issues
search
sherlock-audit
/
2023-02-fair-funding-judging
1
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
csanuragjain - DOS the Auction
#76
github-actions[bot]
closed
1 year ago
1
seyni - `settle` can be called after the end of all auctions
#75
github-actions[bot]
closed
1 year ago
0
seyni - The auction can be started by anyone calling `settle` before `start_auction` is called by the owner
#74
github-actions[bot]
closed
1 year ago
0
hickuphh3 - Audit Report
#73
github-actions[bot]
closed
1 year ago
0
0x52 - _calculate_mintable_amount will return the wrong amount of shares if currentCollateralization != minimumCollateralization
#72
github-actions[bot]
closed
1 year ago
2
hickuphh3 - Earlier depositors can steal funds belonging to subsequent depositors
#71
github-actions[bot]
closed
1 year ago
2
0xlmanini - Anyone can force auction to start and the first auction to end with no winning bid
#70
github-actions[bot]
closed
1 year ago
0
0xlmanini - Anyone can force auction to start and the first auction to end with no winning bid
#69
github-actions[bot]
closed
1 year ago
0
ck - Use of `transfer` and `transferFrom` without checking the return value
#68
github-actions[bot]
closed
1 year ago
0
ck - Extending auction can be abused to prevent auction ending for a long period
#67
github-actions[bot]
closed
1 year ago
0
DevABDee - [M-01] Users should be allowed to bid equal to the Bid-Increment (Prev Highest Bid + increment)
#66
github-actions[bot]
closed
1 year ago
3
DevABDee - Invalid
#65
github-actions[bot]
closed
1 year ago
0
rvierdiiev - User loses rewards when call liquidate as claim function is not called for him
#64
github-actions[bot]
closed
1 year ago
0
0x52 - Current method for distributing rewards has serious accounting errors
#63
github-actions[bot]
closed
1 year ago
1
rvierdiiev - Vault.remove_operator allows to remove last operator
#62
github-actions[bot]
closed
1 year ago
0
rvierdiiev - AlchemistV2._checkMintingLimit can cause Vault.register_deposit to revert
#61
github-actions[bot]
closed
1 year ago
2
OCC - The settle() function can deal with a number of issues.
#60
github-actions[bot]
closed
1 year ago
0
rvierdiiev - Vault.register_deposit can revert when highest bid is bigger than deposit limit for asset in AlchemistV2
#59
github-actions[bot]
closed
1 year ago
1
rvierdiiev - Vault.withdraw_underlying_to_claim can be called by anyone with any _min_weth_out param
#58
github-actions[bot]
closed
1 year ago
0
OCC - Potential reentrancy attack vulnerability in in the 'bid' function
#57
github-actions[bot]
closed
1 year ago
0
jkoppel - Rounding of shares causes loss of deposits
#56
github-actions[bot]
closed
1 year ago
1
jkoppel - liquidate() causes total_shares to become less than the number of shares controlled by the vault
#55
github-actions[bot]
closed
1 year ago
1
jkoppel - If an AuctionHouse gets stuck, cannot start a new AuctionHouse with same vault
#54
github-actions[bot]
closed
1 year ago
0
jkoppel - Anti-sniping mechanism enables auctions to go on for a long time, enabling attacks based on late-deposits
#53
github-actions[bot]
closed
1 year ago
0
jkoppel - Late-depositors can claim value intended for earlier depositors
#52
github-actions[bot]
closed
1 year ago
3
jkoppel - Early-liquidating owners permanently lose part of their deposit
#51
github-actions[bot]
closed
1 year ago
0
hickuphh3 - Unmarked loan repayments for existing token holders is unfairly distributed to new deposits
#50
github-actions[bot]
closed
1 year ago
2
jkoppel - migrate() cannot do anything
#49
github-actions[bot]
closed
1 year ago
0
jkoppel - liquidate() and claim_funds() track money to be received separately
#48
github-actions[bot]
closed
1 year ago
1
0x52 - User will lose funds if they don't claim before liquidating their token
#47
github-actions[bot]
closed
1 year ago
0
hickuphh3 - Broken Operator Mechanism: Just 1 malicious / compromised operator can permanently break functionality
#46
github-actions[bot]
opened
1 year ago
2
ABA - `amount_claimable_per_share` is never reset, leading to overpay on token holder claims
#45
github-actions[bot]
closed
1 year ago
3
0x52 - amount_claimable_per_share accounting is broken and will result in vault insolvency
#44
github-actions[bot]
opened
1 year ago
9
jkoppel - Duplicate tokens sold when calling set_max_token_id after end of auctions
#43
github-actions[bot]
closed
1 year ago
0
carrot - Auction ends can be post-poned indefinitely
#42
github-actions[bot]
closed
1 year ago
2
0x52 - Vault.vy doesn't implement proper precautions if the Alchemix TVL changes
#41
github-actions[bot]
closed
1 year ago
2
carrot - `start_auction` can be called after end of auction
#40
github-actions[bot]
closed
1 year ago
3
carrot - Starting timestamp can be bypassed by calling `settle`
#39
github-actions[bot]
opened
1 year ago
3
hickuphh3 - Incorrect shares accounting cause liquidations to fail in some cases
#38
github-actions[bot]
opened
1 year ago
3
hickuphh3 - First deposit fails because initial debt is negative
#37
github-actions[bot]
closed
1 year ago
6
ABA - `withdraw_underlying_to_claim` is callable by anybody; can be abused
#36
github-actions[bot]
closed
1 year ago
5
ABA - Migration logic is implemented incorrectly
#35
github-actions[bot]
closed
1 year ago
0
HonorLt - Max token id cannot be changed once final token is settled
#34
github-actions[bot]
closed
1 year ago
0
HonorLt - Restart auction once max token is settled
#33
github-actions[bot]
closed
1 year ago
0
ABA - All operators can be removed, leaving the Vault without core functionality
#32
github-actions[bot]
closed
1 year ago
0
HonorLt - Anyone can mint the first token and start the auction
#31
github-actions[bot]
closed
1 year ago
0
0xSmartContract - The value of `_is_valid_token_id` in the `register_deposit()` function is unpredictable
#30
github-actions[bot]
closed
1 year ago
0
0xSmartContract - `is_operator`architecture is wrong
#29
github-actions[bot]
closed
1 year ago
0
Ruhum - User can liquidate before claiming their share of pending WETH tokens
#28
github-actions[bot]
closed
1 year ago
0
Ruhum - Vault's migration contract can't really migrate anything
#27
github-actions[bot]
closed
1 year ago
0
Previous
Next