issues
search
sherlock-audit
/
2023-03-taurus-judging
4
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
saian - `getUsers` and `getUsersDetailsInRange` will return incorrect results
#201
sherlock-admin
closed
1 year ago
0
saian - Account health check is done incorrectly
#200
sherlock-admin
closed
1 year ago
0
saian - Inherited contracts contains initializer instead of onlyInitializing
#199
sherlock-admin
closed
1 year ago
0
mgf15 - Using vulnerable dependency of OpenZeppelin
#198
sherlock-admin
closed
1 year ago
0
SunSec - _modifyPosition () ERC777 re-enter to steal funds
#197
sherlock-admin
closed
1 year ago
0
0x52 - FeeSplitter#distributeFees is unable to distribute fees that are paid in native ETH
#196
sherlock-admin
closed
1 year ago
1
0x52 - Adversary can call distributeTauRewards with amount = 0 to purposefully decrease reward rate
#195
sherlock-admin
closed
1 year ago
1
Chinmay - modifyPositions functionality may unnecessarily fail
#194
sherlock-admin
closed
1 year ago
0
Bahurum - Collateral ratio calculation is incorrect if `collateralToken` isn't in 18 decimals
#193
sherlock-admin
closed
1 year ago
0
imare - computing CR only works for collateral with 18 decimals value
#192
sherlock-admin
closed
1 year ago
0
imare - updating price for mismatched underlying asset is not prevented in `CustomPriceOracle` contract
#191
sherlock-admin
closed
1 year ago
1
Chinmay - Logic error in getUsers() function
#190
sherlock-admin
closed
1 year ago
0
peanuts - Extra yield accrued by user's collateral will not be returned to user after withdrawal
#189
sherlock-admin
closed
1 year ago
0
imare - updated price from trusted node is not guaranteed to be fresh
#188
sherlock-admin
closed
1 year ago
0
Chinmay - Extreme slippage tolerance by Liquidation Bot
#187
sherlock-admin
closed
1 year ago
0
GimelSec - `GLPPriceOracle.getLatestPrice` doesn't return correct `lastPrice`
#186
sherlock-admin
closed
1 year ago
1
peanuts - User cannot exit paused vaults
#185
sherlock-admin
closed
1 year ago
1
Chinmay - Oracle timeout will cause liquidations to fail
#184
sherlock-admin
closed
1 year ago
1
w42d3n - The function approveTokens() do not approve To Zero first
#183
sherlock-admin
closed
1 year ago
0
0x52 - GmxYieldAdapter#collectYield continues to function even on a paused vault
#182
sherlock-admin
closed
1 year ago
5
peanuts - Protocol assumes that all future collateral will have 18 decimal places
#181
sherlock-admin
closed
1 year ago
0
Chinmay - User is not allowed to hold a position at MIN_COLL_RATIO
#180
sherlock-admin
closed
1 year ago
0
Tricko - DoS on `_disburseTau()`
#179
sherlock-admin
closed
1 year ago
0
0x52 - getAccountHealth will return false for some healthy accounts
#178
sherlock-admin
closed
1 year ago
1
0x52 - Potential decimal mismatches in BaseVault calculations
#177
sherlock-admin
closed
1 year ago
0
peanuts - User can be liquidated immediately after taking maximal debt
#176
sherlock-admin
closed
1 year ago
1
mstpr-brainbot - Bad debt stucks forever
#175
sherlock-admin
closed
1 year ago
0
mstpr-brainbot - Mislogic on TAU contracts
#174
sherlock-admin
closed
1 year ago
0
RaymondFam - Users` collateral should be refunded when debt has been fully repaid
#173
sherlock-admin
closed
1 year ago
0
mstpr-brainbot - Addresses array can be spammed
#172
sherlock-admin
closed
1 year ago
0
mstpr-brainbot - TGT token
#171
sherlock-admin
closed
1 year ago
0
mstpr-brainbot - Miswritten offset
#170
sherlock-admin
closed
1 year ago
0
mstpr-brainbot - Mislogic on GLP oracle price feed
#169
sherlock-admin
closed
1 year ago
0
mstpr-brainbot - Malicious keepers
#168
sherlock-admin
closed
1 year ago
4
mstpr-brainbot - Oracle Manipulation
#167
sherlock-admin
closed
1 year ago
0
mstpr-brainbot - Free TAU borrows
#166
sherlock-admin
closed
1 year ago
1
mstpr-brainbot - Misaccounting Decimals
#165
sherlock-admin
closed
1 year ago
0
GimelSec - `getMaxLiquidation()` will get stale `maxRepay`.
#164
sherlock-admin
closed
1 year ago
0
0xmuxyz - Due to lack of validation, the protocol lose an opportunity to collect the protocol fee when the SwapHandler#`swapForTau()` would be called
#163
sherlock-admin
closed
1 year ago
0
GimelSec - `SwapHandler.swapForTau()` can brick users' collateral.
#162
sherlock-admin
closed
1 year ago
1
GimelSec - `swapForTau()` doesn't check whether `_yieldTokenAmount == _amountIn`. The keeper can easily take all tokens out from the vault. Everyone can also take the rest of the tokens.
#161
sherlock-admin
closed
1 year ago
4
GimelSec - `swap()` will be reverted if `path` has more tokens.
#160
sherlock-admin
opened
1 year ago
3
GimelSec - The decimals of collateral may different from 1e18, causing the user to borrow more than the real amount that can be borrowed.
#159
sherlock-admin
closed
1 year ago
0
GimelSec - `currentMinted` doesn't return to zero.
#158
sherlock-admin
closed
1 year ago
0
GimelSec - `BaseVault.emergencyClosePosition` should still take the reward into consideration.
#157
sherlock-admin
closed
1 year ago
0
GimelSec - If a user has less debt, the user may suffer loss of funds.
#156
sherlock-admin
closed
1 year ago
1
GimelSec - `SwapHandler.swapForTau` should ensure `Controller(controller).addressMapper(Constants.FEE_SPLITTER) != 0` first.
#155
sherlock-admin
closed
1 year ago
0
GimelSec - `FeeSplitter.distributeFees` should check whether `(feeAmount * feeRecipient.proportion) / Constants.PERCENT_PRECISION != 0`
#154
sherlock-admin
closed
1 year ago
0
GimelSec - `FeeSplitter.setFeeRecipients` should check whether `_feeRecipients[i].proportion != 0`
#153
sherlock-admin
closed
1 year ago
0
GimelSec - `LiquidationBot.fetchUnhealthyAccounts` may revert when offset if too big
#152
sherlock-admin
closed
1 year ago
1
Next