issues
search
sherlock-audit
/
2023-04-blueberry-judging
8
stars
5
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
cuthalion0x - `AuraSpell` does not validate that `borrowToken` belongs to the underlying pool
#155
sherlock-admin
closed
1 year ago
0
Tendency - Liquidate in execute function, calculates with outdated values
#154
sherlock-admin
closed
1 year ago
0
cuthalion0x - First position opened in `AuraSpell` creates a debt that cannot be repaid
#153
sherlock-admin
closed
1 year ago
0
SanketKogekar - The function `takeCollateral()` from `BlueBerryBank.sol` accepts 0 amount of tokens from the user
#152
sherlock-admin
closed
1 year ago
0
kaysoft - PausableUpgradable contract not initialized in the CoreOracle Contract.
#151
sherlock-admin
closed
1 year ago
0
SanketKogekar - The function `lend()` from `BlueBerryBank.sol` accepts 0 amount of tokens from the user
#150
sherlock-admin
closed
1 year ago
0
SanketKogekar - The function `_doBorrow()` of `BlueBerryBank.sol` does not verify if value of `uBalanceBefore` is 0.
#149
sherlock-admin
closed
1 year ago
0
SanketKogekar - Incorrect condition in function `doCutVaultWithdrawFee()` of `FeeManager.sol`
#148
sherlock-admin
closed
1 year ago
0
cuthalion0x - `AuraSpell`'s Balancer pool exit will always revert
#147
sherlock-admin
closed
1 year ago
0
SanketKogekar - Incorrect `liqThreshold` check in `BlueBerryBank.addBank()`
#146
sherlock-admin
closed
1 year ago
0
ctf_sec - Deadline check is not effective, allowing outdated slippage and allow pending transaction to be unexpected executed
#145
sherlock-admin
opened
1 year ago
2
ctf_sec - Missing slippage control in CurveSpell swap
#144
sherlock-admin
closed
1 year ago
0
cuthalion0x - `AuraSpell`'s Balancer pool join will always revert
#143
sherlock-admin
closed
1 year ago
0
ctf_sec - Missing checks for whether Arbitrum Sequencer is active
#142
sherlock-admin
opened
1 year ago
2
cuthalion0x - `BalancerPairOracle` can be manipulated using read-only reentrancy
#141
sherlock-admin
opened
1 year ago
2
Ch_301 - users will steal/lose some CRV rewards from `WCurveGauge.sol`
#140
sherlock-admin
closed
1 year ago
4
martin - Funds can be stuck in the contract forever
#139
sherlock-admin
closed
1 year ago
0
Ch_301 - the core logic of `ShortLongSpell` is breaked
#138
sherlock-admin
closed
1 year ago
0
0x52 - WIchiFarm#pendingRewards suffers from significant precision loss causing loss of rewards
#137
sherlock-admin
closed
1 year ago
11
0x52 - Pending CRV rewards are not accounted for and can cause unfair liquidations
#136
sherlock-admin
opened
1 year ago
2
0x52 - ShortLongSpell#openPosition can cause user unexpected liquidation when increasing position size
#135
sherlock-admin
opened
1 year ago
2
kaysoft - latestRoundData has no check for Round completeness.
#134
sherlock-admin
closed
1 year ago
0
0x52 - Balance check for swapToken in ShortLongSpell#_deposit is incorrect and will result in nonfunctional contract
#133
sherlock-admin
opened
1 year ago
2
0x52 - UniswapV3 sqrtRatioLimit doesn't provide slippage protection and will result in partial swaps
#132
sherlock-admin
opened
1 year ago
2
0x52 - IchiSpell applies slippage to sqrtPrice which is wrong and leads to unpredictable slippage
#131
sherlock-admin
closed
1 year ago
0
0x52 - IchiSpell#_withdraw attempts to limit slippage but applies slippage limit to user supplied data making it ineffective
#130
sherlock-admin
closed
1 year ago
0
0x52 - UserData for balancer pool exits is malformed and will permanently trap users
#129
sherlock-admin
opened
1 year ago
2
0x52 - rewardTokens removed from WAuraPool/WConvexPools will be lost forever
#128
sherlock-admin
opened
1 year ago
2
0x52 - WAuraPools will irreversibly break if reward tokens are added to pool after deposit
#127
sherlock-admin
opened
1 year ago
1
0x52 - ShortLongSpell#_withdraw checks slippage limit but never applies it making it useless
#126
sherlock-admin
opened
1 year ago
7
0x52 - Issue 327 from previous contest has not been fixed
#125
sherlock-admin
closed
1 year ago
5
0x52 - ConvexSpell#closePositionFarm removes liquidity without any slippage protection
#124
sherlock-admin
opened
1 year ago
2
helpMePlease - Potential flash loan attack vulnerability in `getPrice` function of CurveOracle
#123
sherlock-admin
opened
1 year ago
1
0x52 - AuraSpell#closePositionFarm requires users to swap all reward tokens through same router
#122
sherlock-admin
opened
1 year ago
2
0x52 - Users are forced to swap all reward tokens with no slippage protection
#121
sherlock-admin
opened
1 year ago
2
0x52 - AuraSpell#openPositionFarm uses incorrect join type for balancer
#120
sherlock-admin
opened
1 year ago
2
Ch_301 - `ShortLongSpell.openPosition()` should not refund token
#119
sherlock-admin
closed
1 year ago
0
0x52 - Issue 94 from previous contest has not been fixed
#118
sherlock-admin
opened
1 year ago
2
0x52 - Issue 290 from previous contest has not been fully addressed by fixes
#117
sherlock-admin
opened
1 year ago
2
Ch_301 - asking for the wrong address for `balanceOf()`
#116
sherlock-admin
opened
1 year ago
6
0x52 - BlueBerryBank#getPositionValue causes DOS if reward token is added that doens't have an oracle
#115
sherlock-admin
opened
1 year ago
2
Ch_301 - M-03 wrong token address on `ShortLongSpell.sol`
#114
sherlock-admin
opened
1 year ago
6
Ch_301 - No one can open a Short/Long position on `ShortLongSpell.sol`
#113
sherlock-admin
closed
1 year ago
4
Ch_301 - users could be exposed to big penalties from the Curve Pool
#112
sherlock-admin
closed
1 year ago
0
peanuts - No fallback available if oracle goes down or price reaches 0
#111
sherlock-admin
closed
1 year ago
0
peanuts - Round completeness not check in ChainlinkAdapterOracle#latestRoundData
#110
sherlock-admin
closed
1 year ago
0
sinarette - ShortLongSpell would never work
#109
sherlock-admin
closed
1 year ago
5
PRAISE - Stale prices can be used as lpPrice in _validateMaxPosSize()
#108
sherlock-admin
closed
1 year ago
0
PRAISE - The doCutVaultWithdrawFee() function will only cut fee if the blocktimestamp is less than withdrawVaultFeeWindowStartTime() + withdrawVaultFee Window
#107
sherlock-admin
closed
1 year ago
1
Ch_301 - `CurveSpell.closePositionFarm()` will keep reverting
#106
sherlock-admin
closed
1 year ago
5
Next