issues
search
sherlock-audit
/
2023-03-Y2K-judging
7
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
AlexCzm - A malicious user can deny user reward enlisted in rollover
#515
sherlock-admin
closed
1 year ago
0
joestakey - Lack of CEI in `mintRollovers` can be exploited by users two inflate their shares amount
#514
sherlock-admin
closed
1 year ago
0
iglyx - Deposit fee can always be avoided
#513
sherlock-admin
closed
1 year ago
0
0xnirlin - Can change controller on factory without checking if the factory on controller is set to right factory.
#512
sherlock-admin
closed
1 year ago
7
libratus - Adversary can block deposit queue by adding a smart contract that rejects new shares when minted
#511
sherlock-admin
closed
1 year ago
0
0x52 - Emissions sent to vault with null epoch will be lost forever
#510
sherlock-admin
closed
1 year ago
0
BPZ - The mintRollovers function will skip users
#509
sherlock-admin
closed
1 year ago
0
minhtrng - Outdated staleness check of price feed
#508
sherlock-admin
closed
1 year ago
0
datapunk - User cannot roll over all of their assets
#507
sherlock-admin
closed
1 year ago
0
w42d3n - Carousel.sol: Ethers will be locked
#506
sherlock-admin
closed
1 year ago
0
datapunk - Owner might call createEpoch directly by mistake instead of createEpochWithEmission, and there are no way to set emissions properly
#505
sherlock-admin
closed
1 year ago
3
Udsen - `changeRelayerFee` SHOULD BE CONTROLLED BY A TIMELOCK, ELSE USER TRANSACTION COULD BE REVERTED
#504
sherlock-admin
closed
1 year ago
0
datapunk - The assignment should be made only if ownerToRollOverQueueIndex[_receiver] == 0
#503
sherlock-admin
closed
1 year ago
0
iglyx - rolloverQueue is corrupted on repeated enlisting
#502
sherlock-admin
closed
1 year ago
0
datapunk - Use two step for changeOwner instead in TimeLock.sol
#501
sherlock-admin
closed
1 year ago
2
0xnirlin - Treasury can never be changed on vaults even after calling changeTreasury()
#500
sherlock-admin
closed
1 year ago
0
datapunk - The special case of “_epochBegin == block.timestamp” is undefined
#499
sherlock-admin
closed
1 year ago
0
datapunk - Increasing relayerFee may result in lost funds
#498
sherlock-admin
closed
1 year ago
0
libratus - Adversary can block rollover by adding a smart contract that rejects new shares when minted
#497
sherlock-admin
closed
1 year ago
0
ak1 - `VaultV2.sol` : `withdraw` is not providing fair logic to end user.
#496
sherlock-admin
closed
1 year ago
0
chainNue - Rollover doesn't check next epoch `minRequiredDeposit` (relayerFee)
#495
sherlock-admin
closed
1 year ago
4
Udsen - changeRelayerFee SHOULD BE CONTROLLED BY A TIMELOCK, ELSE USER TRANSACTION COULD BE REVERTED
#494
sherlock-admin
closed
1 year ago
0
0xnirlin - Loss of funds if triggerNullEpoch is called late.
#493
sherlock-admin
closed
1 year ago
0
carrot - Users can send dust amounts to prevent null epochs
#492
sherlock-admin
closed
1 year ago
0
carrot - Freshness of pricefeed not checked properly
#491
sherlock-admin
closed
1 year ago
0
carrot - Emissions sent to empty vault is forever locked
#490
sherlock-admin
closed
1 year ago
0
carrot - Users lose premium gained when enrolled to `mintRollovers`
#489
sherlock-admin
closed
1 year ago
0
Udsen - `changeRelayerFee` SHOULD BE CONTROLLED BY A TIMELOCK, ELSE USER TRANSACTION COULD BE REVERTED
#488
sherlock-admin
closed
1 year ago
0
minhtrng - Theft of funds through withdrawal fee
#487
sherlock-admin
closed
1 year ago
0
minhtrng - Non ERC1155 compliance
#486
sherlock-admin
closed
1 year ago
0
minhtrng - Increasing relayer fee could break minting of deposits
#485
sherlock-admin
closed
1 year ago
0
ak1 - Carousel.sol : `enlistInRollover` is not increasing the asset value when already queued receiver calls again `enlistInRollover`
#484
sherlock-admin
closed
1 year ago
0
iglyx - Increasing relayerFee can halt deposit queue
#483
sherlock-admin
closed
1 year ago
0
minhtrng - Faulty index update of ownerToRollOverQueueIndex could break rollover
#482
sherlock-admin
closed
1 year ago
0
0xvj - An attacker can take advantage of null epoch to play arbitrage
#481
sherlock-admin
closed
1 year ago
0
minhtrng - Inconsistent use of epochBegin could lock user funds
#480
sherlock-admin
opened
1 year ago
2
minhtrng - Funds from premium vault can get stuck after sending to collateral vault
#479
sherlock-admin
closed
1 year ago
0
minhtrng - Entitled shares not handled during rollover
#478
sherlock-admin
closed
1 year ago
0
joestakey - `Carousel.enlistRollover` always overwrite the `_receiver` `ownerToRollOverQueueIndex` mapping, breaking the delisting process.
#477
sherlock-admin
closed
1 year ago
0
minhtrng - Delisting a processed rollover item causes skip of unprocessed one
#476
sherlock-admin
closed
1 year ago
0
minhtrng - Dead queue items not removed from rolloverQueue can disincentivize relayers
#475
sherlock-admin
closed
1 year ago
0
minhtrng - Deposit fees can by bypassed
#474
sherlock-admin
closed
1 year ago
0
ak1 - Carousel.sol : Incorrect fee is used in `minRequiredDeposit(_assets)` used for `deposit` and `depositETH`
#473
sherlock-admin
closed
1 year ago
0
cccz - enlistInRollover will set the ownerToRollOverQueueIndex incorrectly
#472
sherlock-admin
closed
1 year ago
0
0xnirlin - Oracle is tracked per token using mapping that can lead to unexpected results when more markets are created.
#471
sherlock-admin
closed
1 year ago
0
mstpr-brainbot - Rollover Queue Stuck Issue in ERC1155 Contracts
#470
sherlock-admin
closed
1 year ago
0
Udsen - USER FUNDS ARE LOCKED IN THE CONTRACT UNTIL THE DEGPEG EVENT OCCURS, EPOCH EXPIRED OR NULL EPOCH OCCURS
#469
sherlock-admin
closed
1 year ago
0
0x52 - Adversary can break deposit queue and cause loss of funds
#468
sherlock-admin
opened
1 year ago
4
iglyx - Null epoch stakers can't rollover
#467
sherlock-admin
closed
1 year ago
0
Nyx - Users might have different epoch than they want.
#466
sherlock-admin
closed
1 year ago
0
Next