sherlock-audit 2023-06-Index-judging issues

sherlock-audit / 2023-06-Index-judging

6 stars 2 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

ww4tson - Wrong sign leads to logic bug

#83 sherlock-admin closed 1 year ago
0
0xpinky - Incorrect fee deduction for buy, during the `_createBidInfo` affects the bidding process. Normal user could not able to place bid with hid in-hand fund

#82 sherlock-admin2 closed 1 year ago
0
Avci - Using IERC20() standard will fail for tokens like USDT

#81 sherlock-admin closed 1 year ago
0
Topmark - Precision Lose Possibility

#80 sherlock-admin2 closed 1 year ago
13
Avci - If transferFrom() fails, user can mint _setToken for free.

#79 sherlock-admin closed 1 year ago
0
Topmark - Precision Lose Possibility.

#78 sherlock-admin2 closed 1 year ago
0
Topmark - Precision Lose Possibility

#77 sherlock-admin closed 1 year ago
0
Topmark - Possibility of Precision Lose

#76 sherlock-admin2 closed 1 year ago
0
0xpinky - BoundedStepwiseLogarithmicPriceAdapter : incorrect check for logrithmic overflow. due to this, still overflow is possible

#75 sherlock-admin closed 1 year ago
0
qandisa - transfer() can fail silently, buyer does not receive send token.

#74 sherlock-admin2 closed 1 year ago
0
qandisa - The quoteAsset could have external positions and still be traded

#73 sherlock-admin closed 1 year ago
0
qandisa - Incorrect overflow protection can lead to incorrect pricing from adapters

#72 sherlock-admin2 closed 1 year ago
0
0xarno - Variable _setToken.totalSupply() can cause unintended behaviour in AuctionRebalanceModuleV1.sol

#71 sherlock-admin closed 1 year ago
1
qandisa - Auction is not compatible with modules using external positions

#70 sherlock-admin2 closed 1 year ago
0
qandisa - Auction can never be unlocked early

#69 sherlock-admin closed 1 year ago
0
0xrobsol - Potential price manipulation during bid creation and execution in SetToken rebalancing

#68 sherlock-admin2 closed 1 year ago
0
0xcc - Tokens with fee on transfer are not supported in AuctionRebalanceModuleV1.sol

#67 sherlock-admin closed 1 year ago
0
qpzm - Overflow check is imperfect in `BoundedStepwiseLogarithmicPriceAdapter` and `BoundedStepwiseExponentialPriceAdapter`.

#66 sherlock-admin2 closed 1 year ago
0
twcctop - The approximately equal range is too high for some high-value tokens.

#65 sherlock-admin closed 1 year ago
0
0xcc - Token transfers do not verify that the tokens were successfully transferred.

#64 sherlock-admin2 closed 1 year ago
0
twcctop - Bid creation should have deadline param .

#63 sherlock-admin closed 1 year ago
0
twcctop - compents may change after deposit

#62 sherlock-admin2 closed 1 year ago
0
Oxhunter526 - Division by Zero Error in Time Bucket Calculation

#61 sherlock-admin closed 1 year ago
0
Hama - Missing Success Check in transferFrom Function

#60 sherlock-admin2 closed 1 year ago
0
Oxhunter526 - No revert on Failure on Erc20 Token Transfer

#59 sherlock-admin closed 1 year ago
0
seerether - The normalized target unit can be set to zero

#58 sherlock-admin2 closed 1 year ago
0
ast3ros - Malicious users can exploit the auction and make profit when the SetToken is not locked.

#57 sherlock-admin opened 1 year ago
24
seerether - Bidders can bid more than the available balance of the send token

#56 sherlock-admin2 closed 1 year ago
0
seerether - Imbalance between the excess quote asset and the components being purchased in the raiseAssetTargets() function

#55 sherlock-admin closed 1 year ago
0
seerether - Quote assets can be drained because raiseAssetTargets function is repeatedly called multiple times

#54 sherlock-admin2 closed 1 year ago
0
Arabadzhiev - Malicious actors can DoS users, that want to buy all / most of the remaining quantity of a component, by frontrunning them with dust amount bids

#53 sherlock-admin closed 1 year ago
6
seerether - The execution settings and auction parameters still remain in storage even when the module is removed from the SetToken

#52 sherlock-admin2 closed 1 year ago
0
blackhole - If the `currentUnit` is zero, the `_targetUnmet` function will always revert

#51 sherlock-admin closed 1 year ago
0
blackhole - It needs to check if normalizedTargetUnit is zero in the `_isQuoteAssetExcessOrAtTarget` function

#50 sherlock-admin2 closed 1 year ago
0
Oxhunter526 - Precision Loss in `getPrice` Function

#49 sherlock-admin closed 1 year ago
0
sinarette - Bidding could spend more quotes than it is supposed to

#48 sherlock-admin2 closed 1 year ago
5
dany.armstrong90 - Change price calculation in BoundedStepwiseExponentialPriceAdapter.getPrice() is incorrect.

#47 sherlock-admin closed 1 year ago
0
0x52 - Manger has no way to disable target raises after enabling them

#46 sherlock-admin2 closed 1 year ago
0
0x52 - Target raises can be highly damaging for dutch auctions with multiple components

#45 sherlock-admin opened 1 year ago
15
0x52 - Set tokens with target raises enabled can suffer loss due to sophisticated donation attacks

#44 sherlock-admin2 closed 1 year ago
2
0x52 - BoundedStepwiseExponentialPriceAdapter#getPrice uses incorrect order of operation when calculating priceChange

#43 sherlock-admin closed 1 year ago
0
0x52 - Exponential and logarithmic price adapters will return incorrect pricing when moving from higher dp token to lower dp token

#42 sherlock-admin2 opened 1 year ago
18
0x52 - Full inventory asset purchases can be DOS'd via frontrunning

#41 sherlock-admin opened 1 year ago
30
0x52 - No check for sequencer uptime can lead to dutch auctions executing at bad prices

#40 sherlock-admin2 opened 1 year ago
15
0x007 - price is calculated wrongly in BoundedStepwiseExponentialPriceAdapter

#39 sherlock-admin opened 1 year ago
11
Yuki - SetToken can't be unlocked early.

#38 sherlock-admin2 opened 1 year ago
6
0xSmartContract - block.timestamp means different things on different L2s

#37 sherlock-admin closed 1 year ago
2
Brenzee - Price is not calculated correctly according to the documentation in the contract

#36 sherlock-admin2 closed 1 year ago
0
MohammedRizwan - In AuctionRebalanceModuleV1.sol, startRebalance() does not verify that the _rebalanceDuration has passed/expired

#35 sherlock-admin closed 1 year ago
0
PRAISE - Asset Targets may not be increased at all when allowed bidders call raiseAssetTargets() because raiseTargetPercentage could be zero.

#34 sherlock-admin2 closed 1 year ago
0