sherlock-audit 2023-02-carapace-judging issues

sherlock-audit / 2023-02-carapace-judging

2 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

joestakey - Mismatch for Risk Factor formula

#326 github-actions[bot] closed 1 year ago
0
unforgiven - Function PremiumCalculator.calculatePremium() would use wrong premium rate when leverageRatio<Pool.leverageRatioFloor which can cause fund loss

#325 github-actions[bot] closed 1 year ago
3
Udsen - INPUT VALIDATION SHOULD BE PERFORMED FOR THE `_cycleParams` PASSED INTO THE `registerProtectionPool()` FUNCTION

#324 github-actions[bot] closed 1 year ago
0
joestakey - `assessState()` does not check when a pool is in `Defaulted` state

#323 github-actions[bot] closed 1 year ago
3
Hawkeye - Accrued Premium is calculated incorrectly

#322 github-actions[bot] closed 1 year ago
6
monrel - Unlocked capital should not be claimable to sellers that have not requested a withdrawal

#321 github-actions[bot] closed 1 year ago
3
Auditwolf - issue 2 . sellers do not accrue interests since the exchange rate does not change after the lockup period has ended.

#320 github-actions[bot] closed 1 year ago
0
joestakey - `movePoolPhase()` does not check the floor limit

#319 github-actions[bot] closed 1 year ago
2
unforgiven - Function verifyAndAccruePremium() In ProtectionPoolHelper incorrectly calculate accrued premium for expired protections

#318 github-actions[bot] closed 1 year ago
5
monrel - Locking mechanism increase risk of insolvency when pools are re-activated

#317 github-actions[bot] closed 1 year ago
0
ak1 - ProtectionPool.sol : `accruePremiumAndExpireProtections` should not be called when ProtectionPool is in paused state

#316 github-actions[bot] closed 1 year ago
3
joestakey - `DefaultStateManager.assessStates()` can be DOS if there is enough protection pools

#315 github-actions[bot] closed 1 year ago
0
minhtrng - User not charged for grace period

#314 github-actions[bot] closed 1 year ago
0
minhtrng - DOS of core features and permanent lock of funds

#313 github-actions[bot] closed 1 year ago
0
minhtrng - Minimum protection duration for seconds is too short and can be abused

#312 github-actions[bot] closed 1 year ago
2
minhtrng - Get protection while not paying fees by using many 0 deposits

#311 github-actions[bot] closed 1 year ago
0
monrel - Protection amount can be changed when renewing protections

#310 github-actions[bot] closed 1 year ago
0
Udsen - `_deposit()` FUNCTION SHOULD ACCOUNT FOR TRANSFER FEES OF THE UNDERLYING `erc20` TOKENS

#309 github-actions[bot] closed 1 year ago
0
0x52 - The renewal grace period gives users insurance for no premium

#308 github-actions[bot] opened 1 year ago
9
ctf_sec - Protection pool SToken exchange rate is vulnerable to manipulation

#307 github-actions[bot] closed 1 year ago
4
monrel - withdrawlRequests and totalSTokenRequested are not updated when sTokens are transferred

#306 github-actions[bot] closed 1 year ago
0
unforgiven - function lockCapital() doesn't filter the expired protections first and code may lock more funds than required and expired defaulted protections may funded

#305 github-actions[bot] opened 1 year ago
3
XKET - The cycle states in `poolCycleManager` should be updated before used in `_requestWithdrawal`

#304 github-actions[bot] closed 1 year ago
2
XKET - `convertToUnderlying` and `getUnderlyingBalance` revert when `totalSupply` is 0

#303 github-actions[bot] closed 1 year ago
2
Breeje - Issue in Logic of `_startNewCycle` through `calculateAndSetPoolCycleState`

#302 github-actions[bot] closed 1 year ago
0
XKET - `calculateRiskFactor` reverts when the buffer is greater than the floor

#301 github-actions[bot] closed 1 year ago
0
XKET - `DefaultStateManager._assessState()` should change the status from `Late` to `Defaulted` if the last status is `Expired`.

#300 github-actions[bot] closed 1 year ago
0
XKET - `ProtectionPool.lockCapital()` might lock the already expired protection.

#299 github-actions[bot] closed 1 year ago
0
XKET - Sellers can bypass the withdrawal limit and earn premiums without any risk.

#298 github-actions[bot] closed 1 year ago
0
XKET - `DefaultStateManager._calculateClaimableAmount()` calculates the claimable unlocked amount wrongly.

#297 github-actions[bot] closed 1 year ago
0
joestakey - Incorrect scaling in `GoldfinchAdapter.calculateProtectionBuyerAPR()` leads to wrong premium amount used in protocol

#296 github-actions[bot] closed 1 year ago
0
ctf_sec - Deposit and withdraw in protectionPool lacks of slippage control, deposit / withdraw transaction can be pending in the mempool for a long time and executes in very sub-optimal exchange rate

#295 github-actions[bot] closed 1 year ago
2
monrel - Anybody can front-run accruePremium..() and receive rewards as if they had provided protection since last accrual

#294 github-actions[bot] closed 1 year ago
1
0x52 - User can game protection via renewal to get free insurance

#293 github-actions[bot] opened 1 year ago
5
unforgiven - Protection sellers can bypass withdrawal delay mechanism and avoid losing funds when loans are defaulted by creating withdrawal request in each cycle

#292 github-actions[bot] opened 1 year ago
2
SPYBOY - Depositer funds can Stuck in contract .

#291 github-actions[bot] closed 1 year ago
2
__141345__ - Need to update `totalSTokenUnderlying` when unlock capital

#290 github-actions[bot] closed 1 year ago
3
Auditwolf - missing default payouts calculation

#289 github-actions[bot] closed 1 year ago
0
__141345__ - `totalSTokenUnderlying` not timely updated

#288 github-actions[bot] closed 1 year ago
3
__141345__ - Expired protection capital could still be locked

#287 github-actions[bot] closed 1 year ago
0
__141345__ - Fee on transfer token support

#286 github-actions[bot] closed 1 year ago
0
__141345__ - Buyers could buy multiple times

#285 github-actions[bot] closed 1 year ago
0
__141345__ - DoS in `lockCapital()`

#284 github-actions[bot] closed 1 year ago
0
__141345__ - DoS in `_calculateClaimableAmount()`

#283 github-actions[bot] closed 1 year ago
0
__141345__ - DoS when `_assessState()`

#282 github-actions[bot] closed 1 year ago
1
__141345__ - DoS when accruing Premium

#281 github-actions[bot] closed 1 year ago
0
__141345__ - Should Accrue Premium at the beginning of protection

#280 github-actions[bot] closed 1 year ago
3
__141345__ - LP token should be transferred to the seller if defaulted

#279 github-actions[bot] closed 1 year ago
3
monrel - Withdrawal amounts are not updated when seller unlock capital

#278 github-actions[bot] closed 1 year ago
2
Udsen - `initialize()` FUNCTIONS SHOULD BE PROTECTED BY ACCESS CONTROL AND SHOULD ONLY BE CALLED VIA `ContractFactory.sol`

#277 github-actions[bot] closed 1 year ago
0