issues
search
sherlock-audit
/
2023-04-splits-judging
4
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
ctf_sec - Reentrancy in SwapperImpl.sol#flash
#49
sherlock-admin
closed
1 year ago
1
ctf_sec - The cost of the price manipulation is low for newly created pool with different fee setting
#48
sherlock-admin
closed
1 year ago
0
ctf_sec - Lack of price oracle output validation can result in wrong or stale price being used in SplitSwapper.sol
#47
sherlock-admin
closed
1 year ago
0
ctf_sec - PassThroughWalletImpl lack default payable keywords to handle the native ETH
#46
sherlock-admin
closed
1 year ago
0
Bauer - CreateOracleParams.factory parameter is not validated
#45
sherlock-admin
closed
1 year ago
0
ast3ros - [M-1] Using UniV3Oracle could allow third parties to get % fee from beneficiary accounts for free.
#44
sherlock-admin
closed
1 year ago
0
Bauer - Overflow error
#43
sherlock-admin
closed
1 year ago
0
J4de - `SwapperFactory.sol#isSwapper` function cannot verify the validity of swapper
#42
sherlock-admin
closed
1 year ago
0
Bauer - Front-run attack to flash function
#41
sherlock-admin
closed
1 year ago
0
J4de - `SwapperImpl.sol#_transferToTrader` price may not match expectations
#40
sherlock-admin
closed
1 year ago
0
J4de - The owner can frontrunning call `UniV3OracleImpl.sol#setDefaultScaledOfferFactor` to manipulate the price to deceive users
#39
sherlock-admin
closed
1 year ago
0
J4de - The owner can frontrunning call `SwapperImpl.sol#setOracle` to manipulate the price to deceive users
#38
sherlock-admin
closed
1 year ago
0
J4de - `SwapperImpl.sol#flash` does not set the minimum payment amount, which may be attacked by price manipulation
#37
sherlock-admin
closed
1 year ago
1
J4de - Attackers can steal funds when `cqp.cBase` and `cqp.cQuote` of `UniV3OracleImpl.sol#_getQuetoAmount` are the same
#36
sherlock-admin
closed
1 year ago
0
J4de - `OwnableImpl.sol#transferOwnership` may transfer onwer to an address that does not have the ability to receive
#35
sherlock-admin
closed
1 year ago
0
J4de - The diversifer generated by `DiversifierFactory.sol#createDiversifier` cannot call the admin function of the sub-contract
#34
sherlock-admin
closed
1 year ago
0
J4de - `UniV3OracleImpl.sol#_getQuoteAmount` If `po.fee` is 0, there may be unexpected fees
#33
sherlock-admin
closed
1 year ago
0
Bauer - Unprotected slippage tolerance can lead to user/protocol loss of funds
#32
sherlock-admin
closed
1 year ago
0
Bauer - User will lose assets
#31
sherlock-admin
closed
1 year ago
0
0xRobocop - Beneficiary will receive less tokenToBeneficiary when it recieves profit in the form of tokenToBeneficiary tokens.
#30
sherlock-admin
closed
1 year ago
0
obront - Owner can steal accumulated `payback`
#29
sherlock-admin
closed
1 year ago
1
obront - Pairs with liquid UniV2 pools but illiquid UniV3 pools are prone to oracle manipulation
#28
sherlock-admin
closed
1 year ago
2
obront - Oracle is susceptible to attacks if deployed on Optimism
#27
sherlock-admin
closed
1 year ago
1
obront - Tokens without UniV3 pairs with `tokenToBeneficiary` can be stolen by an attacker
#26
sherlock-admin
opened
1 year ago
4
moneyversed - PassThroughWalletImpl passThroughTokens function is not checking for empty input
#25
sherlock-admin
closed
1 year ago
0
moneyversed - No input validation for the passThrough address
#24
sherlock-admin
closed
1 year ago
0
moneyversed - Missing access control in PassThroughWalletImpl initializer function
#23
sherlock-admin
closed
1 year ago
0
moneyversed - No Input Validation for Length of Arrays in SwapperImpl.sol
#22
sherlock-admin
closed
1 year ago
0
moneyversed - Reentrancy Attack in SwapperImpl.sol
#21
sherlock-admin
closed
1 year ago
0
moneyversed - Unbounded For Loop in SwapperImpl.sol
#20
sherlock-admin
closed
1 year ago
0
nobody2018 - If the contract that calls SwapperImpl.flash uses verifyCallback in the SwapperCallbackValidation library to verify msg.sender, it will cause a heavy funds loss
#19
sherlock-admin
closed
1 year ago
0
ginlee - [M-1]Two Step Transfer
#18
sherlock-admin
closed
1 year ago
0
moneyversed - Lack of access control in createOracle function of IOracleFactory.sol
#17
sherlock-admin
closed
1 year ago
0
moneyversed - Incomplete input validation for _parseIntoOracle function in OracleParams.sol
#16
sherlock-admin
closed
1 year ago
0
moneyversed - Potential front-running vulnerability in UniV3OracleFactory
#15
sherlock-admin
closed
1 year ago
0
moneyversed - Unprotected function call in WalletImpl.sol
#14
sherlock-admin
closed
1 year ago
0
obront - Swapper owner can frontrun callers of `flash()`, stealing funds
#13
sherlock-admin
closed
1 year ago
1
obront - Oracle tick rounding the wrong direction can lead to Swapper overpaying for swap
#12
sherlock-admin
opened
1 year ago
2
obront - Oracle overrides will not support Uniswap pools with no fee
#11
sherlock-admin
closed
1 year ago
1
obront - Creating a diversifier in `paused` state doesn't pause all components
#10
sherlock-admin
closed
1 year ago
0
obront - SwapperCallbackValidation doesn't do anything, opens up users to having contracts drained
#9
sherlock-admin
opened
1 year ago
2
volodya - Its possible to create multiple swappers with the same params
#8
sherlock-admin
closed
1 year ago
0
ravikiran.web3 - PassThroughWalletImpl's setPassThrough() function can accept address(0x0) could cause loss of funds
#7
sherlock-admin
closed
1 year ago
0
ravikiran.web3 - PassThroughWalletImpl can accept address(0x0) as owner
#6
sherlock-admin
closed
1 year ago
0
climber2002 - Use two steps owner transfer
#5
sherlock-admin
closed
1 year ago
0
ravikiran.web3 - CreateSwapper accepts address(0x0) as owner
#4
sherlock-admin
closed
1 year ago
0
ravikiran.web3 - Owner of UniV3OracleImpl could be address(0x0)
#3
sherlock-admin
closed
1 year ago
0
holyhansss - an invalid transaction can cause entire transaction to revert in executeCall()
#2
sherlock-admin
closed
1 year ago
0
holyhansss - Excess eth is not refunded
#1
sherlock-admin
closed
1 year ago
0
Previous