sherlock-audit 2023-02-carapace-judging issues

sherlock-audit / 2023-02-carapace-judging

2 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Breeje - Buyers can withdraw their liquidity after open period ends

#276 github-actions[bot] closed 1 year ago
0
monrel - Protections can be bought when the state of the pool is supposed to be in-active.

#275 github-actions[bot] closed 1 year ago
0
ctf_sec - Constants.SECONDS_IN_DAY is not scaled properly when creating protection term for buyer

#274 github-actions[bot] closed 1 year ago
2
unforgiven - unbound loops in the code which can cause high gas usage and break the protocol and fund would be locked

#273 github-actions[bot] closed 1 year ago
0
tsvetanovv - USDC have 6 decimals

#272 github-actions[bot] closed 1 year ago
0
monrel - Buyers of protection can be protected in the first 90 days without paying a premium

#271 github-actions[bot] closed 1 year ago
0
mahdikarimi - protection seller can withdraw funds before being locked in case of lending pool deafault

#270 github-actions[bot] closed 1 year ago
0
SPYBOY - Possible DOS in `getAllProtections()` and `accruePremiumAndExpireProtections()` functions because of unbounded gas consumption

#269 github-actions[bot] closed 1 year ago
0
monrel - Protection buyers can receive protection during their final payment period without paying for it

#268 github-actions[bot] closed 1 year ago
4
unforgiven - User fund loss in withdraw() and deposit() of ProtectionPool due to division error

#267 github-actions[bot] closed 1 year ago
2
ctf_sec - When ProtectionPool is paused, the buyer has no option to renew the protection while lose the premium to the protection seller.

#266 github-actions[bot] closed 1 year ago
0
0x52 - User can double insure their LP token to game insurance in the event of a default

#265 github-actions[bot] closed 1 year ago
0
monrel - Protection buyers can exploit renewal functionality to enable and disable protection and as a result pay much less premium

#264 github-actions[bot] closed 1 year ago
0
tsvetanovv - Malicious user can Blacklists Token

#263 github-actions[bot] closed 1 year ago
2
ctf_sec - Goldfinch lending pool can be paused, which impact the state assessment of the Carapace contract

#262 github-actions[bot] closed 1 year ago
3
ctf_sec - The GoldFinch adapter code would break if underlying GoldFinch pool use a legacy version of the CreditLine implementation

#261 github-actions[bot] closed 1 year ago
9
tsvetanovv - No storage gap for upgradeable contracts might lead to storage slot collision

#260 github-actions[bot] closed 1 year ago
0
Udsen - OWNER SOULD BE CHECKED FOR `address(0)` BEFORE `_transferOwnership(_owner)` IS CALLED IN `initialize()` FUNCTION

#259 github-actions[bot] closed 1 year ago
0
ctf_sec - The logic to check if the lending pool defaults does not match the logic to check if the pool default on Goldfinch side.

#258 github-actions[bot] closed 1 year ago
3
Udsen - CONSOLE LOG MESSAGES FOR THE HARDHAT FRAMEWORK CAN BE REMOVED IN PRODUCTION CODE

#257 github-actions[bot] closed 1 year ago
0
Kumpa - After the pool returns from the locked state, ```_getExchangeRate()``` may be broken and stop ```deposit()``` from functioning

#256 github-actions[bot] closed 1 year ago
0
Kumpa - Malicious users doubly earn their underlying token when the pool returns from locked state

#255 github-actions[bot] closed 1 year ago
0
Kumpa - Frontrun monitoring program to be able to purchase protection for locked pools

#254 github-actions[bot] closed 1 year ago
0
Nyx - Users can deposit when cycle is locked.

#253 github-actions[bot] closed 1 year ago
0
Jeiwan - Protection can be bought in late pools, allowing buyers to pay minimal premium and increase the chance of a compensation

#252 github-actions[bot] opened 1 year ago
2
Jeiwan - `GoldfinchAdapter` fails to detect late payments at or after pool's term has ended

#251 github-actions[bot] closed 1 year ago
4
rvierdiiev - Repaid lending pool should distribute premium to protection sellers

#250 github-actions[bot] closed 1 year ago
4
Jeiwan - Protections that haven't started yet are paid, causing loss of funds to protection sellers

#249 github-actions[bot] closed 1 year ago
2
Jeiwan - Withdrawals locking can be bypassed, potentially disrupting the supply and demand balance

#248 github-actions[bot] closed 1 year ago
0
ck - `ContractFactory` does not reserve space for upgrades

#247 github-actions[bot] closed 1 year ago
0
ck - Various `initialize` functions can be frontrun

#246 github-actions[bot] closed 1 year ago
0
0x52 - Protection buyer can game default protection by never redeeming principal from underlying LP token

#245 github-actions[bot] closed 1 year ago
9
Breeje - `calculateRiskFactor` method in `RiskFactorCalculator` library is Vulnerable to Implicit Underflows

#244 github-actions[bot] closed 1 year ago
0
Breeje - All `initialize` methods can be Frontrun because of lack of access control

#243 github-actions[bot] closed 1 year ago
0
peanuts - sToken can be inflated because the balanceOf function does not specify the token used

#242 github-actions[bot] closed 1 year ago
1
peanuts - Wrong value passed into canBuyProtection()

#241 github-actions[bot] closed 1 year ago
1
0Kage - Delay in executing `accruePremiumAndExpireProtections` cron can result in artificially high premiums for protection buyers

#240 github-actions[bot] closed 1 year ago
3
ck - `ReferenceLendingPools::_getLendingPoolStatus` will detect paused Goldfinch pools as active

#239 github-actions[bot] closed 1 year ago
4
ast3ros - [H-03] Protection buyer could front-run the DefaultStateManager to buy protection for the late payment lending pool

#238 github-actions[bot] closed 1 year ago
0
ast3ros - [H-02] Protection seller could front-run DefaultStateManager to withdraw funds which is supposed to be locked.

#237 github-actions[bot] closed 1 year ago
4
ast3ros - [H-01] Protection buyers could not claim the locked funds in case of defaulted lending pool.

#236 github-actions[bot] closed 1 year ago
3
oot2k - deposit of ProtectionPool should use the whenPoolIsOpen modifier

#235 github-actions[bot] closed 1 year ago
0
ast3ros - [M-03] The protection buyer could manipulate the leverage ratio to buy protection at cheap premium

#234 github-actions[bot] closed 1 year ago
5
ast3ros - [M-02] Unsafe casting of user amount from uint256 to int128

#233 github-actions[bot] closed 1 year ago
0
HonorLt - Payable functions

#232 github-actions[bot] closed 1 year ago
0
ast3ros - [M-01] Loop through protections is subject to DDOS attack

#231 github-actions[bot] closed 1 year ago
0
rvierdiiev - Lending pool state transition will be broken when pool is expired in late state

#230 github-actions[bot] opened 1 year ago
4
mert_eren - Precision loss of token which has more than 18 decimals

#229 github-actions[bot] closed 1 year ago
0
ck - Handling of pool cycle state by daily cron is flawed

#228 github-actions[bot] closed 1 year ago
2
mert_eren - Can withdraw money before it supposed to do

#227 github-actions[bot] closed 1 year ago
0

Previous Next