issues
search
sherlock-audit
/
2023-02-fair-funding-judging
1
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
minhtrng - User might be forced to pay bad debt of the vault
#126
github-actions[bot]
closed
1 year ago
2
oxcm - [M] Non-settleable auction can be started by owner, resulting in the winner's fund being frozen
#125
github-actions[bot]
closed
1 year ago
0
joestakey - Vault deposit into `Alchemix` can suffer slippage depending on outstanding debt in `Yearn`
#124
github-actions[bot]
closed
1 year ago
2
minhtrng - Funds stuck if not claimed before liquidation
#123
github-actions[bot]
closed
1 year ago
3
minhtrng - Migration can not perform any meaningful actions
#122
github-actions[bot]
closed
1 year ago
0
minhtrng - Withdraws have no access control and allow for bad slippage control
#121
github-actions[bot]
closed
1 year ago
2
Bahurum - Loss of yield due to low precision
#120
github-actions[bot]
closed
1 year ago
9
Bahurum - Anyone can start the auction
#119
github-actions[bot]
closed
1 year ago
0
oxcm - [M] Liquidation increases collateralization and provides withdrawable amount for claim, NOT withdraw in time leads to improper allocation
#118
github-actions[bot]
closed
1 year ago
2
HonorLt - Anyone can withdraw underlying from Alchemix
#117
github-actions[bot]
closed
1 year ago
0
0xhacksmithh - A Malicious User Can Front-runned And Settels First Auction Even Before Bidding Starts For It.
#116
github-actions[bot]
closed
1 year ago
0
Tricko - Conversion from `int256` to `uint256` can break protocol functionality
#115
github-actions[bot]
closed
1 year ago
3
oxcm - [H] Not update `amount_claimed` when deposit to existing positions lead to `claimable_for_token` incorrect increased
#114
github-actions[bot]
closed
1 year ago
6
oxcm - [H] Newly created positions can claim old claimable
#113
github-actions[bot]
closed
1 year ago
6
oxcm - [H] The protocol does not properly distribute past profits between existing and new shareholders
#112
github-actions[bot]
closed
1 year ago
2
oxcm - [H] Users can lose already-accrued claimable amounts during liquidation
#111
github-actions[bot]
closed
1 year ago
0
oxcm - [H] Attacker may use sandwich attack to steal protocol funds
#110
github-actions[bot]
closed
1 year ago
0
oxcm - [M] Lack of Authorization on withdraw_underlying_to_claim() could lead to unexpected loss of profits
#109
github-actions[bot]
closed
1 year ago
0
MyFDsYours - Highest_bidder can front-run the owner by calling settle function
#108
github-actions[bot]
closed
1 year ago
0
MyFDsYours - Hightest_bidder can loss funds due to lack of check
#107
github-actions[bot]
closed
1 year ago
0
psy4n0n - `withdraw_underlying_to_claim` can be used by an attacker for sandwitch attacks.
#106
github-actions[bot]
closed
1 year ago
0
XKET - Underflow can ruin mint from Alchemix logic
#105
github-actions[bot]
closed
1 year ago
1
XKET - Attacker can front-run `AuctionHouse.refund_highest_bidder` to block refunding
#104
github-actions[bot]
closed
1 year ago
0
XKET - Attacker calls `settle` before `start_auction` to consume the first NFT and start auction without owner role
#103
github-actions[bot]
closed
1 year ago
0
hickuphh3 - Excess yield will be lost
#102
github-actions[bot]
closed
1 year ago
2
ck - NFTs can get stuck in contracts that don't support ERC-721
#101
github-actions[bot]
closed
1 year ago
0
hickuphh3 - Claimable amount calculation is incorrect
#100
github-actions[bot]
closed
1 year ago
0
ck - Auction can be started without previous one being settled
#99
github-actions[bot]
closed
1 year ago
0
Tricko - New investors claims may lead to reverts
#98
github-actions[bot]
closed
1 year ago
0
kiki_dev - Vault is vulnerable to a first depositor attack
#97
github-actions[bot]
closed
1 year ago
0
kiki_dev - Vault can be changed during an auction
#96
github-actions[bot]
closed
1 year ago
0
hickuphh3 - Marking claims through collateral withdrawal results in unfair claim distribution
#95
github-actions[bot]
closed
1 year ago
2
kiki_dev - Auction House can set vault to existing vault and lock buyers out of thier funds
#94
github-actions[bot]
closed
1 year ago
0
OCC - Mitigating security risks in the FairFundingToken contract
#93
github-actions[bot]
closed
1 year ago
0
OCC - There are a couple of potential vulnerabilities in liquidate function
#92
github-actions[bot]
closed
1 year ago
0
hickuphh3 - Migrator contract lacks sufficient permissions over vault positions
#91
github-actions[bot]
opened
1 year ago
3
hickuphh3 - Vault deposits are not disabled if migration has been activated / executed
#90
github-actions[bot]
closed
1 year ago
2
OCC - There are some issues with the code
#89
github-actions[bot]
closed
1 year ago
0
7siech - Anyone can start an auction
#88
github-actions[bot]
closed
1 year ago
0
0x52 - Vault#migrate isn't able to do anything because it lacks any kind of approvals to migrator
#87
github-actions[bot]
closed
1 year ago
0
0x52 - AuctionHouse will become bricked if it ever hits max tokenID even if max tokenID is increased later
#86
github-actions[bot]
closed
1 year ago
4
0x52 - It is impossible to change ownership of the MintableERC721 if the AuctionHouse contract needs to be replaced
#85
github-actions[bot]
closed
1 year ago
2
0xSmartContract - `liquidate()` function is vulnerable to sandwich attack
#84
github-actions[bot]
closed
1 year ago
1
ABA - Auction can be force started and first token force minted by calling `settle()` before the auction was launched
#83
github-actions[bot]
closed
1 year ago
0
0xlmanini - Users with claimable funds may lose them if they liquidate their own loan
#82
github-actions[bot]
closed
1 year ago
0
seyni - `refund_highest_bidder` can be frontrun by a call to `settle`
#81
github-actions[bot]
closed
1 year ago
2
0xSmartContract - Price manipulation can lead to users lossing funds
#80
github-actions[bot]
closed
1 year ago
0
ABA - Malicious bidder can block any other bidder overtaking him
#79
github-actions[bot]
closed
1 year ago
1
ABA - `FALLBACK_RECEIVER` is an important address and should be changeable to prevent possible lose
#78
github-actions[bot]
closed
1 year ago
0
csanuragjain - Break contract functionalities
#77
github-actions[bot]
closed
1 year ago
0
Next