issues
search
sherlock-audit
/
2023-04-blueberry-judging
8
stars
5
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
nobody2018 - Attacker can front-run AuraSpell#openPositionFarm to take away user's borrowToken
#55
sherlock-admin
closed
1 year ago
4
nobody2018 - By AuraSpell#closePositionFarm, a user can take token0 or token1 left by another user when closing a position
#54
sherlock-admin
closed
1 year ago
5
nobody2018 - AuraSpell#openPositionFarm will not succeed for new users
#53
sherlock-admin
closed
1 year ago
0
nobody2018 - ConvexSpell#openPositionFarm never executes successfully
#52
sherlock-admin
closed
1 year ago
0
nobody2018 - CurveSpell#openPositionFarm will always revert
#51
sherlock-admin
closed
1 year ago
5
nobody2018 - spell#closePositionFarm executes swapExactTokensForTokens without slippage protection
#50
sherlock-admin
closed
1 year ago
0
nobody2018 - Liquidation will fail in certain scenario
#49
sherlock-admin
closed
1 year ago
0
Bauer - Dos attack to openPositionFarm()
#48
sherlock-admin
closed
1 year ago
3
Bauer - The protocol will not be able to add liquidity on the curve with another token with a balance.
#47
sherlock-admin
opened
1 year ago
2
cducrest-brainbot - AuraSpell openPositionFarm does not join pool
#46
sherlock-admin
opened
1 year ago
2
Bauer - AuraSpell executes swaps without slippage protection
#45
sherlock-admin
closed
1 year ago
0
Bauer - The quotes from Curve may be subject to manipulation
#44
sherlock-admin
closed
1 year ago
0
cducrest-brainbot - ChainlinkAdapterOracle can still give stale data
#43
sherlock-admin
closed
1 year ago
0
Bauer - The protocol does not return all of the rewards to user
#42
sherlock-admin
closed
1 year ago
0
Bauer - auraPools.deposit and auraPools.withdraw boolean return value not handled in WAuraPools.sol
#41
sherlock-admin
closed
1 year ago
1
Bauer - getPrice() doesn't check If Arbitrum sequencer is down in Chainlink feeds
#40
sherlock-admin
closed
1 year ago
0
coffiasd - <array>.length Should Not Be Looked Up In Every Loop Of A For-loop
#39
sherlock-admin
closed
1 year ago
0
coffiasd - mapping(address⇒bool) using bool for storage incurs overhead
#38
sherlock-admin
closed
1 year ago
0
tallo - Chainlink oracle makes no check to see if the Arbitrum sequencer is down
#37
sherlock-admin
closed
1 year ago
0
darksnow - getPrice(...) function in ChainlinkAdapterOracle.sol can cause a DoS
#36
sherlock-admin
closed
1 year ago
0
n1punp - No slippage control when closing position in CurveSpell
#35
sherlock-admin
closed
1 year ago
0
n1punp - No slippage control when closing position in ConvexSpell
#34
sherlock-admin
closed
1 year ago
0
n1punp - Missing slippage control when closing position in AuraSpell
#33
sherlock-admin
closed
1 year ago
0
n1punp - Missing slippage control validation in opening position function in AuraSpell
#32
sherlock-admin
closed
1 year ago
0
BugHunter101 - HardVault.sol ,the function withdraw() does not check the token
#31
sherlock-admin
closed
1 year ago
0
BugHunter101 - HardVault.sol ,the function deposit() does not check the token
#30
sherlock-admin
closed
1 year ago
0
BugHunter101 - The burn function in the WAuraPools contract appears to be vulnerable to a reentrancy attack.
#29
sherlock-admin
closed
1 year ago
0
cducrest-brainbot - IchiVaultOracle getPrice will fail during price crashes
#28
sherlock-admin
closed
1 year ago
1
BugHunter101 - Function accrue() does not check if the caller of the function is authorized to trigger the interest accrual for the given bank
#27
sherlock-admin
closed
1 year ago
0
cducrest-brainbot - IchiVaultOracle vulnerable to IchiVault owner change of twap period
#26
sherlock-admin
closed
1 year ago
0
BugHunter101 - takeCollateral() doesn't check whether the caller actually has a corresponding debt position in the bank
#25
sherlock-admin
closed
1 year ago
0
moneyversed - Unchecked return value of external call in joinPool and exitPool
#24
sherlock-admin
closed
1 year ago
0
moneyversed - Potential flashloan attack in openPositionFarm
#23
sherlock-admin
closed
1 year ago
0
moneyversed - AuraSpell can be compromised by a reentrancy attack
#22
sherlock-admin
closed
1 year ago
0
moneyversed - Inconsistent error message format in SoftVault
#21
sherlock-admin
closed
1 year ago
0
moneyversed - Hard Vault has no validation for depositing tokens other than LP tokens
#20
sherlock-admin
closed
1 year ago
0
moneyversed - Reentrancy Attack vulnerability in SoftVault.sol
#19
sherlock-admin
closed
1 year ago
0
moneyversed - Lack of Access Control for CoreOracle.setRoutes
#18
sherlock-admin
closed
1 year ago
0
moneyversed - Incorrect Usage of SafeMath in BBMath Library
#17
sherlock-admin
closed
1 year ago
0
moneyversed - Reentrancy vulnerability in IBank.sol
#16
sherlock-admin
closed
1 year ago
0
n1punp - Transaction will revert when using USDT tokens (or other non-compliant ERC20 tokens)
#15
sherlock-admin
closed
1 year ago
1
moneyversed - Missing access controls for internal functions
#14
sherlock-admin
closed
1 year ago
0
moneyversed - Lack of input validation for the amountCall parameter in the _doERC20TransferIn and _doERC1155TransferIn functions
#13
sherlock-admin
closed
1 year ago
0
moneyversed - Potential reentrancy vulnerability in withdrawLend function
#12
sherlock-admin
closed
1 year ago
0
n1punp - Calculation underflow/overflow in BalancerPairOracle, which will affect pools in Aura Finance
#11
sherlock-admin
opened
1 year ago
7
devScrooge - Accrue function is not called before executing some functions
#10
sherlock-admin
closed
1 year ago
1
ravikiran.web3 - Spell accepts multiple instances of the same strategy
#9
sherlock-admin
closed
1 year ago
0
darksnow - _disableInitializers() function missing in contracts AuraSpell, ConvexSpell, CurveSpell. Anyone can take ownership of the implementation contracts
#8
sherlock-admin
closed
1 year ago
0
darksnow - setWithdrawVaultFeeWindow(...) function in ProtocolConfig.sol does not convert days input parameter in the corresponding uint value
#7
sherlock-admin
closed
1 year ago
0
volodya - withdraw can be paused by the system
#6
sherlock-admin
closed
1 year ago
0
Previous
Next