sherlock-audit 2023-05-perennial-judging issues

sherlock-audit / 2023-05-perennial-judging

12 stars 9 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

cergyk - Position with zero collateral can be left opened after settlement or closing position fee

#195 sherlock-admin closed 1 year ago
0
levi - `USDC` depeg risk will affect collateral

#194 sherlock-admin closed 1 year ago
0
rvierdiiev - protocolFee can be updated at any time by protocol

#193 sherlock-admin closed 1 year ago
2
rvierdiiev - fundingFee should be updated in same way as makerFee, takeFee, positioFee

#192 sherlock-admin closed 1 year ago
2
seeques - `sync()` doesn't check whether Arbitrum sequencer is down

#191 sherlock-admin closed 1 year ago
0
AkshaySrivastav - Liquidators can prevent users from making their positions healthy during an unpause

#190 sherlock-admin opened 1 year ago
6
rvierdiiev - Traders should pay fee for the oposite side for the whole time, when protocol was paused

#189 sherlock-admin closed 1 year ago
0
bitsurfer - Chainlink Oracle will return the wrong price for asset if underlying aggregator hits minAnswer (or max)

#188 sherlock-admin closed 1 year ago
0
bitsurfer - No check if Arbitrum L2 sequencer is down

#187 sherlock-admin closed 1 year ago
0
bitsurfer - Users are unable to obtain the remaining unclaimed collateral when `totalCollateral` less than `unclaimedTotal`

#186 sherlock-admin closed 1 year ago
0
bitsurfer - Perennial (Incentivizer) Reward Token open to decimal issue

#185 sherlock-admin closed 1 year ago
5
bitsurfer - Perennial `oracleVersion` increasing monotonic, while the Chainlink roundId may not be monotonic

#184 sherlock-admin closed 1 year ago
1
tvdung94 - Updating collateral address in controller will cause some conflicts for the system

#183 sherlock-admin closed 1 year ago
1
GiorgioDalla - Lack of Arbitrum Sequencer Down Check in Key Chainlink Feed Functions

#182 sherlock-admin closed 1 year ago
0
yixxas - Sequencer downtime is not checked when using Chainlink oracle

#181 sherlock-admin closed 1 year ago
0
yixxas - Chainlink oracle pricing will return a wrong price for asset if underlying aggregator hits minPrice

#180 sherlock-admin closed 1 year ago
4
yixxas - Possible permanent DOS on market `settle()`

#179 sherlock-admin closed 1 year ago
0
yixxas - Wrong implementation in `_providerContract()`

#178 sherlock-admin closed 1 year ago
0
levi - Griefing attack against users in `BalancedVault`

#177 sherlock-admin closed 1 year ago
0
levi - `BalancedVault` `sync()` can be gamed to gain an advantage

#176 sherlock-admin closed 1 year ago
0
rvierdiiev - Several contracts from root package use floating pragma ^0.8.13 and store value using assembly

#175 sherlock-admin closed 1 year ago
3
tvdung94 - Users can be forced to claim assets at bad rate in some cases

#174 sherlock-admin opened 1 year ago
3
sakshamguruji - Missing checks for whether Arbitrum Sequencer is active

#173 sherlock-admin closed 1 year ago
0
0xmuxyz - `0` (`address(0)`) would be assigned into the `onlyOwner()` modifier on each update function, which lead to a bad situation that each parameter would never be able to updated

#172 sherlock-admin closed 1 year ago
0
0xmuxyz - Lack of access control modifier on the Product#`closeTakeFor()` and the Product#`closeMakeFor()`, which allow a malicious user to be freely able to close any existing user's Maker/Taker position

#171 sherlock-admin closed 1 year ago
0
cergyk - A malicious user can create a maker position to imbalance vault

#170 sherlock-admin closed 1 year ago
17
SolidityATL - balancedVault's approve function is vulnerable to frontrunning attacks

#169 sherlock-admin closed 1 year ago
0
SolidityATL - Vulnerable unpause logic flow lead to unfair forced liquidations

#168 sherlock-admin closed 1 year ago
3
SolidityATL - No check for active Arbitrum Sequencer in Chainlink feeds

#167 sherlock-admin closed 1 year ago
0
XDZIBEC - XO-`settle` function does not check if the `pre` variable is actually set

#166 sherlock-admin closed 1 year ago
0
XDZIBEC - XO-` SyncTo` function does not check if the ` versionTo` is actually greater than or equal to the ` latestVersion` .

#165 sherlock-admin closed 1 year ago
0
XDZIBEC - XO-`_transform` function does not check if the `payoffDefinition` is actually a valid `PayoffDefinition`

#164 sherlock-admin closed 1 year ago
0
XDZIBEC - XO-`updateUtilizationCurve` function does not check if the `newUtilizationCurve` is actually a valid `JumpRateUtilizationCurve`.

#163 sherlock-admin closed 1 year ago
0
XDZIBEC - XO-`deductFee` function allows attacker to avoid paying `fees`

#162 sherlock-admin closed 1 year ago
0
XDZIBEC - XO-`computeFee` function allows attacker to avoid paying fees

#161 sherlock-admin closed 1 year ago
0
Nyx - New positions can be liquidated instantly

#160 sherlock-admin closed 1 year ago
0
XDZIBEC - XO-`_payoffFromContract()` function could allow for invalid `Fixed18` values to be returned

#159 sherlock-admin closed 1 year ago
0
Ocean_Sky - Missing slippage protection on _settleAccount function

#158 sherlock-admin closed 1 year ago
0
XDZIBEC - XO-`sum()` function does not check for `non-zero` values

#157 sherlock-admin closed 1 year ago
0
XDZIBEC - XO- `Unchecked` Completion in `_complete()` Function Enables Rewards Theft

#156 sherlock-admin closed 1 year ago
0
XDZIBEC - XO- `_unsettled()` Function Allows Reward Theft

#155 sherlock-admin closed 1 year ago
0
n33k - _chargeFee in MultiInvoker could be an unwitting accomplice of fishing attack

#154 sherlock-admin closed 1 year ago
7
XDZIBEC - XO-The `onlyCollateral` modifier does not check to see if the `controller().collateral()` function returns a valid address.

#153 sherlock-admin closed 1 year ago
0
mstpr-brainbot - Unintended Vault Operation Due to Product Settling and Oracle Version Skips

#152 sherlock-admin opened 1 year ago
15
branch_indigo - Malicious Product Owner Can Front Run Open Make/Take Position with High Maker/Taker Fees

#151 sherlock-admin closed 1 year ago
0
nobody2018 - Reward tokens belonging to BalancedVault will be stuck in the Incentivizer contract

#150 sherlock-admin closed 1 year ago
0
Nyx - Position owner can withdraw all his collateral without closing a position

#149 sherlock-admin closed 1 year ago
0
Brenzee - `BalancedVault.sol` does not comply with ERC4626 standard

#148 sherlock-admin closed 1 year ago
2
supernova - Multi Invoker cannot be initialized

#147 sherlock-admin closed 1 year ago
0
Nyx - Borrowers can liquidated when they are not in bad debt.

#146 sherlock-admin closed 1 year ago
2

Previous Next