sherlock-audit 2023-03-taurus-judging issues

sherlock-audit / 2023-03-taurus-judging

4 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

saian - `getUsers` and `getUsersDetailsInRange` will return incorrect results

#201 sherlock-admin closed 1 year ago
0
saian - Account health check is done incorrectly

#200 sherlock-admin closed 1 year ago
0
saian - Inherited contracts contains initializer instead of onlyInitializing

#199 sherlock-admin closed 1 year ago
0
mgf15 - Using vulnerable dependency of OpenZeppelin

#198 sherlock-admin closed 1 year ago
0
SunSec - _modifyPosition () ERC777 re-enter to steal funds

#197 sherlock-admin closed 1 year ago
0
0x52 - FeeSplitter#distributeFees is unable to distribute fees that are paid in native ETH

#196 sherlock-admin closed 1 year ago
1
0x52 - Adversary can call distributeTauRewards with amount = 0 to purposefully decrease reward rate

#195 sherlock-admin closed 1 year ago
1
Chinmay - modifyPositions functionality may unnecessarily fail

#194 sherlock-admin closed 1 year ago
0
Bahurum - Collateral ratio calculation is incorrect if `collateralToken` isn't in 18 decimals

#193 sherlock-admin closed 1 year ago
0
imare - computing CR only works for collateral with 18 decimals value

#192 sherlock-admin closed 1 year ago
0
imare - updating price for mismatched underlying asset is not prevented in `CustomPriceOracle` contract

#191 sherlock-admin closed 1 year ago
1
Chinmay - Logic error in getUsers() function

#190 sherlock-admin closed 1 year ago
0
peanuts - Extra yield accrued by user's collateral will not be returned to user after withdrawal

#189 sherlock-admin closed 1 year ago
0
imare - updated price from trusted node is not guaranteed to be fresh

#188 sherlock-admin closed 1 year ago
0
Chinmay - Extreme slippage tolerance by Liquidation Bot

#187 sherlock-admin closed 1 year ago
0
GimelSec - `GLPPriceOracle.getLatestPrice` doesn't return correct `lastPrice`

#186 sherlock-admin closed 1 year ago
1
peanuts - User cannot exit paused vaults

#185 sherlock-admin closed 1 year ago
1
Chinmay - Oracle timeout will cause liquidations to fail

#184 sherlock-admin closed 1 year ago
1
w42d3n - The function approveTokens() do not approve To Zero first

#183 sherlock-admin closed 1 year ago
0
0x52 - GmxYieldAdapter#collectYield continues to function even on a paused vault

#182 sherlock-admin closed 1 year ago
5
peanuts - Protocol assumes that all future collateral will have 18 decimal places

#181 sherlock-admin closed 1 year ago
0
Chinmay - User is not allowed to hold a position at MIN_COLL_RATIO

#180 sherlock-admin closed 1 year ago
0
Tricko - DoS on `_disburseTau()`

#179 sherlock-admin closed 1 year ago
0
0x52 - getAccountHealth will return false for some healthy accounts

#178 sherlock-admin closed 1 year ago
1
0x52 - Potential decimal mismatches in BaseVault calculations

#177 sherlock-admin closed 1 year ago
0
peanuts - User can be liquidated immediately after taking maximal debt

#176 sherlock-admin closed 1 year ago
1
mstpr-brainbot - Bad debt stucks forever

#175 sherlock-admin closed 1 year ago
0
mstpr-brainbot - Mislogic on TAU contracts

#174 sherlock-admin closed 1 year ago
0
RaymondFam - Users` collateral should be refunded when debt has been fully repaid

#173 sherlock-admin closed 1 year ago
0
mstpr-brainbot - Addresses array can be spammed

#172 sherlock-admin closed 1 year ago
0
mstpr-brainbot - TGT token

#171 sherlock-admin closed 1 year ago
0
mstpr-brainbot - Miswritten offset

#170 sherlock-admin closed 1 year ago
0
mstpr-brainbot - Mislogic on GLP oracle price feed

#169 sherlock-admin closed 1 year ago
0
mstpr-brainbot - Malicious keepers

#168 sherlock-admin closed 1 year ago
4
mstpr-brainbot - Oracle Manipulation

#167 sherlock-admin closed 1 year ago
0
mstpr-brainbot - Free TAU borrows

#166 sherlock-admin closed 1 year ago
1
mstpr-brainbot - Misaccounting Decimals

#165 sherlock-admin closed 1 year ago
0
GimelSec - `getMaxLiquidation()` will get stale `maxRepay`.

#164 sherlock-admin closed 1 year ago
0
0xmuxyz - Due to lack of validation, the protocol lose an opportunity to collect the protocol fee when the SwapHandler#`swapForTau()` would be called

#163 sherlock-admin closed 1 year ago
0
GimelSec - `SwapHandler.swapForTau()` can brick users' collateral.

#162 sherlock-admin closed 1 year ago
1
GimelSec - `swapForTau()` doesn't check whether `_yieldTokenAmount == _amountIn`. The keeper can easily take all tokens out from the vault. Everyone can also take the rest of the tokens.

#161 sherlock-admin closed 1 year ago
4
GimelSec - `swap()` will be reverted if `path` has more tokens.

#160 sherlock-admin opened 1 year ago
3
GimelSec - The decimals of collateral may different from 1e18, causing the user to borrow more than the real amount that can be borrowed.

#159 sherlock-admin closed 1 year ago
0
GimelSec - `currentMinted` doesn't return to zero.

#158 sherlock-admin closed 1 year ago
0
GimelSec - `BaseVault.emergencyClosePosition` should still take the reward into consideration.

#157 sherlock-admin closed 1 year ago
0
GimelSec - If a user has less debt, the user may suffer loss of funds.

#156 sherlock-admin closed 1 year ago
1
GimelSec - `SwapHandler.swapForTau` should ensure `Controller(controller).addressMapper(Constants.FEE_SPLITTER) != 0` first.

#155 sherlock-admin closed 1 year ago
0
GimelSec - `FeeSplitter.distributeFees` should check whether `(feeAmount * feeRecipient.proportion) / Constants.PERCENT_PRECISION != 0`

#154 sherlock-admin closed 1 year ago
0
GimelSec - `FeeSplitter.setFeeRecipients` should check whether `_feeRecipients[i].proportion != 0`

#153 sherlock-admin closed 1 year ago
0
GimelSec - `LiquidationBot.fetchUnhealthyAccounts` may revert when offset if too big

#152 sherlock-admin closed 1 year ago
1