#112
sherlock-admin
closed
1 year ago
0
WATCHPUG - Bull can prevent `settleContract()`
#111
sherlock-admin
opened
1 year ago
3
hansfriese - Attacker can trigger permanent lock of funds of normal traders
#110
sherlock-admin
closed
1 year ago
3
hansfriese - A malicious user can drain the protocol funds using `reclaimContract()`.
#109
sherlock-admin
closed
1 year ago
0
WATCHPUG - `withdrawToken()` should be able to specify the `recipient` in calldata
#108
sherlock-admin
closed
1 year ago
0
WATCHPUG - `order.premium` should always be paid to the bull
#107
sherlock-admin
closed
1 year ago
1
0xmuxyz - Lack of check whether the caller of `withdrawToken()` function is the Bull or not
#106
sherlock-admin
closed
1 year ago
0
Mukund - USER CAN ACCIDENTALLY SEND MORE ETH THAN HE IS INTENDED TO DO
#105
sherlock-admin
closed
1 year ago
0
simon135 - A bear can give the nft but then get the `premium+collateral` which they shouldn't get if they are the buyer of order
#104
sherlock-admin
closed
1 year ago
1
imare - position ownership transfer breaks order cancellation functionality
#103
sherlock-admin
closed
1 year ago
1
simon135 - A Bear can give a worst nft in the collection that is near 0 with out an agreement on it and cause the bull to get a bad deal
#102
sherlock-admin
closed
1 year ago
0
zimu - Nonce of Order/SellOrder does not fit its orginal meaning
#101
sherlock-admin
closed
1 year ago
1
Next