sherlock-audit 2023-04-splits-judging issues

sherlock-audit / 2023-04-splits-judging

4 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

test

#149 SovaSlava closed 1 year ago
0
0xnirlin - Use of block.number in wallet implmentation may cause issues on other chains.

#148 sherlock-admin closed 1 year ago
0
alexzoid - The potential to bypass the SwapperFactory.isSwapper() check may lead to a loss of funds

#147 sherlock-admin closed 1 year ago
0
warRoom - Lack of zero address check may lead to redeployment of contracts.

#146 sherlock-admin closed 1 year ago
0
vivi - 2step transferOwnership need

#145 sherlock-admin closed 1 year ago
0
0xnirlin - User gets unnecessary reward when baseToken and quoteToken are same. (Reward Farming) leading to loss for beneficiary

#144 sherlock-admin closed 1 year ago
0
R2 - Using different UniV3 pools may lead to extra fees

#143 sherlock-admin closed 1 year ago
0
warRoom - Swapper owners ability to configure `_pairOverrides` anytime allows him to steal traders fund.

#142 sherlock-admin closed 1 year ago
0
0xhacksmithh - Absence Of Contract ```initialization``` For Some Inherited Contract In ```initializer``` of Calle Contract

#141 sherlock-admin closed 1 year ago
0
0xnirlin - All the tokens can never be swapped and leads to unexpected reverts and missed reward for caller.

#140 sherlock-admin closed 1 year ago
4
warRoom - Owner can update the oracle anytime to feed the wrong price.

#139 sherlock-admin closed 1 year ago
0
simon135 - certain conditions that make rounding errors and attacker can steal funds

#138 sherlock-admin closed 1 year ago
0
7siech - Steal funds from swapper due to loss of precision

#137 sherlock-admin closed 1 year ago
0
warRoom - Arbitary execution allows Swapper Owner to steal preapproved funds of Traders

#136 sherlock-admin closed 1 year ago
0
0xhacksmithh - Return Type Of Parent Function And Child Function Doesn't Matched

#135 sherlock-admin closed 1 year ago
0
0xnirlin - Funds can be stucked in the system or stolen by callers due to payable `flash` function

#134 sherlock-admin closed 1 year ago
0
0xhacksmithh - Some Funictions Which Should Not Working During The Pause Mode Are Working

#133 sherlock-admin closed 1 year ago
0
0xnirlin - Caller can steal funds from the swapper `flash` function by reentrancy

#132 sherlock-admin closed 1 year ago
0
pontifex - Using TWAP oracle prices can be a cause of money losing during high volatility periods

#131 sherlock-admin closed 1 year ago
4
0xhacksmithh - Absence Of Input Argument For ```oracleParams_._parseIntoOracle();``` Function

#130 sherlock-admin closed 1 year ago
0
0xnirlin - Use of wrong versions of solady safeTransferLib leads to not clearing the dirty bits.

#129 sherlock-admin closed 1 year ago
0
Jujic - SwapperFactory is suspicious of the reorg attack

#128 sherlock-admin closed 1 year ago
0
c7e7eff - Custom factory can be used to create valid looking Diversifiers to steal other users funds

#127 sherlock-admin closed 1 year ago
0
0xhacksmithh - Wrong Implementation _balanceOf() & _safeTransfer() Functions In PassThroughWalletImpl.sol Contract File

#126 sherlock-admin closed 1 year ago
0
lil.eth - PercentAllocation total can be > or < 100% as there is no verification

#125 sherlock-admin closed 1 year ago
0
Tricko - Difference of decimals places between input and output tokens can lead to Swapper's balance to be drained.

#124 sherlock-admin closed 1 year ago
0
evo - Beneficiary would get unfair of quote amount if the converted tokens are equal

#123 sherlock-admin closed 1 year ago
0
simon135 - The default configuration for the oralce shouldnt be used

#122 sherlock-admin closed 1 year ago
0
santipu_ - All factories are vulnerable to reorg attacks

#121 sherlock-admin closed 1 year ago
0
Tricko - Swapper's `flash` can be frontrunned to prevent swaps.

#120 sherlock-admin closed 1 year ago
1
simon135 - An attacker can reenter `flash` by using the `ISwapperFlashCallback` callback

#119 sherlock-admin closed 1 year ago
0
santipu_ - An oracle with defaultScaledOfferFactor at zero will offer 100% discounts on all prices

#118 sherlock-admin closed 1 year ago
0
theOwl - Price Manipulation through inputting small values for the same pair logic

#117 sherlock-admin closed 1 year ago
0
c7e7eff - Trader is overpaid when base token is the same as quote token.

#116 sherlock-admin closed 1 year ago
0
mstpr-brainbot - Uniswap pool might need a hop token to give the most accurate price

#115 sherlock-admin closed 1 year ago
0
R2 - Loss of funds in SwapperImpl

#114 sherlock-admin closed 1 year ago
0
theOwl - Oracle Manipulation using Uniswap V3 pool that is not yet deployed

#113 sherlock-admin closed 1 year ago
0
GalloDaSballo - Most UniV3 Twaps can be attacked via one block pricing attack

#112 sherlock-admin closed 1 year ago
0
chaduke - setTokenToBeneficiary() fails to send existing ETH In the contract to the beneficiary when it changes $tokenToBeneficiary from ETH to another token.

#111 sherlock-admin closed 1 year ago
0
martin - Misleading naming could result in not functional contracts and wrong assumptions

#110 sherlock-admin closed 1 year ago
0
ck - Beneficiary can incur losses due to slippage during a flash call

#109 sherlock-admin closed 1 year ago
0
martin - Single-step ownership transfer can be dangerous

#108 sherlock-admin closed 1 year ago
0
mstpr-brainbot - Univ3 oracle can be manipulated if pool is illiquid or non-existed

#107 sherlock-admin closed 1 year ago
0
chaduke - payback() fails to check that $tokenToBeneficiary == ETH, as a result, ETH collected by payback() will not be sent to the beneficiary and lost in the contract.

#106 sherlock-admin closed 1 year ago
0
vagrant - vagrant - Missing account existence check for call in WalletImpl.sol

#105 sherlock-admin closed 1 year ago
0
GalloDaSballo - If Quote Token is on Swapper, then a fee will be paid for a no-op

#104 sherlock-admin closed 1 year ago
1
GalloDaSballo - Consistent leak of value via UniV3TWAP - Most Tokens are liquid only against one token

#103 sherlock-admin closed 1 year ago
0
rvierdiiev - UniV3OracleImpl doesn't have ability to pause swapping specific token

#102 sherlock-admin closed 1 year ago
0
rvierdiiev - SwapperImpl._transferToBeneficiary sends tokens excess to beneficiary without a fee to swapper

#101 sherlock-admin closed 1 year ago
0
0xPkhatri - Reentrancy Vulnerability in WalletImpl.sol#execCalls Function

#100 sherlock-admin closed 1 year ago
0