sherlock-audit 2023-01-sentiment-judging issues

sherlock-audit / 2023-01-sentiment-judging

2 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

w42d3n - PLVGLP Oracle Vulnerable To Price Manipulation

#36 github-actions[bot] closed 1 year ago
0
ctf_sec - Rage trade junior vault deposit is subject to deposit cap restriction

#35 github-actions[bot] closed 1 year ago
2
ctf_sec - Deposit and withdraw and redeem can be blocked with Rage trade junior vault integration when the rage trade vault contract is paused.

#34 github-actions[bot] closed 1 year ago
4
w42d3n - GMX's latestRoundData might return stale or incorrect results

#33 github-actions[bot] closed 1 year ago
0
ctf_sec - Redeem on GMX can be blocked because of cooldown duration limit on redeem and unstake on GMX side

#32 github-actions[bot] closed 1 year ago
1
ck - Chainlink's `latestRoundData` might return stale or incorrect results

#31 github-actions[bot] closed 1 year ago
2
ctf_sec - Hardcoded Price refreshness interval is too long

#30 github-actions[bot] closed 1 year ago
0
ctf_sec - Lack of sufficient validation for chainlink price feed

#29 github-actions[bot] closed 1 year ago
0
Bahurum - Use of [`fsGLP`] instead of [`sGLP`] in `PLVGLPController` and `RewardRouterV2Controller`

#28 github-actions[bot] closed 1 year ago
2
Bahurum - Impossible to deposit into or redeem from PLV GLP Vault

#27 github-actions[bot] closed 1 year ago
1
Bahurum - Tokens not owned by an account can be added as an asset to the account

#26 github-actions[bot] opened 1 year ago
0
Bahurum - Use of controller `DNGMXVaultController` for two separate contracts with different functions

#25 github-actions[bot] closed 1 year ago
0
ck - Plutus integration will require contract whitelisting otherwise all transactions will fail.

#24 github-actions[bot] closed 1 year ago
2
ck - `depositAll()` should use `fsGLP` as the tokensOut in `PLVGLPController`

#23 github-actions[bot] closed 1 year ago
0
peanuts - Prices for ERC4626 tokens are not flash-loan-resistant

#22 github-actions[bot] closed 1 year ago
0
peanuts - Lack of freshness check in GLPOracle.getEthPrice()

#21 github-actions[bot] closed 1 year ago
0
GalloDaSballo - Risk with Liquidation - Because of partnership requirement, caller may be unable to redeem during liquidation making it less likely for them to be willing to perform the liquidation

#20 github-actions[bot] opened 1 year ago
4
GalloDaSballo - `PreviewRedeem` may under-price the value of the asset

#19 github-actions[bot] opened 1 year ago
0
GalloDaSballo - Unapproved Accounts will revert until approved

#18 github-actions[bot] closed 1 year ago
0
ck - `GLP` has a 15 minute cooldown after purchase that is not accounted for

#17 github-actions[bot] closed 1 year ago
1
0xdeadbeef - No check if Arbitrum L2 sequencer is down in Chainlink feeds

#16 github-actions[bot] opened 1 year ago
1
simon135 - `manager.getPrice(false)` returns lower value than if it was true,which an attacker can take advantage of it

#15 github-actions[bot] closed 1 year ago
2
simon135 - `updatedAt` from `latestRoundData()` can still be stale for less then a day and an attacker can steal funds

#14 github-actions[bot] closed 1 year ago
0
DecorativePineapple - The `PLVGLPOracle:getPrice()` function is vulnerable to price manipulation as it depended on the `previewRedeem` function

#13 github-actions[bot] closed 1 year ago
0
Madalad - ChainLink's `latestRoundData` might return stale or incorrect results

#12 github-actions[bot] closed 1 year ago
0
Madalad - Chainlink oracle data feed becoming blocked severely affects protocol's usability

#11 github-actions[bot] closed 1 year ago
0
obront - GMX Reward Router's claimForAccount() can be abused to incorrectly add WETH to tokensIn

#10 github-actions[bot] opened 1 year ago
7
obront - Using one controller for two addresses could risk signature collisions

#9 github-actions[bot] opened 1 year ago
6
obront - GMX RewardRouter's compound() function does not return WETH

#8 github-actions[bot] closed 1 year ago
1
obront - RewardRouterV2Controller decoding is slightly off

#7 github-actions[bot] closed 1 year ago
0
obront - GLP price may be slightly understated due to GMX math error, which could lead to unfair liquidations

#6 github-actions[bot] closed 1 year ago
4
obront - All Rage Trade functions allow sending tokens to a different address, leading to incorrect tokensIn

#5 github-actions[bot] opened 1 year ago
5
obront - GMX RewardRouterV2 allows redeeming to a different address, leading to incorrect tokensIn

#4 github-actions[bot] closed 1 year ago
2
neumo - GLPOracle's getEthPrice interval to assume a stale price is too big

#3 github-actions[bot] closed 1 year ago
2
Breeje - NO ZERO ADDRESS CHECKS FOR IMPORTANT DATA

#2 github-actions[bot] closed 1 year ago
0
ahmedovv - Using single-step ownership transfer.

#1 github-actions[bot] closed 1 year ago
0