issues
search
sherlock-audit
/
2023-01-derby-judging
4
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
josephdara - vault.sol
#419
sherlock-admin
closed
1 year ago
0
ak1 - Vault.sol#L178 : rebalanceCheckProtocols would revert in certain condition.
#418
sherlock-admin
closed
1 year ago
0
josephdara - Reentrancy
#417
sherlock-admin
closed
1 year ago
0
Avci - this implementation have high risk of funds loss for protocol if kust value calculated wrong or manipulated
#416
sherlock-admin
closed
1 year ago
0
Avci - Users will not able to get another redeemreward if they didnt withdraw
#415
sherlock-admin
closed
1 year ago
0
josephdara - Add protocol
#414
sherlock-admin
closed
1 year ago
0
ak1 - Undefined data variable is found
#413
sherlock-admin
closed
1 year ago
0
KingNFT - A ````Game```` player will suffer loss while calling ````rebalanceBasket()```` between ````step 6```` and ````step 8````
#412
sherlock-admin
closed
1 year ago
0
hyh - Deposit allows for stealing underlying tokens from TruefiProvider, IdleProvider, YearnProvider, BetaProvider, CompoundProvider and AaveProvider balances
#411
sherlock-admin
opened
1 year ago
9
ak1 - MainVault.sol : Guardian can not revoke the whitelisted address if that address turns into malicous or compromised.
#410
sherlock-admin
closed
1 year ago
0
peanuts - Protocols that are blacklisted cannot be whitelisted again
#409
sherlock-admin
closed
1 year ago
0
hyh - Rebalancing breaks and can corrupt the accounting if amountToProtocol or amountToChain turn negative
#408
sherlock-admin
opened
1 year ago
1
immeas - `Swap::swapStableCoins` assumes 1:1 price
#407
sherlock-admin
closed
1 year ago
0
josephdara - deposit function
#406
sherlock-admin
closed
1 year ago
0
Avci - Unsafe erc20 method and unsafe transfer/transferFrom
#405
sherlock-admin
closed
1 year ago
0
josephdara - 001H
#404
sherlock-admin
closed
1 year ago
0
ak1 - withdrawalRequest can be abused by user without paying fee to dao.
#403
sherlock-admin
closed
1 year ago
0
Avci - wrong check can cause users unable to deposti after some amount e.g. user wants to deposit max but cannot after certain amount cannot
#402
sherlock-admin
closed
1 year ago
0
gogo - Guardian can cause temporary DoS on withdrawals in the MainVault contract
#401
sherlock-admin
closed
1 year ago
0
peanuts - Unbounded loop leading to DoS if the value of latestID is too large
#400
sherlock-admin
closed
1 year ago
0
tsvetanovv - Malicious user can Blocklists Token
#399
sherlock-admin
closed
1 year ago
0
hyh - Native funds sent with pushVaultAmounts and sendFundsToVault can be lost
#398
sherlock-admin
opened
1 year ago
2
atrixs - savedTotalUnderlying may be unexpectedly reduced
#397
sherlock-admin
closed
1 year ago
0
ak1 - MainVault.sol : checkForBalance is not returning the correct value.
#396
sherlock-admin
closed
1 year ago
0
tsvetanovv - Unsafe ERC20.transfer()
#395
sherlock-admin
closed
1 year ago
0
Avci - incidentally sent eths/tokens will lock in the contract because it cannot handle it
#394
sherlock-admin
closed
1 year ago
0
tsvetanovv - Must approve by zero first
#393
sherlock-admin
closed
1 year ago
0
HonorLt - withdrawal request override
#392
sherlock-admin
opened
1 year ago
1
tsvetanovv - Reentrancy attacks in `mintNewBasket()` function
#391
sherlock-admin
closed
1 year ago
0
c7e7eff - Anyone can execute certain functions that use cross chain messages and potentially cancel them with potential loss of funds.
#390
sherlock-admin
opened
1 year ago
1
ak1 - Game.sol#L465 : `pushAllocationsToVaults` is harmed for reentrancy as state is update after the operation.
#389
sherlock-admin
closed
1 year ago
0
Avci - there is no maximum amount for minting new basket and it can lead to DOS!
#388
sherlock-admin
closed
1 year ago
0
gogo - Incorrect slippage calculation in Swap.swapStableCoins
#387
sherlock-admin
closed
1 year ago
0
tsvetanovv - No upper limit for fees
#386
sherlock-admin
closed
1 year ago
0
ak1 - Game.sol : set `homeVault`inside the constructor
#385
sherlock-admin
closed
1 year ago
0
ivanrdy - Deposits in providers can fail on zero amount transfers if amount is set to zero
#384
sherlock-admin
closed
1 year ago
0
XKET - Reward calculation might be wrong
#383
sherlock-admin
closed
1 year ago
0
bin2chen - setTotalUnderlyingInt() underlyingReceived Counting may be incorrect
#382
sherlock-admin
closed
1 year ago
0
XKET - Users can lose their LP tokens after several withdrawal requests before the first rebalance.
#381
sherlock-admin
closed
1 year ago
0
XKET - Underflow during LP price diff calculation
#380
sherlock-admin
closed
1 year ago
0
Avci - Chainid logic is Unvarying!
#379
sherlock-admin
closed
1 year ago
0
ff - `connext` address is immutable
#378
sherlock-admin
closed
1 year ago
0
ak1 - Game.sol#L31 : mapping(uint256 => mapping(uint256 => int256)) allocations; is not implemented as how the comment says. Not clear.
#377
sherlock-admin
closed
1 year ago
0
tsvetanovv - Missing functionality to remove whitelist vault
#376
sherlock-admin
closed
1 year ago
1
immeas - `Vault::claimTokens` uniswap swaps can be abused
#375
sherlock-admin
closed
1 year ago
0
gkrastenov - Unexpected user can make deposit if training variable is not setted to true
#374
sherlock-admin
closed
1 year ago
0
imare - Deposits and withdrawal can be blocked by anyone
#373
sherlock-admin
closed
1 year ago
1
bin2chen - setDeltaAllocationsInt() in the blacklist revert will cause the other also can not set
#372
sherlock-admin
closed
1 year ago
0
imare - on shortage vault will not pull all the available funds
#371
sherlock-admin
closed
1 year ago
0
peanuts - addProtocol() can override another protocol by accident
#370
sherlock-admin
closed
1 year ago
0
Next