sherlock-audit 2023-04-hubble-exchange-judging issues

sherlock-audit / 2023-04-hubble-exchange-judging

7 stars 6 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

0xpinky - lack of slippage protection in `_liquidateFlexible`

#256 sherlock-admin closed 1 year ago
0
BugBusters - possible precision loss in `openPosition()` function

#255 sherlock-admin closed 1 year ago
0
0xpinky - HubbleReferral.sol : referral code does not have expiry.

#254 sherlock-admin closed 1 year ago
0
BugBusters - `getUnderlyingPrice()` might return stale or incorrect results

#253 sherlock-admin closed 1 year ago
0
BugBusters - `getUnderlyingPrice()` will return the wrong price for asset if underlying aggregator hits minAnswer

#252 sherlock-admin closed 1 year ago
0
lemonmon - `Oracle.getUnderlyingPrice` not checking Oracle answer for staleness

#251 sherlock-admin closed 1 year ago
0
BugBusters - `getUnderlyingPrice()` doesn't check If Arbitrum sequencer is down in Chainlink feeds

#250 sherlock-admin closed 1 year ago
0
lemonmon - Potential DOS condition due to exceeding block gas limit when calling `ClearingHouse.settleFunding()`

#249 sherlock-admin closed 1 year ago
0
lemonmon - Potential accounting problems due to issue in `ClearingHouse.updatePositions()`

#248 sherlock-admin opened 1 year ago
9
BugBusters - ChainLink latestRoundData() has no check for round completeness

#247 sherlock-admin closed 1 year ago
0
lemonmon - Malicious actor can steal funds from other depositors

#246 sherlock-admin closed 1 year ago
0
Bauchibred - Liquidations will be frozen if a token's oracle goes down or chainlink reverts call for any reason

#245 sherlock-admin closed 1 year ago
0
Bauchibred - An outrageously different price could be used in the case where all of the last hour data is negative in `getRoundData()`

#244 sherlock-admin closed 1 year ago
10
Bauchibred - DOS to MarginAccount::isLiquidatable() or any other function that calls this

#243 sherlock-admin closed 1 year ago
0
0xpinky - ClearingHouse.sol : contract does not have function to blacklist an AMM though it has function to whitelist.

#242 sherlock-admin closed 1 year ago
0
Bauchibred - No `minAnswer/maxAnswer` Circuit Breaker Checks while Querying Prices in Oracle.sol

#241 sherlock-admin opened 1 year ago
2
minhtrng - Stable prices pose risk in times of volatility

#240 sherlock-admin closed 1 year ago
0
Bauchibred - Pricing on liquidations can still be bogus

#239 sherlock-admin closed 1 year ago
0
Bauchibred - Hubble assumes stablecoins never depeg

#238 sherlock-admin closed 1 year ago
0
0xpinky - Oracle.sol : freshness of oracle data is not validated.

#237 sherlock-admin closed 1 year ago
0
minhtrng - No staleness check for oracle price

#236 sherlock-admin closed 1 year ago
0
0xpinky - Oracle.sol: typecasting the negative price into positive and using it as correct price is not safe

#235 sherlock-admin closed 1 year ago
0
BugBusters - User will be forced liquidated

#234 sherlock-admin opened 1 year ago
9
seerether - Collateral can be withdrawn with negative VUSD balance

#233 sherlock-admin closed 1 year ago
0
0xBugBuster - Value could be zero if answer < 100 in Oracle.sol#getUnderlyingPrice

#232 sherlock-admin closed 1 year ago
0
bitsurfer - InsuranceFund First Depositor Can Break Minting of Shares

#231 sherlock-admin closed 1 year ago
0
0xpinky - VUSD.sol : success state is not checked for `call`

#230 sherlock-admin closed 1 year ago
0
Shubham - Funds can be burned & withdrawn earlier due to incorrect `unboundTime`

#229 sherlock-admin closed 1 year ago
0
0x3e84fa45 - Spot market price used as oracle for liquidations

#228 sherlock-admin closed 1 year ago
0
crimson-rat-reach - [MEDIUM] Oracle#getUnderlyingPrice - ChainLinkAdapterOracle will return the wrong price for asset if underlying aggregator hits minAnswer

#227 sherlock-admin closed 1 year ago
0
crimson-rat-reach - [HIGH] InsuranceFund#depositFor - Insurance Fund share mispricing can result in depositors getting 0 shares and attacker stealing all the funds

#226 sherlock-admin closed 1 year ago
0
0xvj - Chainlink’s latestRoundData might return stale or incorrect results

#225 sherlock-admin closed 1 year ago
0
crimson-rat-reach - [HIGH] Insurance Fund#depositFor - Insurance Funds can be manipulated and users can end up with 0 shares and permanent fund loss

#224 sherlock-admin closed 1 year ago
6
seerether - Transaction will still go through despite negative VUSD balance

#223 sherlock-admin closed 1 year ago
0
0x3e84fa45 - Increasing minSizes will freeze positions

#222 sherlock-admin closed 1 year ago
0
0xpinky - HGT.sol#L43 : call() should be used instead of transfer() on an address payable

#221 sherlock-admin closed 1 year ago
0
Hama - Chainlink Oracle will return the wrong price for asset if underlying aggregator hits minAnswer

#220 sherlock-admin closed 1 year ago
0
carrotsmuggler - Inurance Fund susceptible to inflation attacks

#219 sherlock-admin closed 1 year ago
0
carrotsmuggler - Use `call` instead of `transfer`

#218 sherlock-admin closed 1 year ago
0
carrotsmuggler - Incorrect accounting in Insurance fund

#217 sherlock-admin closed 1 year ago
0
carrotsmuggler - Insufficient checks on chainlink prices

#216 sherlock-admin closed 1 year ago
0
carrotsmuggler - Withdrawals can be DDosed by draining gas

#215 sherlock-admin closed 1 year ago
0
Hama - Inaccurate Price Retrieval from Chainlink Oracle

#214 sherlock-admin closed 1 year ago
0
Auditwolf - Orders with status as cancelled or filled cannot be placed again.

#213 sherlock-admin closed 1 year ago
0
james_wu - placeOrders transactions lack of expiration timestamp control

#212 sherlock-admin closed 1 year ago
0
rogue-lion-0619 - Withdrawal period can be bypassed in InsuranceFund.sol

#211 sherlock-admin closed 1 year ago
4
Hama - Potential Underflow in Fee Calculation

#210 sherlock-admin closed 1 year ago
0
Hama - Potential Arithmetic Overflow in TWAP Accumulator Calculation

#209 sherlock-admin closed 1 year ago
0
seerether - Traders can charge fees without having enough balance to cover the fees

#208 sherlock-admin closed 1 year ago
0
Auditwolf - Too low auction price will result in a great losses for the protocol.

#207 sherlock-admin closed 1 year ago
0