sherlock-audit 2023-04-gmx-judging issues

sherlock-audit / 2023-04-gmx-judging

2 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

pontifex - Incorrect min balance validation

#279 sherlock-admin closed 1 year ago
0
Chinmay - User can have healthy position even at Zero collateral

#278 sherlock-admin closed 1 year ago
0
ten-on-ten - Logical error when computing `estimatedRemainingCollateralUsd`

#277 sherlock-admin closed 1 year ago
0
Jaraxxus - Malicious keeper can still DoS deposits and gain rewards using the 63/64 rule

#276 sherlock-admin closed 1 year ago
0
ten-on-ten - Un-intended overflow in calculating mid price

#275 sherlock-admin closed 1 year ago
5
ten-on-ten - Deprecated prb-math version

#274 sherlock-admin closed 1 year ago
0
stent - poolAmountAdjustment set but not unset in swapProfitToCollateralToken

#273 sherlock-admin closed 1 year ago
0
Chinmay - Price Impact calculated after Updating OI for Increase Orders

#272 sherlock-admin closed 1 year ago
8
stent - Calc.boundedSub can throw arithmetic overflow

#271 sherlock-admin closed 1 year ago
0
lemonmon - Unnecessary oracle block number restrictions for limit swap orders

#270 sherlock-admin closed 1 year ago
0
stent - Calc.boundedAdd used intitally but later regular subtraction used

#269 sherlock-admin opened 1 year ago
2
stopthecap - Wrong comparison operators

#268 sherlock-admin closed 1 year ago
2
Chinmay - isPositionLiquidatable should use max collateral prices in fees cost calculation

#267 sherlock-admin closed 1 year ago
1
J4de - Funding fee is still counted when the market is pause

#266 sherlock-admin closed 1 year ago
0
J4de - The gas fee when `withOraclePrices` is not included so the gas fee got by the keeper may be less than the spent

#265 sherlock-admin closed 1 year ago
0
Chinmay - The Holding_address in TokenUtils has no way of retreiving funds

#264 sherlock-admin closed 1 year ago
0
J4de - `ReferralUtils.sol#setTraderReferralCode` can be exploited to zore risk trade

#263 sherlock-admin closed 1 year ago
0
IllIllI - No grace period after sequencer outage

#262 sherlock-admin closed 1 year ago
1
IllIllI - Unnecessary loss of precision

#261 sherlock-admin closed 1 year ago
3
IllIllI - Operations may overflow when sign is flipped from negative to positive

#260 sherlock-admin closed 1 year ago
2
IllIllI - Funding fee accounting is incorrect when the number of sides of OI increases to two

#259 sherlock-admin closed 1 year ago
10
IllIllI - Limit orders may not work properly in the block after oracles come back after outages

#258 sherlock-admin closed 1 year ago
9
IllIllI - Virtual swap impacts can be bypassed by swapping through markets where only one of the collateral tokens has virtual inventory

#257 sherlock-admin opened 1 year ago
1
IllIllI - Virtual inventory for swaps is not tracked properly when long/short collateral are the same

#256 sherlock-admin closed 1 year ago
1
IllIllI - The pool adjustment config parameters won't work properly when long and short collateral are the same

#255 sherlock-admin closed 1 year ago
1
IllIllI - Stable prices don't have their values validated like oracle prices do

#254 sherlock-admin closed 1 year ago
14
IllIllI - Overflow protection in `getNextOpenInterestParams()` makes overflow more likely

#253 sherlock-admin closed 1 year ago
6
IllIllI - Using spot prices with moving averages will lead to orders not being executed, and liquidations

#252 sherlock-admin closed 1 year ago
6
IllIllI - Virtual swap balances don't take into account token prices

#251 sherlock-admin opened 1 year ago
2
IllIllI - No UI fee paid for ADL orders even though referral fees are paid for those orders

#250 sherlock-admin closed 1 year ago
1
IllIllI - `initialCollateralDeltaAmount` is incorrectly interpreted as a USD value when calculating estimated remaining collateral

#249 sherlock-admin opened 1 year ago
2
IllIllI - Full impact discounts aren't given if the trigger price can't fulfill the order

#248 sherlock-admin closed 1 year ago
4
IllIllI - Favoring the balancing of pools over virtual impacts defeats the purpose of virtual impacts

#247 sherlock-admin closed 1 year ago
4
IllIllI - Users can get impact pool discounts while also increasing the virtual impact pool skew

#246 sherlock-admin opened 1 year ago
1
IllIllI - `boundedSub()` reverts rather than returning a bounded value, when `type(int256).min` is used

#245 sherlock-admin closed 1 year ago
2
IllIllI - Block hash reorg protection is insufficient after 255 blocks

#244 sherlock-admin closed 1 year ago
7
IllIllI - MIN_ORACLE_SIGNERS may cause users to get liquidated, or get the wrong price

#243 sherlock-admin closed 1 year ago
5
jasonxiale - slippage protection is ignored

#242 sherlock-admin closed 1 year ago
0
IllIllI - Limit swap orders can be used to get a free look into the future

#241 sherlock-admin opened 1 year ago
2
IllIllI - Swaps associated with position orders will use the wrong price

#240 sherlock-admin opened 1 year ago
1
IllIllI - Primary price is used for market orders, rather than secondary prices

#239 sherlock-admin closed 1 year ago
9
IllIllI - Liquidation and ADL orders swap PnL to collateral with unlimited slippage

#238 sherlock-admin closed 1 year ago
10
IllIllI - Traders can get prices prior to their orders using acceptable prices below trigger prices

#237 sherlock-admin closed 1 year ago
1
IllIllI - Traders can get prices prior to their orders using trigger prices

#236 sherlock-admin closed 1 year ago
6
IllIllI - Pool amount adjustments for collateral decreases aren't undone if swaps are successful

#235 sherlock-admin opened 1 year ago
1
IllIllI - Overflow protection adjustment in `getNextOpenInterestForVirtualInventory()` breaks accounting

#234 sherlock-admin closed 1 year ago
2
IllIllI - Stop-loss orders do not become marketable orders

#233 sherlock-admin opened 1 year ago
7
KingNFT - Users cannot seamlessly migrate from other platforms to GMX

#232 sherlock-admin closed 1 year ago
0
lemonmon - The claimable collateral amount is always zero, because the collateral factor is never initialized or adapted or updated.

#231 sherlock-admin closed 1 year ago
0
lemonmon - Stop-loss orders are broken for certain use cases.

#230 sherlock-admin closed 1 year ago
0