issues
search
sherlock-audit
/
2023-01-derby-judging
4
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
hyh - Current period profit can be extracted from the Vault by front running state change before exchange rate recalculation
#369
sherlock-admin
opened
1 year ago
4
Nyx - Users might lose funds when using withdrawAllowance().
#368
sherlock-admin
closed
1 year ago
0
gkrastenov - Setting of governanceFee bigger than 10_000 may lead to underflow exception
#367
sherlock-admin
closed
1 year ago
0
ff - Protocol may experience loss due to high slippage during `rebalanceXChain` or `sendFundsToVault`
#366
sherlock-admin
closed
1 year ago
0
sayan_ - Unsafe type casting will cause miscalculation
#365
sherlock-admin
closed
1 year ago
4
ak1 - Game.sol: owner privileged function can be accessed by anyone.
#364
sherlock-admin
closed
1 year ago
0
hyh - Vault's savedTotalUnderlying tracks withdrawn funds incorrectly
#363
sherlock-admin
opened
1 year ago
8
bin2chen - withdraw() users may not be able to withdraw
#362
sherlock-admin
closed
1 year ago
0
SPYBOY - No use of upgradeable SafeERC20 contract Vault.sol, XProvider.sol , xChainControler.sol , Game.sol
#361
sherlock-admin
closed
1 year ago
0
hyh - Deposit and withdraw balance checks can be gamed by reentrancy in TruefiProvider, IdleProvider, YearnProvider, BetaProvider, CompoundProvider and AaveProvider
#360
sherlock-admin
closed
1 year ago
6
hyh - Any tokens can be stolen via withdraw from YearnProvider and AaveProvider balances
#359
sherlock-admin
closed
1 year ago
4
SPYBOY - First depositor can manipulate share price of MainVault
#358
sherlock-admin
closed
1 year ago
0
ak1 - Game.sol : `mintNewBasket` is not checking whether the vault is already has basket assigned.
#357
sherlock-admin
closed
1 year ago
0
gkrastenov - Already whitelisted address can not be removed
#356
sherlock-admin
closed
1 year ago
0
hyh - YearnProvider freezes yearn tokens on partial withdrawal
#355
sherlock-admin
opened
1 year ago
1
tives - MainVault.withdrawRewards and Vault.claimTokens make an UniV3 swap without slippage protection
#354
sherlock-admin
closed
1 year ago
0
SPYBOY - possible DOS in `settleDeltaAllocations()` function because of unbounded gas consumption
#353
sherlock-admin
closed
1 year ago
0
gkrastenov - Out of gas problem in rebalanceBasket function in Game contract
#352
sherlock-admin
closed
1 year ago
0
bin2chen - pullFunds() break should not be used
#351
sherlock-admin
closed
1 year ago
5
ff - Possible reentrancy during `_safeMint` in `mintNewBasket`
#350
sherlock-admin
closed
1 year ago
0
ak1 - cross chain call failure is not handled.
#349
sherlock-admin
closed
1 year ago
0
tives - rebalanceXChain can be called by without slippage protection and can cause trades with bad exchange rates
#348
sherlock-admin
closed
1 year ago
0
ff - Malfunctioning/Malicious Vault cannot be removed from Derby Protocol
#347
sherlock-admin
closed
1 year ago
0
SPYBOY - Broken access controle in Game.sol
#346
sherlock-admin
closed
1 year ago
0
bin2chen - withdrawAllowance() reservedFunds there will be residue
#345
sherlock-admin
closed
1 year ago
1
SPYBOY - lastTimeStamp can be manipulated in Game.sol
#344
sherlock-admin
closed
1 year ago
0
gogo - Attacker can use a mock token contract to bypass checks in different providers and steal funds.
#343
sherlock-admin
closed
1 year ago
0
martin - [M-03] Non-Conforming ERC20 Tokens Not Recoverable
#342
sherlock-admin
closed
1 year ago
0
ak1 - MainVault.sol : sendRewardsToGame is harmed for re-entrancy attack
#341
sherlock-admin
closed
1 year ago
0
martin - [M-02] Non-Compliant Allowance Logic
#340
sherlock-admin
closed
1 year ago
0
tives - Quoter should not be called on chain due to high gas usage.
#339
sherlock-admin
closed
1 year ago
0
hyh - New Beta Finance pool cannot be operated, freezing the rebalancing
#338
sherlock-admin
closed
1 year ago
2
tives - blacklistProtocol() can revert because it executes on the to be blacklisted protocol itself and curve pool
#337
sherlock-admin
closed
1 year ago
0
SPYBOY - lastTimeStamp can be manipulated in Mainvaul.sol
#336
sherlock-admin
closed
1 year ago
0
tives - Vault.rebalance assumes stablecoin price parity and will revert if it cannot make the swap, locking user funds.
#335
sherlock-admin
closed
1 year ago
0
gogo - Wrong type casting leads to unsigned integer underflow exception when current price is < last price
#334
sherlock-admin
opened
1 year ago
6
chainNue - Repeating `rebalanceBasket` can increase `totalUnRedeemedRewards`, thus `redeemRewards` more than they suppose to have
#333
sherlock-admin
closed
1 year ago
0
Nyx - Lack of slippage control
#332
sherlock-admin
closed
1 year ago
0
bin2chen - withdrawalRequest() maybe lost funds in the first period
#331
sherlock-admin
closed
1 year ago
0
gogo - Inefficient input validation can lead to users locking LP tokens in MainVault.sol
#330
sherlock-admin
closed
1 year ago
0
Jeiwan - Incorrect underlying balance calculation disrupts accounting of funds deposited to Compound
#329
sherlock-admin
closed
1 year ago
0
ak1 - MainVault.sol : rebalanceXChain is harmed for re-entrancy attack
#328
sherlock-admin
closed
1 year ago
0
Jeiwan - Rebalancing can be blocked when pulling funds from a TrueFi or a Idle vault
#327
sherlock-admin
opened
1 year ago
1
Jeiwan - An inactive vault can disrupt rebalancing of active vaults
#326
sherlock-admin
opened
1 year ago
6
Jeiwan - `XProvider` forces increased relayer fees when transferring tokens cross-chain
#325
sherlock-admin
opened
1 year ago
2
Jeiwan - COMP reward token swapping path is not efficient, causing reduced yield
#324
sherlock-admin
closed
1 year ago
1
Jeiwan - Missing transaction expiration check result in reward tokens selling at a lower price
#323
sherlock-admin
opened
1 year ago
1
Jeiwan - Rebalancing can stuck due to the inability to increase slippage and relayer fee
#322
sherlock-admin
closed
1 year ago
0
tsvetanovv - Possible division by zero error in `transferFunds`
#321
sherlock-admin
closed
1 year ago
0
Jeiwan - The guardian may not be able to blacklist a protocol
#320
sherlock-admin
opened
1 year ago
1
Previous
Next