sherlock-audit 2023-02-gmx-judging issues

sherlock-audit / 2023-02-gmx-judging

17 stars 11 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Avci - latestRoundData is not checking if returns stale result

#236 sherlock-admin closed 1 year ago
0
hack3r-0m - faulty abi decoding from revert in catch block can lead to attacker controlled execution

#235 sherlock-admin closed 1 year ago
0
whiteh4t9527 - Malicious Fee Keeper Could Clear Fee Records with Arbitrary (market, token) Pairs

#234 sherlock-admin closed 1 year ago
0
hack3r-0m - while creating deposit, fee can be deducted in wrong manner if initialToken is not final token

#233 sherlock-admin closed 1 year ago
0
simon135 - An attacker can control when the withdraw happens of market tokens and get better price

#232 sherlock-admin closed 1 year ago
5
hack3r-0m - callback receiver can control when to allow order execution

#231 sherlock-admin closed 1 year ago
5
hack3r-0m - unsatisfiable condition in `getAdjustedLongAndShortTokenAmounts`

#230 sherlock-admin closed 1 year ago
0
simon135 - If account is blacklisted by usdc/usdt then the order the will revert and cant get switched

#229 sherlock-admin closed 1 year ago
5
hack3r-0m - chain libraray has references to deprecated arbitrum rinkeby which causes uninteded behaviour for block values

#228 sherlock-admin closed 1 year ago
5
joestakey - Incorrect funding amount due to precision loss in `getNextFundingAmountPerSize()` for markets with low open interest

#227 sherlock-admin closed 1 year ago
0
hack3r-0m - loss of precision while diving `block.timestamp` due to runding towards 0

#226 sherlock-admin closed 1 year ago
0
hack3r-0m - potentially using old price from pricefeed in oracle due to unchecked timestamp difference

#225 sherlock-admin closed 1 year ago
0
joestakey - Incorrect check in `claimCollateral` leads to the function always reverting

#224 sherlock-admin closed 1 year ago
0
simon135 - we can make this swap fail until we get a minOutput price that is good and make crazy profit by making it a big value

#223 sherlock-admin closed 1 year ago
5
tsvetanovv - Missing deadline check when perform swap

#222 sherlock-admin closed 1 year ago
0
hack3r-0m - gas usage while updating prices in oracles scales linearly with singers and tokens

#221 sherlock-admin closed 1 year ago
0
simon135 - Receiver can be an malicious and gain free profit and not get liquidated/adling

#220 sherlock-admin closed 1 year ago
5
float-audits - Price impact parameters could lead to risk-free profit opportunities for users

#219 sherlock-admin closed 1 year ago
6
simon135 - no checking round data stale and decimals

#218 sherlock-admin closed 1 year ago
5
tsvetanovv - ERC20 transfer zero amount can be reverted

#217 sherlock-admin closed 1 year ago
0
simon135 - If block range it big and adl dosnt use currentblock in the order it will cause issues

#216 sherlock-admin opened 1 year ago
4
simon135 - if the token gas limit is too little it can be an issue

#215 sherlock-admin closed 1 year ago
0
simon135 - keepers might have to pay more fees and not get reimbursed

#214 sherlock-admin closed 1 year ago
0
tsvetanovv - Malicious or hacked admin can steal tokens

#213 sherlock-admin closed 1 year ago
0
handsomegiraffe - [M-01] Incorrect refund of execution fee to user

#212 sherlock-admin opened 1 year ago
9
simon135 - slippage set to 0 it can cause users to get sandwiched

#211 sherlock-admin closed 1 year ago
0
simon135 - An attacker can avoid being auto Delevareged by using the keepers input to its disadvantage

#210 sherlock-admin closed 1 year ago
0
ShadowForce - Issue when using tx.gasprice to estimate the execution fee

#209 sherlock-admin closed 1 year ago
0
hack3r-0m - same signature can be used multiple times for validation in oracle while setting prices

#208 sherlock-admin closed 1 year ago
6
ShadowForce - User can game the order system

#207 sherlock-admin closed 1 year ago
5
simon135 - If a user makes a tx from their wallet they can get frontrunned and lose their funds

#206 sherlock-admin closed 1 year ago
0
n33k - WNT in depositVault can be drained by abusing initialLongToken/initialShortToken of CreateDepositParams

#205 sherlock-admin opened 1 year ago
1
joestakey - Variable subtracted where it should be assigned leads to `getAdjustedLongAndShortTokenAmounts()` reverting.

#204 sherlock-admin closed 1 year ago
0
joestakey - Incorrect adjusted amount calculation in `getAdjustedLongAndShortTokenAmounts()` always reverts

#203 sherlock-admin closed 1 year ago
0
hack3r-0m - temporary DOS when `cancelOrder` and `executeOrder` features are disabled for a market at same time

#202 sherlock-admin closed 1 year ago
5
float-audits - User deposits can be lost if deposits are not crafted carefully

#201 sherlock-admin closed 1 year ago
0
hack3r-0m - difference in tx.gasPrice is not accounted while paying for execution

#200 sherlock-admin closed 1 year ago
6
hack3r-0m - net negative sum outcome when liquidating below cetain size

#199 sherlock-admin closed 1 year ago
5
0xAmanda - Loading arbitrary's contract data to memory allows grieffing attack

#198 sherlock-admin closed 1 year ago
0
0xAmanda - Incorrect function call leads to stale borrowing fees

#197 sherlock-admin opened 1 year ago
11
berndartmueller - The claimable collateral factor with the key `Keys.claimableCollateralFactorKey` remains unchanged and results in a claimable collateral amount of zero

#196 sherlock-admin closed 1 year ago
0
berndartmueller - Underestimated gas estimation for executing withdrawals leads to insufficient keeper compensation

#195 sherlock-admin opened 1 year ago
1
berndartmueller - Decreasing a position without a swap path is susceptible to slippage

#194 sherlock-admin closed 1 year ago
0
berndartmueller - Depositing in a market with the same long and short tokens will revert

#193 sherlock-admin closed 1 year ago
0
berndartmueller - Inability to claim collateral

#192 sherlock-admin closed 1 year ago
0
hack3r-0m - executing orders might get broken due to console.log

#191 sherlock-admin closed 1 year ago
5
tsvetanovv - There is no way to decrease timelock delay

#190 sherlock-admin closed 1 year ago
5
0xAmanda - Uncalculated gas while swapping tokens will make the keeper lose funds on withdrawals

#189 sherlock-admin closed 1 year ago
0
Breeje - No Slippage protection in `swap` allows MEV Attack and Loss of Funds while executing Deposit

#188 sherlock-admin closed 1 year ago
0
0xAmanda - Incorrect calculation of the value in the pool

#187 sherlock-admin closed 1 year ago
0