issues
search
sherlock-audit
/
2023-04-hubble-exchange-judging
7
stars
6
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
qbs - First depositor can break minting of shares
#206
sherlock-admin
closed
1 year ago
0
Shubham - Buyer can buy all available collateral from an ongoing auction for almost 99% discount leading to massive loss of funds
#205
sherlock-admin
closed
1 year ago
10
darkart - Stale Price in Underlying Asset Price Calculation
#204
sherlock-admin
closed
1 year ago
0
rogue-lion-0619 - User can transfer 1 wei of token to prevent auction from ending then purchase the collateral in a far too discounted and outdated price
#203
sherlock-admin
closed
1 year ago
0
yixxas - Incorrect spread validation when `spreadLimit >= 1e6`
#202
sherlock-admin
closed
1 year ago
7
yixxas - Reducing position size can also put the trader below the required margin due to fees paid
#201
sherlock-admin
closed
1 year ago
10
yixxas - Incorrect use of try/catch can allow calls that are meant to be reverted to not revert
#200
sherlock-admin
closed
1 year ago
0
yixxas - Cancelling `reduceOnly` orders that are partially filled does not release margin
#199
sherlock-admin
closed
1 year ago
2
qbs - Denial of service in VUSD.processWithdrawals function
#198
sherlock-admin
closed
1 year ago
0
darkart - Decimal Truncation in Auction Price Calculation
#197
sherlock-admin
closed
1 year ago
0
rogue-lion-0619 - _liquidateExactRepay has no minSeizeAmount slippage protection
#196
sherlock-admin
closed
1 year ago
2
0x3e84fa45 - Denial of Service through cross-function reentrancy
#195
sherlock-admin
closed
1 year ago
5
lil.eth - Small depositors might receive zero shares due to integer division in depositFor function
#194
sherlock-admin
closed
1 year ago
0
0x3e84fa45 - latestRoundData() doesn't check for stale prices
#193
sherlock-admin
closed
1 year ago
0
ni8mare - No checks for whether Arbitrum sequencer is down
#192
sherlock-admin
closed
1 year ago
0
0x3e84fa45 - Out of Gas DoS on processWithdrawals() make VUSD funds non-withdrawable
#191
sherlock-admin
closed
1 year ago
0
rogue-lion-0619 - Malicious user can removeMargin more than one times
#190
sherlock-admin
closed
1 year ago
2
0x3e84fa45 - User can manipulate price oracles and drain the VUSD contract
#189
sherlock-admin
closed
1 year ago
0
seerether - Negative value of liquidationFee will result to financial losses
#188
sherlock-admin
closed
1 year ago
0
rogue-lion-0619 - Manipulating minted share amount and share price by directly transferring asset to the InsuranceFundPool.sol
#187
sherlock-admin
closed
1 year ago
0
0xvj - Initial deposits of the InsuranceFund can be stolen by front-running
#186
sherlock-admin
closed
1 year ago
0
0x3e84fa45 - Deposits in InsuranceFund can be stolen by frontrunning initial shares calculation
#185
sherlock-admin
closed
1 year ago
0
ni8mare - More checks needed for Chainlink price feed return values
#184
sherlock-admin
closed
1 year ago
11
0x52 - Rogue validators can manipulate funding rates and profit unfairly from liquidations
#183
sherlock-admin
opened
1 year ago
15
kutugu - getRequiredMargin rounding direction errors undercalculated the requiredMargin
#182
sherlock-admin
closed
1 year ago
0
seerether - Burnt shares as a result of transferring shares to zero address (address(0))
#181
sherlock-admin
closed
1 year ago
0
0x3e84fa45 - User with high PnL can avoid liquidation fee
#180
sherlock-admin
closed
1 year ago
9
seerether - Users can unbond more shares than they actually have
#179
sherlock-admin
closed
1 year ago
0
0x3e84fa45 - Collateral can be auctioned off at stale price
#178
sherlock-admin
closed
1 year ago
0
0x52 - Funding settlement will be DOS'd for a time after the phaseID change of an underlying chainlink aggregator
#177
sherlock-admin
opened
1 year ago
1
Delvir0 - Transferring supported pool tokens while totalsupply == 0 will break `despositFor` for the next user
#176
sherlock-admin
closed
1 year ago
0
Delvir0 - User won't receive vusd when withdrawing if balance vusd of InsuranceFund == 0
#175
sherlock-admin
closed
1 year ago
0
osmanozdemir1 - `getUnderlyingPrice()` in the `Oracle.sol` doesn't check if oracle returns stale price.
#174
sherlock-admin
closed
1 year ago
0
twcctop - Cancelling Orders After Partial Execution in executeMatchedOrders() Function
#173
sherlock-admin
closed
1 year ago
0
Delvir0 - Possible to drain all vusd from InsureanceFund if user is the only staker
#172
sherlock-admin
closed
1 year ago
4
ubermensch - Misuse of Constructor in Upgradable Contract
#171
sherlock-admin
closed
1 year ago
0
0x52 - MarginAccountHelper will be bricked if registry.marginAccount or insuranceFund ever change
#170
sherlock-admin
opened
1 year ago
1
kutugu - _liquidateExactRepay is incompatible with collateral decimals less than 6
#169
sherlock-admin
closed
1 year ago
0
0x52 - Malicious users can donate/leave dust amounts of collateral in contract during auctions to buy other collateral at very low prices
#168
sherlock-admin
opened
1 year ago
1
0x52 - Insurance fund suffers from first depositor share manipulation
#167
sherlock-admin
closed
1 year ago
0
0x52 - HGTRemote may be blacklisted causing bridge to become nonfunctional
#166
sherlock-admin
closed
1 year ago
0
0x52 - Use of deprecated payable transfer may cause funds to be permanently locked
#165
sherlock-admin
closed
1 year ago
0
0xvj - No check for zero resulting shares in InsuranceFund leads to loss of user funds
#164
sherlock-admin
closed
1 year ago
0
lil.eth - Self-Liquidation/Self settle Bad debt allowed
#163
sherlock-admin
closed
1 year ago
0
0x52 - Failed withdrawals from VUSD#processWithdrawals will be lost forever
#162
sherlock-admin
opened
1 year ago
3
MohammedRizwan - In OrderBook.sol contract, Use of deprecated draft-EIP712Upgradeable.sol cause security issues
#161
sherlock-admin
closed
1 year ago
0
0x52 - Malicious user can permanently break VUSD#processWithdrawals by wasting all transaction gas
#160
sherlock-admin
closed
1 year ago
0
crimson-rat-reach - [MEDIUM] ClearingHouse#updatePositions - Lack of Enforced Order in Function Calls
#159
sherlock-admin
closed
1 year ago
0
0x52 - Malicious user can permanently break VUSD#processWithdrawals by returning huge amounts of data
#158
sherlock-admin
closed
1 year ago
9
crimson-rat-reach - [MEDIUM] Oracle#getUnderlyingPrice - No stale price checks could lead to price manipulation by the user
#157
sherlock-admin
closed
1 year ago
0
Previous
Next