issues
search
sherlock-audit
/
2023-05-perennial-judging
12
stars
9
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
mstpr-brainbot - Vault is not checking if the takers in a product is zero
#145
sherlock-admin
closed
1 year ago
0
nobody2018 - Program.complete may cause subtraction overflow in some cases
#144
sherlock-admin
closed
1 year ago
2
nobody2018 - ProductManager.syncAccount may cause new user to revert in some cases
#143
sherlock-admin
closed
1 year ago
6
Nyx - Self Liquidation
#142
sherlock-admin
closed
1 year ago
0
rvierdiiev - Perennial doesn't convert DSU to the USD and in case of depeg, this can be a problem
#141
sherlock-admin
closed
1 year ago
0
levi - Vault deposit does not check for resulting zero shares
#140
sherlock-admin
closed
1 year ago
8
levi - Incentive program refunds are not claimable
#139
sherlock-admin
closed
1 year ago
15
seeques - Liquidators will not receive any fees if account's newBalance drops below zero
#138
sherlock-admin
closed
1 year ago
2
rvierdiiev - Phase is determined incorrectly for a oracle version inside ChainlinkOracle
#137
sherlock-admin
closed
1 year ago
0
rvierdiiev - ChainlinkOracle.sync provides different rounds with same version id
#136
sherlock-admin
closed
1 year ago
0
kutugu - Chainlink oracle may return stale price when L2 sequencer is down
#135
sherlock-admin
closed
1 year ago
0
kutugu - Oralce price should check freshness
#134
sherlock-admin
closed
1 year ago
0
kutugu - Chainlink getRoundData return value should check timestamp
#133
sherlock-admin
closed
1 year ago
0
Emmanuel - Accounts will not be liquidated when they are meant to.
#132
sherlock-admin
opened
1 year ago
2
Ocean_Sky - Chainlink's latestRoundData return stale or incorrect result
#131
sherlock-admin
closed
1 year ago
0
Ocean_Sky - No checking for status of L2 sequencer on whether it is active or not
#130
sherlock-admin
closed
1 year ago
0
Tricko - Oracle doesn't check if Arbitrum sequencer is offline.
#129
sherlock-admin
closed
1 year ago
0
XDZIBEC - XO-`phaseId` function leading to Invalid round `ID` can be created.
#128
sherlock-admin
closed
1 year ago
0
XDZIBEC - XO-`_search` function does not check for `minRoundId` being equal to `0`
#127
sherlock-admin
closed
1 year ago
0
XDZIBEC - XO-`_versionToPhase` Function Allows `Unauthorized Access`
#126
sherlock-admin
closed
1 year ago
0
XDZIBEC - XO- `ChainlinkRoundLib's`L`phaseId` Function Allows Bypassing Security Measures for Non `64` bit Round `IDs`
#125
sherlock-admin
closed
1 year ago
0
branch_indigo - Collaterals might be incorrectly valued when DSU or USDC depegs leading to under collateralized positions
#124
sherlock-admin
closed
1 year ago
8
Emmanuel - Position fees will cause collateral balance of an account to go below `minCollateral`
#123
sherlock-admin
closed
1 year ago
8
XDZIBEC - XO- `unsafeDiv` Function Allows `Exploitation` and `Unintended Code Execution`
#122
sherlock-admin
closed
1 year ago
0
XDZIBEC - XO-Division by Zero Vulnerability in `unsafeDiv` Function
#121
sherlock-admin
closed
1 year ago
0
XDZIBEC - XO-`unpack` function of `PackedFixed18Lib` allows data loss through improper type casting
#120
sherlock-admin
closed
1 year ago
0
Emmanuel - Users will cheat a Product when its makerFee/takerFee is more than its maintenance
#119
sherlock-admin
closed
1 year ago
7
Madalad - Pragma isn't specified correctly which can lead to nonfunction/damaged contract when deployed on Arbitrum
#118
sherlock-admin
closed
1 year ago
0
mstpr-brainbot - Vaults will fail to work if any of the products of vault are paused
#117
sherlock-admin
closed
1 year ago
0
Madalad - Chainlink aggregators return the incorrect price if it drops below `minAnswer`
#116
sherlock-admin
closed
1 year ago
0
mstpr-brainbot - Frontrunning issue with updateCollateral function in the Controller
#115
sherlock-admin
closed
1 year ago
0
mstpr-brainbot - MultiInvoker contract will fail if controller owner updates the collateral address
#114
sherlock-admin
closed
1 year ago
0
Bauchibred - Pragma isn't specified correctly, which can lead to non-functional/damaged contracts when deployed on Arbitrum
#113
sherlock-admin
closed
1 year ago
0
XDZIBEC - XO-`muldiv()` function can crash if `b` or `c` is `zero`.
#112
sherlock-admin
closed
1 year ago
0
XDZIBEC - XO-`divOut()` Function Does Not Handle Negative `b` Values Correctly
#111
sherlock-admin
closed
1 year ago
0
XDZIBEC - XO-`accumulate()` function can crash if to`Timestamp` is less than `fromTimestamp`
#110
sherlock-admin
closed
1 year ago
0
XDZIBEC - XO- `accumulate` function can crash if utilization ratio is greater than 1.0
#109
sherlock-admin
closed
1 year ago
0
branch_indigo - Liquidations can be done in an unsafe way putting product at risk
#108
sherlock-admin
closed
1 year ago
0
branch_indigo - When product is closed, User can withdraw stagnant PnL from the product
#107
sherlock-admin
closed
1 year ago
0
XDZIBEC - XO- Storage Pointer Vulnerability in `JumpRateUtilizationCurveLib ` and `_storagePointer` function
#106
sherlock-admin
closed
1 year ago
0
sashik_eth - Oracles would not work on Arbitrum
#105
sherlock-admin
closed
1 year ago
0
cergyk - Leveraged trader with small collateral can create a riskless position until settlement
#104
sherlock-admin
opened
1 year ago
7
Emmanuel - Liquidating an account may cause collateral balance of the account to go below `minCollateral`
#103
sherlock-admin
closed
1 year ago
31
mstpr-brainbot - Collateral contract is ignoring maker fee in user liquidation process
#102
sherlock-admin
closed
1 year ago
0
branch_indigo - When the Product is Closed, Users can close positions bypassing `takerInvarient` check allowing positions closed in an Unsafe Way
#101
sherlock-admin
closed
1 year ago
0
supernova - Incorrect bookkeeping in settle hook
#100
sherlock-admin
closed
1 year ago
0
ravikiran.web3 - PriceOracle is a single point of failure, should have alternative price feeds as back up.
#99
sherlock-admin
closed
1 year ago
0
mstpr-brainbot - Vaults will fail if collateral address changes in controller
#98
sherlock-admin
closed
1 year ago
0
XDZIBEC - XO-`Recursive` call to `nonReentrant` function possible due to race condition
#97
sherlock-admin
closed
1 year ago
0
XDZIBEC - XO-`acceptOwner()` function can be called by `unauthorized` users
#96
sherlock-admin
closed
1 year ago
0
Previous
Next