sherlock-audit 2022-11-float-capital-judging issues

sherlock-audit / 2022-11-float-capital-judging

2 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

zimu - Costly operations inside a loop

#51 sherlock-admin closed 1 year ago
0
w42d3n - Chainlink’s getRoundData might return stale or incorrect results

#50 sherlock-admin closed 1 year ago
0
zimu - Potential reentrancy vulnerability

#49 sherlock-admin closed 1 year ago
1
WATCHPUG - `totalFunding` can be much higher than expected when the float pool's liquidity is low

#48 sherlock-admin closed 1 year ago
2
WATCHPUG - `valueChange` is not applied to the `underBalancedSide` correctly in `_rebalancePoolsAndExecuteBatchedActions()`

#47 sherlock-admin closed 1 year ago
3
WATCHPUG - `valueChange` should be applied to long and short differently according to the `poolType`

#46 sherlock-admin closed 1 year ago
3
WATCHPUG - Unsafe type casting of `poolValue` can malfunction the whole market

#45 sherlock-admin opened 1 year ago
4
WATCHPUG - `price` can be 0 due to precision loss and further cause `_rebalancePoolsAndExecuteBatchedActions()` to revert

#44 sherlock-admin closed 1 year ago
4
WATCHPUG - The short side should also pay the funding fee

#43 sherlock-admin closed 1 year ago
4
WATCHPUG - An update gap in Chainlink's feed can malfunction the whole market

#42 sherlock-admin opened 1 year ago
8
neila - Reentrancy attack by `settlePoolUserMints()`

#41 sherlock-admin closed 1 year ago
2
neila - `latestRoundData() Oracle data feed is insufficiently validated

#40 sherlock-admin closed 1 year ago
0
neila - `getRoundData()` Oracle data feed is insufficiently validated

#39 sherlock-admin closed 1 year ago
1
neila - Use safe version ERC20

#38 sherlock-admin closed 1 year ago
1
dic0de - Market Can Be Deprecated more than once

#37 sherlock-admin closed 1 year ago
4
neila - Unsupported transfer with fee token

#36 sherlock-admin closed 1 year ago
0
neila - Caused DoS by division 0 as a denominator

#35 sherlock-admin closed 1 year ago
0
neila - Use `SafeERC20Upgradeable.sol` for Upgradeable contracts

#34 sherlock-admin closed 1 year ago
4
obront - Funding Rate calculation is not correct

#33 sherlock-admin opened 1 year ago
9
obront - Users will not be able to buy shares with predictable prices

#32 sherlock-admin closed 1 year ago
1
obront - Pools cannot be initialized because of incorrectly used initializer modifier

#31 sherlock-admin closed 1 year ago
1
obront - Market Liquidity Manger cannot be initialized, bricking admin

#30 sherlock-admin closed 1 year ago
0
8olidity - Risk of overflow

#29 sherlock-admin closed 1 year ago
2
8olidity - Chainlink's latestRoundData Might Return Stale Results

#28 sherlock-admin closed 1 year ago
0
8olidity - Upgradeable contract is missing a `__gap[50]` storage variable to allow for new storage variables in later versions

#27 sherlock-admin closed 1 year ago
1
pashov - Pool initialization without oracle input sanitization can lead to using a zero or stale `roundId` and `price`

#26 sherlock-admin closed 1 year ago
0
imare - wrong return parameter used in ``validateAndReturnMissedEpochInformation`` for validating oracle rounds

#25 sherlock-admin closed 1 year ago
1
pashov - Missing `gemCollecting` modifier will result in a user having to either put in more value than he wanted in protocol or lose on gem value

#24 sherlock-admin closed 1 year ago
1
pashov - Dangerously implemented `initialize` function might be front-ran maliciously, resulting in stolen funds or DoS

#23 sherlock-admin closed 1 year ago
1
pashov - Compromised or malicious admin can rug 100% of TVL

#22 sherlock-admin closed 1 year ago
1
pashov - Protocol won't work with `USDC` even though it is a token specifically mentioned in the docs

#21 sherlock-admin opened 1 year ago
4
pashov - Users will lose value if `paymentToken` is a fee-on-transfer or a rebasing token

#20 sherlock-admin closed 1 year ago
0
AkshaySrivastav - Failing Contract Initialization

#19 sherlock-admin closed 1 year ago
1
sorrynotsorry - Oracle data feed is not validated with `decimals()`

#18 sherlock-admin closed 1 year ago
1
0x0 - Constructor Usage For Upgradable Contract

#17 sherlock-admin closed 1 year ago
1
0x0 - Development Libraries In Production

#16 sherlock-admin closed 1 year ago
0
0x0 - Constructor With Upgradable Contracts

#15 sherlock-admin closed 1 year ago
0
0x52 - PoolToken fails to override ERC20BurnableUpgradeable#burnFrom allowing users to burn tokens and recieve nothing in return

#14 sherlock-admin closed 1 year ago
3
0x52 - Creating a pool for USDC requires a very large amount of seed capital to be burned

#13 sherlock-admin closed 1 year ago
0
ctf_sec - Accounting issue in MarketCore.sol#_rebalancePoolsAndExecuteBatchedAction

#12 sherlock-admin closed 1 year ago
3
ctf_sec - Decimal conversion accounting issue in MarketCore#_processAllBatchedEpochActions

#11 sherlock-admin closed 1 year ago
4
ctf_sec - Incompatible with fee-on-transfer token

#10 sherlock-admin closed 1 year ago
1
ctf_sec - _deprecateMarket can be execute multiple times

#9 sherlock-admin closed 1 year ago
0
ctf_sec - updateSystemStateUsingValidatedOracleRoundIds in MarketCore can revert because of division by zero error

#8 sherlock-admin closed 1 year ago
5
ctf_sec - Unsafe downcasting operation result in unsafe number truncation.

#7 sherlock-admin closed 1 year ago
2
ctf_sec - Lack of function to update the chainlink oracle address if the chainlink price is deprecated.

#6 sherlock-admin closed 1 year ago
0
ctf_sec - MarketCore#_mint should check if the market is not deprecated

#5 sherlock-admin closed 1 year ago
3
Sm4rty - Chainlink's latestRoundData might return stale or incorrect results

#4 sherlock-admin closed 1 year ago
2
0xmuxyz - Chainlink Oracle's `latestRoundData()` function may return price data which is not fresh or incorrect price data in results

#3 sherlock-admin closed 1 year ago
0
csanuragjain - Improper Validation Of latestRoundData Function

#2 sherlock-admin closed 1 year ago
0