issues
search
sherlock-audit
/
2022-11-float-capital-judging
2
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
zimu - Costly operations inside a loop
#51
sherlock-admin
closed
1 year ago
0
w42d3n - Chainlink’s getRoundData might return stale or incorrect results
#50
sherlock-admin
closed
1 year ago
0
zimu - Potential reentrancy vulnerability
#49
sherlock-admin
closed
1 year ago
1
WATCHPUG - `totalFunding` can be much higher than expected when the float pool's liquidity is low
#48
sherlock-admin
closed
1 year ago
2
WATCHPUG - `valueChange` is not applied to the `underBalancedSide` correctly in `_rebalancePoolsAndExecuteBatchedActions()`
#47
sherlock-admin
closed
1 year ago
3
WATCHPUG - `valueChange` should be applied to long and short differently according to the `poolType`
#46
sherlock-admin
closed
1 year ago
3
WATCHPUG - Unsafe type casting of `poolValue` can malfunction the whole market
#45
sherlock-admin
opened
1 year ago
4
WATCHPUG - `price` can be 0 due to precision loss and further cause `_rebalancePoolsAndExecuteBatchedActions()` to revert
#44
sherlock-admin
closed
1 year ago
4
WATCHPUG - The short side should also pay the funding fee
#43
sherlock-admin
closed
1 year ago
4
WATCHPUG - An update gap in Chainlink's feed can malfunction the whole market
#42
sherlock-admin
opened
1 year ago
8
neila - Reentrancy attack by `settlePoolUserMints()`
#41
sherlock-admin
closed
1 year ago
2
neila - `latestRoundData() Oracle data feed is insufficiently validated
#40
sherlock-admin
closed
1 year ago
0
neila - `getRoundData()` Oracle data feed is insufficiently validated
#39
sherlock-admin
closed
1 year ago
1
neila - Use safe version ERC20
#38
sherlock-admin
closed
1 year ago
1
dic0de - Market Can Be Deprecated more than once
#37
sherlock-admin
closed
1 year ago
4
neila - Unsupported transfer with fee token
#36
sherlock-admin
closed
1 year ago
0
neila - Caused DoS by division 0 as a denominator
#35
sherlock-admin
closed
1 year ago
0
neila - Use `SafeERC20Upgradeable.sol` for Upgradeable contracts
#34
sherlock-admin
closed
1 year ago
4
obront - Funding Rate calculation is not correct
#33
sherlock-admin
opened
1 year ago
9
obront - Users will not be able to buy shares with predictable prices
#32
sherlock-admin
closed
1 year ago
1
obront - Pools cannot be initialized because of incorrectly used initializer modifier
#31
sherlock-admin
closed
1 year ago
1
obront - Market Liquidity Manger cannot be initialized, bricking admin
#30
sherlock-admin
closed
1 year ago
0
8olidity - Risk of overflow
#29
sherlock-admin
closed
1 year ago
2
8olidity - Chainlink's latestRoundData Might Return Stale Results
#28
sherlock-admin
closed
1 year ago
0
8olidity - Upgradeable contract is missing a `__gap[50]` storage variable to allow for new storage variables in later versions
#27
sherlock-admin
closed
1 year ago
1
pashov - Pool initialization without oracle input sanitization can lead to using a zero or stale `roundId` and `price`
#26
sherlock-admin
closed
1 year ago
0
imare - wrong return parameter used in ``validateAndReturnMissedEpochInformation`` for validating oracle rounds
#25
sherlock-admin
closed
1 year ago
1
pashov - Missing `gemCollecting` modifier will result in a user having to either put in more value than he wanted in protocol or lose on gem value
#24
sherlock-admin
closed
1 year ago
1
pashov - Dangerously implemented `initialize` function might be front-ran maliciously, resulting in stolen funds or DoS
#23
sherlock-admin
closed
1 year ago
1
pashov - Compromised or malicious admin can rug 100% of TVL
#22
sherlock-admin
closed
1 year ago
1
pashov - Protocol won't work with `USDC` even though it is a token specifically mentioned in the docs
#21
sherlock-admin
opened
1 year ago
4
pashov - Users will lose value if `paymentToken` is a fee-on-transfer or a rebasing token
#20
sherlock-admin
closed
1 year ago
0
AkshaySrivastav - Failing Contract Initialization
#19
sherlock-admin
closed
1 year ago
1
sorrynotsorry - Oracle data feed is not validated with `decimals()`
#18
sherlock-admin
closed
1 year ago
1
0x0 - Constructor Usage For Upgradable Contract
#17
sherlock-admin
closed
1 year ago
1
0x0 - Development Libraries In Production
#16
sherlock-admin
closed
1 year ago
0
0x0 - Constructor With Upgradable Contracts
#15
sherlock-admin
closed
1 year ago
0
0x52 - PoolToken fails to override ERC20BurnableUpgradeable#burnFrom allowing users to burn tokens and recieve nothing in return
#14
sherlock-admin
closed
1 year ago
3
0x52 - Creating a pool for USDC requires a very large amount of seed capital to be burned
#13
sherlock-admin
closed
1 year ago
0
ctf_sec - Accounting issue in MarketCore.sol#_rebalancePoolsAndExecuteBatchedAction
#12
sherlock-admin
closed
1 year ago
3
ctf_sec - Decimal conversion accounting issue in MarketCore#_processAllBatchedEpochActions
#11
sherlock-admin
closed
1 year ago
4
ctf_sec - Incompatible with fee-on-transfer token
#10
sherlock-admin
closed
1 year ago
1
ctf_sec - _deprecateMarket can be execute multiple times
#9
sherlock-admin
closed
1 year ago
0
ctf_sec - updateSystemStateUsingValidatedOracleRoundIds in MarketCore can revert because of division by zero error
#8
sherlock-admin
closed
1 year ago
5
ctf_sec - Unsafe downcasting operation result in unsafe number truncation.
#7
sherlock-admin
closed
1 year ago
2
ctf_sec - Lack of function to update the chainlink oracle address if the chainlink price is deprecated.
#6
sherlock-admin
closed
1 year ago
0
ctf_sec - MarketCore#_mint should check if the market is not deprecated
#5
sherlock-admin
closed
1 year ago
3
Sm4rty - Chainlink's latestRoundData might return stale or incorrect results
#4
sherlock-admin
closed
1 year ago
2
0xmuxyz - Chainlink Oracle's `latestRoundData()` function may return price data which is not fresh or incorrect price data in results
#3
sherlock-admin
closed
1 year ago
0
csanuragjain - Improper Validation Of latestRoundData Function
#2
sherlock-admin
closed
1 year ago
0
Next