sherlock-audit 2023-05-Index-judging issues

sherlock-audit / 2023-05-Index-judging

6 stars 3 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Angry_Mustache_Man - Use BTC/USD chainlink oracle to price WBTC which is problematic if WBTC depegs

#338 sherlock-admin closed 1 year ago
0
MohammedRizwan - Wrong use of access modifier on BaseManagerV2.transferTokens() function

#337 sherlock-admin closed 1 year ago
4
Saeedalipoor01988 - Missing check AMM Pools balance before changes manager address

#336 sherlock-admin closed 1 year ago
0
whitehat - The trade transactions lack of expiration timestamp check

#335 sherlock-admin closed 1 year ago
0
hildingr - Wrong LTV and threshold LTV when in E-Mode

#334 sherlock-admin closed 1 year ago
0
whitehat - removeExtension should validate if the extension is completely paused

#333 sherlock-admin closed 1 year ago
0
whitehat - Deprecated oracle function `latestAnswer()` could bring fund loss

#332 sherlock-admin closed 1 year ago
0
BugBusters - Wrong modifier is being used in interactManager() function

#331 sherlock-admin closed 1 year ago
0
whitehat - Protocol can fall into situation that ripcord reward are all drained

#330 sherlock-admin closed 1 year ago
10
ShadowForce - Wrongly assume the token decimals is 18

#329 sherlock-admin closed 1 year ago
3
hildingr - Ripcord can be pulled when the sequencer is down

#328 sherlock-admin closed 1 year ago
0
ShadowForce - Wrongly assume chainlink oracle decimal is always 8

#327 sherlock-admin closed 1 year ago
0
hildingr - Possible to redeem tokens without repaying debt.

#326 sherlock-admin closed 1 year ago
6
MohammedRizwan - Transaction revert if the Token does not support 0 value transfer

#325 sherlock-admin closed 1 year ago
0
BugBusters - Wrong modifier is being used in `transferTokens()` function

#324 sherlock-admin closed 1 year ago
0
hildingr - Oracle Price miss matched when E-mode uses single oracle

#323 sherlock-admin opened 1 year ago
14
0xpinky - DebtIssuanceModule.sol : `removeModule` will not clear the mapping.

#322 sherlock-admin closed 1 year ago
0
hildingr - Operator is blocked when sequencer is down on Arbitrum

#321 sherlock-admin opened 1 year ago
13
Angry_Mustache_Man - Remaining collateral assets get's stuck

#320 sherlock-admin closed 1 year ago
0
warRoom - Division before multiplication incurs unnecessary precision loss

#319 sherlock-admin closed 1 year ago
0
hildingr - onlyEOA() modifier could be bypassed in the future due to EIP3074

#318 sherlock-admin closed 1 year ago
0
BugBusters - Missing checks for whether Arbitrum Sequencer is active

#317 sherlock-admin closed 1 year ago
0
ShadowForce - 0 value is not allowed

#316 sherlock-admin closed 1 year ago
0
hildingr - Delevering can be blocked by other positions

#315 sherlock-admin closed 1 year ago
0
ShadowForce - The protocol does not compatible with token such as USDT because of the Approval Face Protection

#314 sherlock-admin opened 1 year ago
8
lemonmon - MethodologySettings not validated correctly in AaveLeverageStrategyExtension

#313 sherlock-admin closed 1 year ago
3
BugBusters - Index Coop is vulnerable to attackers sending LTV = 0 collateral tokens, supply/supplyCollateral, bor- row and liquidate operations could stop working

#312 sherlock-admin closed 1 year ago
9
Vagner - `calculateDefaultEditPositionUnit` could revert in multiple cases which will make functions in `TradeWrapModule.sol` or `WrapModuleV2.sol` not work

#311 sherlock-admin closed 1 year ago
0
seerether - Inability to withdraw collaterals

#310 sherlock-admin closed 1 year ago
0
ShadowForce - DOS set token through erc777 hook

#309 sherlock-admin closed 1 year ago
1
erictee - M - Chainlink pricer is using a deprecated API

#308 sherlock-admin closed 1 year ago
0
erictee - M - wrong function name used in _setEModeCategory in AaveV3LeverageStrategyExtension.sol

#307 sherlock-admin closed 1 year ago
0
BugBusters - latestAnswer() has no check for round completeness #9

#306 sherlock-admin closed 1 year ago
0
erictee - M - wrong modifier used in transferTokens function in BaseManagerv2.sol according to the comment.

#305 sherlock-admin closed 1 year ago
0
BugBusters - Deadline is hardcode to block.timestamp in DexAdapter can cause problem like sandwich attack in aave extensions.

#304 sherlock-admin closed 1 year ago
1
Angry_Mustache_Man - Index is vulnerable to attackers sending LTV = 0 collateral tokens, supply/supplyCollateral, borrow and liquidate operations could stop working

#303 sherlock-admin closed 1 year ago
5
BugBusters - Chainlink’s latestAnswer might return stale or incorrect results #8

#302 sherlock-admin closed 1 year ago
0
oxchryston - Tokens sent to `manager` contracts will be lost `forever`.

#301 sherlock-admin closed 1 year ago
0
ShadowForce - Excessive asset from trade / swap is not handled well when deleveraging

#300 sherlock-admin closed 1 year ago
0
ShadowForce - division before multiplication may result in truncation of result

#299 sherlock-admin closed 1 year ago
7
BugBusters - Oracle data feed can be outdated yet used anyways

#298 sherlock-admin closed 1 year ago
0
Phantasmagoria - Protocol assumes that chainlink will return prices with 8 decimals

#297 sherlock-admin closed 1 year ago
0
oxchryston - Chainlink price feed is `deprecated`, not sufficiently validated and can return `stale` prices.

#296 sherlock-admin opened 1 year ago
4
BugBusters - Emode cannot be enable on Aave Leverage Extension due to call to wrong function.

#295 sherlock-admin closed 1 year ago
5
tsvetanovv - Wrong modifier in `transferTokens()`

#294 sherlock-admin closed 1 year ago
0
Phantasmagoria - Attacker can make some functionality of the protocol completely unusable

#293 sherlock-admin closed 1 year ago
8
Phantasmagoria - addLiquidity() function of ammModule.sol reverts every time when adding liquidity

#292 sherlock-admin closed 1 year ago
0
ShadowForce - Lack of consideration when liquidation happens during leverage

#291 sherlock-admin closed 1 year ago
0
BugBusters - Division before multiplication in `_calculateMinRepayUnits` function causes no accurate calculation in delever

#290 sherlock-admin closed 1 year ago
0
Angry_Mustache_Man - Not checking the return value of withdraw function can cause DOS

#289 sherlock-admin closed 1 year ago
0