issues
search
sherlock-audit
/
2023-04-splits-judging
4
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
0x00ffDa - RETRACTED - flash() should not be payable
#99
sherlock-admin
closed
1 year ago
0
R2 - Lack of reentrancy protection
#98
sherlock-admin
closed
1 year ago
0
0xPkhatri - The contract owner accidentally setting the paused state to the same value it was before.
#97
sherlock-admin
closed
1 year ago
0
R2 - Owner role lockout
#96
sherlock-admin
closed
1 year ago
0
chaduke - createDiversifier() lacks the check that ensures that the sum of all ``sortedPercentAllocations`` is equal to 100%
#95
sherlock-admin
closed
1 year ago
0
0x00ffDa - RETRACTED - Loss of funds sent to payback() in base contract
#94
sherlock-admin
closed
1 year ago
0
0x00ffDa - Swapper as an attack vector for taking ERC20 from flash trader accounts
#93
sherlock-admin
closed
1 year ago
4
Cryptor - An adversary can cause the function _transfertobeneficiary to revert
#92
sherlock-admin
closed
1 year ago
0
Cryptor - .
#91
sherlock-admin
closed
1 year ago
0
0xmuxyz - Due to no limitation how many number of the `recipientParams` a caller can be assigned, the transaction of the DiversifierFactory#`createDiversifier()` will be reverted
#90
sherlock-admin
closed
1 year ago
0
chaduke - A malicious user can steal ETH funds from the SwapperImpl contract.
#89
sherlock-admin
closed
1 year ago
0
0xmuxyz - Lack of a validation to check whether or not the total percent allocations in the `sortedPercentAllocations` array would be `100%`, which lead to that the percent allocations would be wrongly set
#88
sherlock-admin
closed
1 year ago
1
chaduke - flash() does not account for $_payback properly, as a result, _transferToBeneficiary() might revert even though there is sufficient balance to cover ``amountToBeneficiary_``.
#87
sherlock-admin
closed
1 year ago
0
0xmuxyz - Due to reaching a gas limit, the transaction of the PassThroughWalletImpl#`passThroughToken()` will be reverted
#86
sherlock-admin
closed
1 year ago
0
Dug - With a pricing discount, value can be stolen from swappers 1 wei at a time
#85
sherlock-admin
closed
1 year ago
0
Ace-30 - SappwerImpl: Malicious trader can drain out tokens because of difference in token decimals
#84
sherlock-admin
closed
1 year ago
0
HexHackers - swapper isn't approved to transfer `amountToBeneficiary` in SwapperImpl.sol
#83
sherlock-admin
closed
1 year ago
0
beelzebufo - The `flash` function has improper data validation
#82
sherlock-admin
closed
1 year ago
0
HexHackers - Loss of funds via payback() external function found in swapperImpl.sol
#81
sherlock-admin
closed
1 year ago
0
amaechieth - Re-entrancy in `flash` allows trader to steal funds from different `Swapper` contracts
#80
sherlock-admin
closed
1 year ago
0
boredpukar - Denial of Service - execCalls at splits-utils could grow indefinitely
#79
sherlock-admin
closed
1 year ago
0
Koolex - Trader could possibly lose funds (i.e. pay more quoteToken)
#78
sherlock-admin
closed
1 year ago
0
Koolex - Swappers owner could possibly receive less token than what they should receive (i.e. loss of funds)
#77
sherlock-admin
closed
1 year ago
0
Koolex - Funds can be completely drained from Swapper
#76
sherlock-admin
closed
1 year ago
1
bretzel - Difficulty to get swapper address if created
#75
sherlock-admin
closed
1 year ago
0
chaduke - No ragequit period control for setDefaultFee(), setDefaultPeriod(), setDefaultScaledOfferFactor(), and setPairOverrides()
#74
sherlock-admin
closed
1 year ago
0
HexHackers - SwapperImpl.sol won't be able to receive ETH as the receive() function is commented out.
#73
sherlock-admin
closed
1 year ago
0
HexHackers - SwapperImpl.sol - uses one oracle source for flash
#72
sherlock-admin
closed
1 year ago
0
HexHackers - ownableImpl.sol's `__initOwnable()` can end up setting address(0) as the new owner as there is no zero-address checker
#71
sherlock-admin
closed
1 year ago
0
volodya - The pair parameters being used and the pair parameters that the user can see are different.
#70
sherlock-admin
closed
1 year ago
0
Ace-30 - Malicious actor can grieve traders by frontrunning flash() and changing balance of one token
#69
sherlock-admin
closed
1 year ago
0
chaduke - execCalls() fails to check that msg.value is equal to the sum of all calli.value.
#68
sherlock-admin
closed
1 year ago
0
chaduke - _safeTransfer() is not safe, silent failures are possible.
#67
sherlock-admin
closed
1 year ago
0
climber2002 - `SwapperImpl.flash` can be frontrun which causes swapper lose tokens
#66
sherlock-admin
closed
1 year ago
0
chaduke - OwnableImpl() lacks some sanity check and a two-step procedure to change ownership.
#65
sherlock-admin
closed
1 year ago
0
chaduke - PausableImpl() lacks some sanity checks
#64
sherlock-admin
closed
1 year ago
0
Cryptor - _getquoteAmount may not return the correct quote due to differences in tick size
#63
sherlock-admin
closed
1 year ago
0
0xeix - Looping over an unbounded array in PassThroughWalletImpl.sol can lead to the state of DoS.
#62
sherlock-admin
closed
1 year ago
0
0xNorman - Lack of two-step role transfer
#61
sherlock-admin
closed
1 year ago
0
obront - Swapper mechanism cannot incentivize ETH-WETH swaps without risking owner funds
#60
sherlock-admin
opened
1 year ago
6
ss3434 - Some ERC20 tokens deduct a fee on transfer
#59
sherlock-admin
closed
1 year ago
0
ss3434 - Black LIst token
#58
sherlock-admin
closed
1 year ago
0
obront - WalletImpl cannot receive NFTs as intended
#57
sherlock-admin
opened
1 year ago
15
ss3434 - Solmate's SafeTransferLib doesn't check whether the ERC20 contract exists
#56
sherlock-admin
closed
1 year ago
0
Ace-30 - swapperImpl.flash() does not account for swap fees and price discrepancies between the oracle and swapper.
#55
sherlock-admin
closed
1 year ago
0
SovaSlava - No timelock mechanism in setDefaultScaledOfferFactor
#54
sherlock-admin
closed
1 year ago
0
SovaSlava - Trader could spend more tokens/eth, than planned - need slippage protection
#53
sherlock-admin
closed
1 year ago
4
Englave - Missing zero check for $passThrough could lead to funds loss
#52
sherlock-admin
closed
1 year ago
0
ctf_sec - the amountToBeneficiary_ is properly converted if the tokenToBeneficiary is ETH and the quote token is not ETH.
#51
sherlock-admin
closed
1 year ago
0
ctf_sec - Wrong logic in SwapperImpl#_transferToBeneficiary
#50
sherlock-admin
closed
1 year ago
1
Previous
Next