sherlock-audit 2023-03-sense-judging issues

sherlock-audit / 2023-03-sense-judging

4 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

schrodinger - faulty admins can manipulate `trusted` users

#61 sherlock-admin closed 1 year ago
0
w42d3n - Periphery.sol: dangerous payable functions

#60 sherlock-admin closed 1 year ago
0
tsueti_ - CENTRALIZATION RISK

#59 sherlock-admin closed 1 year ago
0
sayan_ - Use of payable.transfer() might result in fund getting stuck

#58 sherlock-admin closed 1 year ago
0
tsvetanovv - Unsafe ERC20.transfer()

#57 sherlock-admin closed 1 year ago
7
Bauer - Users who add liquidity to space will lose all their reward

#56 sherlock-admin closed 1 year ago
0
tsvetanovv - Missing deadline check when perform swap

#55 sherlock-admin closed 1 year ago
8
tsvetanovv - Some ERC20 tokens deduct a fee on transfer

#54 sherlock-admin closed 1 year ago
0
tsvetanovv - ERC20 transfer zero amount can be reverted

#53 sherlock-admin closed 1 year ago
0
tsvetanovv - Malicious user can Blocklists Token

#52 sherlock-admin closed 1 year ago
0
tsvetanovv - Solmate's SafeTransferLib doesn't check whether the ERC20 contract exists

#51 sherlock-admin closed 1 year ago
8
tsvetanovv - Must approve by zero first

#50 sherlock-admin closed 1 year ago
0
0xAgro - Use of transfer

#49 sherlock-admin closed 1 year ago
0
tsvetanovv - Use `call()` instead of `transfer()` when transferring ETH

#48 sherlock-admin closed 1 year ago
0
Nyx - Calculating issue is susceptible to precision loss due to division before multiplication

#47 sherlock-admin closed 1 year ago
0
Nyx - Lack of slippage control

#46 sherlock-admin closed 1 year ago
0
Breeje - Use of payable.transfer can lead to DOS and Freezing of funds

#45 sherlock-admin closed 1 year ago
0
Breeje - Missing deadline checks allow pending transactions to be maliciously executed

#44 sherlock-admin closed 1 year ago
4
Breeje - Missing safeApprove(0) before using safeApprove for any approval which can lead to DOS

#43 sherlock-admin closed 1 year ago
0
chainNue - Adversary can drain ether or ERC20 token from `RollerPeriphery` contract

#42 sherlock-admin closed 1 year ago
5
chainNue - `RollerPeriphery` contract might not work for some ERC20 tokens such as USDT, because it's not calling approve(0) before setting a new approval

#41 sherlock-admin closed 1 year ago
0
spyrosonic10 - Refund of protocol fee is being to wrong user

#40 sherlock-admin opened 1 year ago
10
spyrosonic10 - Excess YT or PT tokens are not sent back to user after `swapYTsForTarget` is called

#39 sherlock-admin closed 1 year ago
0
spyrosonic10 - Remaining quote.sellToken are not being returned to caller

#38 sherlock-admin closed 1 year ago
0
spyrosonic10 - _swapYTsForTarget() is expected to be private but exposed for public

#37 sherlock-admin closed 1 year ago
2
spyrosonic10 - sponsorSeries() method fails when user want to swap for stake token using

#36 sherlock-admin opened 1 year ago
3
Bauer - User will lose the target token

#35 sherlock-admin closed 1 year ago
2
0x52 - Periphery#addLiquidity won't work correcty for issue restricted adapters

#34 sherlock-admin closed 1 year ago
1
0x52 - fillQuote uses transfer instead of call which can break with future updates to gas costs

#33 sherlock-admin opened 1 year ago
7
0x52 - Periphery#_swapPTsForTarget won't work correctly if PT is mature but redeem is restricted

#32 sherlock-admin opened 1 year ago
3
darshan - Dependency Confusion Attack Deu to Unclamed Package

#31 sherlock-admin closed 1 year ago
0
0x52 - safeApprove breaks logic and functions in many locations

#30 sherlock-admin closed 1 year ago
1
0x52 - Multiple functions may leave excess funds in the contract that should be returned

#29 sherlock-admin opened 1 year ago
3
0x52 - Multiple functions aren't payable so quotes that require protocol fees won't work correctly

#28 sherlock-admin opened 1 year ago
3
Diana - Lack of safeApprove(0) prevents withdrawing stake assets, approving vault, and the changing of spender allowance

#27 sherlock-admin closed 1 year ago
0
Bauer - The sponsorSeries() transaction may fail

#26 sherlock-admin closed 1 year ago
0
Bauer - Missing check for approval, resulting in the loss of funds for the protocol

#25 sherlock-admin closed 1 year ago
0
Bauer - The fillQuote() function will not work

#24 sherlock-admin closed 1 year ago
1
foxb868 - setIsTrusted function allows anyone to update the isTrusted mapping for any user, including trusted ones.

#23 sherlock-admin closed 1 year ago
0
sayan_ - solmate's safeTransfer and safeTransferFrom does not check code size of the token address

#22 sherlock-admin closed 1 year ago
0
foxb868 - An attack can reenter and steal funds from the BaseAdapter contract through the FlashLoan Function.

#21 sherlock-admin closed 1 year ago
1
foxb868 - The sponsorSeries function in the Periphery Contract does not include any exception handling.

#20 sherlock-admin closed 1 year ago
0
martin - Usage of deprecated `transfer` to send Ether

#19 sherlock-admin closed 1 year ago
0
foxb868 - Attacker can execute any contract logic on the contract's behalf, which can result in serious damage to the contract,.

#18 sherlock-admin closed 1 year ago
1
martin - Deprecated `safeApprove()`

#17 sherlock-admin closed 1 year ago
0
foxb868 - _permit provided is valid for the _stake token it can exploit this vulnerability to bypass the intended transfer limits.

#16 sherlock-admin closed 1 year ago
1
Bauer - The Divider.issue() function may not work.

#15 sherlock-admin closed 1 year ago
1
Bauer - User may lose ETH

#14 sherlock-admin closed 1 year ago
0
martin - Centralisation Vulnerability

#13 sherlock-admin closed 1 year ago
0
foxb868 - 'fdivUp()' function is used to calculate the target balance, which can result in rounding errors that an attacker can exploit to drain funds from the contract.

#12 sherlock-admin closed 1 year ago
2