issues
search
sherlock-audit
/
2023-04-splits-judging
4
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
test
#149
SovaSlava
closed
1 year ago
0
0xnirlin - Use of block.number in wallet implmentation may cause issues on other chains.
#148
sherlock-admin
closed
1 year ago
0
alexzoid - The potential to bypass the SwapperFactory.isSwapper() check may lead to a loss of funds
#147
sherlock-admin
closed
1 year ago
0
warRoom - Lack of zero address check may lead to redeployment of contracts.
#146
sherlock-admin
closed
1 year ago
0
vivi - 2step transferOwnership need
#145
sherlock-admin
closed
1 year ago
0
0xnirlin - User gets unnecessary reward when baseToken and quoteToken are same. (Reward Farming) leading to loss for beneficiary
#144
sherlock-admin
closed
1 year ago
0
R2 - Using different UniV3 pools may lead to extra fees
#143
sherlock-admin
closed
1 year ago
0
warRoom - Swapper owners ability to configure `_pairOverrides` anytime allows him to steal traders fund.
#142
sherlock-admin
closed
1 year ago
0
0xhacksmithh - Absence Of Contract ```initialization``` For Some Inherited Contract In ```initializer``` of Calle Contract
#141
sherlock-admin
closed
1 year ago
0
0xnirlin - All the tokens can never be swapped and leads to unexpected reverts and missed reward for caller.
#140
sherlock-admin
closed
1 year ago
4
warRoom - Owner can update the oracle anytime to feed the wrong price.
#139
sherlock-admin
closed
1 year ago
0
simon135 - certain conditions that make rounding errors and attacker can steal funds
#138
sherlock-admin
closed
1 year ago
0
7siech - Steal funds from swapper due to loss of precision
#137
sherlock-admin
closed
1 year ago
0
warRoom - Arbitary execution allows Swapper Owner to steal preapproved funds of Traders
#136
sherlock-admin
closed
1 year ago
0
0xhacksmithh - Return Type Of Parent Function And Child Function Doesn't Matched
#135
sherlock-admin
closed
1 year ago
0
0xnirlin - Funds can be stucked in the system or stolen by callers due to payable `flash` function
#134
sherlock-admin
closed
1 year ago
0
0xhacksmithh - Some Funictions Which Should Not Working During The Pause Mode Are Working
#133
sherlock-admin
closed
1 year ago
0
0xnirlin - Caller can steal funds from the swapper `flash` function by reentrancy
#132
sherlock-admin
closed
1 year ago
0
pontifex - Using TWAP oracle prices can be a cause of money losing during high volatility periods
#131
sherlock-admin
closed
1 year ago
4
0xhacksmithh - Absence Of Input Argument For ```oracleParams_._parseIntoOracle();``` Function
#130
sherlock-admin
closed
1 year ago
0
0xnirlin - Use of wrong versions of solady safeTransferLib leads to not clearing the dirty bits.
#129
sherlock-admin
closed
1 year ago
0
Jujic - SwapperFactory is suspicious of the reorg attack
#128
sherlock-admin
closed
1 year ago
0
c7e7eff - Custom factory can be used to create valid looking Diversifiers to steal other users funds
#127
sherlock-admin
closed
1 year ago
0
0xhacksmithh - Wrong Implementation _balanceOf() & _safeTransfer() Functions In PassThroughWalletImpl.sol Contract File
#126
sherlock-admin
closed
1 year ago
0
lil.eth - PercentAllocation total can be > or < 100% as there is no verification
#125
sherlock-admin
closed
1 year ago
0
Tricko - Difference of decimals places between input and output tokens can lead to Swapper's balance to be drained.
#124
sherlock-admin
closed
1 year ago
0
evo - Beneficiary would get unfair of quote amount if the converted tokens are equal
#123
sherlock-admin
closed
1 year ago
0
simon135 - The default configuration for the oralce shouldnt be used
#122
sherlock-admin
closed
1 year ago
0
santipu_ - All factories are vulnerable to reorg attacks
#121
sherlock-admin
closed
1 year ago
0
Tricko - Swapper's `flash` can be frontrunned to prevent swaps.
#120
sherlock-admin
closed
1 year ago
1
simon135 - An attacker can reenter `flash` by using the `ISwapperFlashCallback` callback
#119
sherlock-admin
closed
1 year ago
0
santipu_ - An oracle with defaultScaledOfferFactor at zero will offer 100% discounts on all prices
#118
sherlock-admin
closed
1 year ago
0
theOwl - Price Manipulation through inputting small values for the same pair logic
#117
sherlock-admin
closed
1 year ago
0
c7e7eff - Trader is overpaid when base token is the same as quote token.
#116
sherlock-admin
closed
1 year ago
0
mstpr-brainbot - Uniswap pool might need a hop token to give the most accurate price
#115
sherlock-admin
closed
1 year ago
0
R2 - Loss of funds in SwapperImpl
#114
sherlock-admin
closed
1 year ago
0
theOwl - Oracle Manipulation using Uniswap V3 pool that is not yet deployed
#113
sherlock-admin
closed
1 year ago
0
GalloDaSballo - Most UniV3 Twaps can be attacked via one block pricing attack
#112
sherlock-admin
closed
1 year ago
0
chaduke - setTokenToBeneficiary() fails to send existing ETH In the contract to the beneficiary when it changes $tokenToBeneficiary from ETH to another token.
#111
sherlock-admin
closed
1 year ago
0
martin - Misleading naming could result in not functional contracts and wrong assumptions
#110
sherlock-admin
closed
1 year ago
0
ck - Beneficiary can incur losses due to slippage during a flash call
#109
sherlock-admin
closed
1 year ago
0
martin - Single-step ownership transfer can be dangerous
#108
sherlock-admin
closed
1 year ago
0
mstpr-brainbot - Univ3 oracle can be manipulated if pool is illiquid or non-existed
#107
sherlock-admin
closed
1 year ago
0
chaduke - payback() fails to check that $tokenToBeneficiary == ETH, as a result, ETH collected by payback() will not be sent to the beneficiary and lost in the contract.
#106
sherlock-admin
closed
1 year ago
0
vagrant - vagrant - Missing account existence check for call in WalletImpl.sol
#105
sherlock-admin
closed
1 year ago
0
GalloDaSballo - If Quote Token is on Swapper, then a fee will be paid for a no-op
#104
sherlock-admin
closed
1 year ago
1
GalloDaSballo - Consistent leak of value via UniV3TWAP - Most Tokens are liquid only against one token
#103
sherlock-admin
closed
1 year ago
0
rvierdiiev - UniV3OracleImpl doesn't have ability to pause swapping specific token
#102
sherlock-admin
closed
1 year ago
0
rvierdiiev - SwapperImpl._transferToBeneficiary sends tokens excess to beneficiary without a fee to swapper
#101
sherlock-admin
closed
1 year ago
0
0xPkhatri - Reentrancy Vulnerability in WalletImpl.sol#execCalls Function
#100
sherlock-admin
closed
1 year ago
0
Next