sherlock-audit 2023-06-dinari-judging issues

sherlock-audit / 2023-06-dinari-judging

5 stars 4 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Avci - Users cant cancel orders because the cancelOrder() function always reverts.

#142 sherlock-admin closed 1 year ago
0
peanuts - Lack of slippage check and deadline can cause user to pay undesired amounts when buying or selling a market order

#141 sherlock-admin closed 1 year ago
0
AlexCzm - Wrong orderId returned by `getOrderIdFromOrderRequest`

#140 sherlock-admin closed 1 year ago
0
0xpinky - OrderProcessor.sol#L330 : requestCancel is not emitting the salt value.

#139 sherlock-admin closed 1 year ago
1
0xpinky - There is no unique way to define the salt value. This will potentially miss the orders.

#138 sherlock-admin closed 1 year ago
0
james_wu - No way to refund to correct original user. Permernant loss

#137 sherlock-admin closed 1 year ago
0
Avci - If the user is added to the USDC/USDT blacklist, then the refund process does not work.

#136 sherlock-admin closed 1 year ago
0
james_wu - requestOrder Front-runnable, Complete DoS

#135 sherlock-admin closed 1 year ago
0
foufrix - ORDERREQUEST_TYPE_HASH is not complete in OrderProcessor.sol

#134 sherlock-admin closed 1 year ago
0
james_wu - No way to stop massive cancel requests on bridge, leads to DoS

#133 sherlock-admin closed 1 year ago
9
gkrastenov - Wrong implementation of EIP-712

#132 sherlock-admin closed 1 year ago
0
foufrix - DEFAULT_ADMIN_ROLE in SellOrderProcessor.sol is not initiliazed

#131 sherlock-admin closed 1 year ago
0
foufrix - DEFAULT_ADMIN_ROLE in DirectBuyOrderIssuer.sol is not initiliazed

#130 sherlock-admin closed 1 year ago
0
foufrix - DEFAULT_ADMIN_ROLE in BuyOrderIssuer.sol is not initiliazed

#129 sherlock-admin closed 1 year ago
0
kutugu - BuyOrderIssuer / SellOrderProcessor feesEarned calculation has precision errors

#128 sherlock-admin closed 1 year ago
0
seerether - Transactional activities can still go even when ordersPaused variable is set to true

#127 sherlock-admin closed 1 year ago
0
peanuts - Fees with low decimals will be truncated to zero

#126 sherlock-admin closed 1 year ago
0
0xpinky - Lack of clarity to classify the order that are requested for order and that are requested for cancel.

#125 sherlock-admin closed 1 year ago
5
Tri-pathi - `ORDERREQUEST_TYPE_HASH` is calculated incorrectly

#124 sherlock-admin closed 1 year ago
0
gkrastenov - Recipient address in OrderRequest is never validated

#123 sherlock-admin closed 1 year ago
6
seerether - Submission of duplicate orders with the same order ID is allowed

#122 sherlock-admin closed 1 year ago
0
Shubham - Wrong use of `feeState.feesEarned` can lead to loss of funds to the treasury

#121 sherlock-admin closed 1 year ago
2
niloy - [QA] Restricted Account Error Handling

#120 sherlock-admin closed 1 year ago
0
vangrim - [HIGH] OrderProcessor#requestedOrder and #fillOrder - Malicious user could monitor the events OrderRequested and Orderfulfilled to perform sandwich attacks causing losses for the users

#119 sherlock-admin closed 1 year ago
0
ni8mare - Possible DoS attack that results in user `requestOrder` to be cancelled.

#118 sherlock-admin closed 1 year ago
0
bitsurfer - Escrow amount balance is not decreased after `fillOrder` in `DirectBuyIssuer`

#117 sherlock-admin closed 1 year ago
0
peanuts - Double accounting of remainingOrder when filling order which may result in underflow

#116 sherlock-admin closed 1 year ago
4
0xpinky - Contracts never initialize owner for Ownable2Step.sol

#115 sherlock-admin closed 1 year ago
0
DevABDee - If a sell order for dShares is executed in partial steps, users may incur additional fees.

#114 sherlock-admin closed 1 year ago
0
0xMosh - Cancelation of order will fail If the recipient is added to the USDC blacklist.

#113 sherlock-admin closed 1 year ago
0
auditsea - `requestCancel` can cause DoS attack

#112 sherlock-admin closed 1 year ago
6
serial-coder - Incorrect calculation of BUY orders' percentage fee

#111 sherlock-admin closed 1 year ago
3
serial-coder - Adding storage gaps for future version upgrades

#110 sherlock-admin closed 1 year ago
0
pengun - Lack of Storage Gap in Upgradable Proxy Pattern in OrderProcessor

#109 sherlock-admin closed 1 year ago
0
serial-coder - Price slippage of underlying assets affects the received asset/payment tokens less than expected

#108 sherlock-admin closed 1 year ago
0
serial-coder - Spam SELL orders can perform a DoS attack on off-chain services

#107 sherlock-admin closed 1 year ago
2
auditsea - `orderId` needs to be unique

#106 sherlock-admin closed 1 year ago
8
pengun - Potential for DoS Attack in OrderProcessor.sol

#105 sherlock-admin closed 1 year ago
0
ni8mare - A large buy order is prone to a sandwich attack.

#104 sherlock-admin closed 1 year ago
0
GiorgioDalla - BridgedERC20: Transfer Restriction Bypass Vulnerability

#103 sherlock-admin closed 1 year ago
0
shtesesamoubiq - Incorrect type in safeTransfer

#102 sherlock-admin closed 1 year ago
0
Shubham - A Blacklisted account can become the owner & restrict other users

#101 sherlock-admin closed 1 year ago
0
holyhansss - Possible DOS in Orderprocessor.requestOrder()

#100 sherlock-admin closed 1 year ago
0
osmanozdemir1 - Canceled order refunds should be sent to the `requester`, not the `recipient`.

#99 sherlock-admin closed 1 year ago
0
DevABDee - The absence of a price threshold option for users can result in users obtaining assets at unexpected & undesired prices.

#98 sherlock-admin closed 1 year ago
0
0xdice91 - Blacklisted `accounts` can still send and receive tokens.

#97 sherlock-admin closed 1 year ago
0
0xyPhilic - Griefing attack can block the protocol Buy orders

#96 sherlock-admin closed 1 year ago
0
Delvir0 - Incorrect function flow when using DirectBuyIssuer to fill order.

#95 sherlock-admin closed 1 year ago
0
0xeix - Check for upper limit for _percentageFeeRate doesn't create necessary protection

#94 sherlock-admin closed 1 year ago
0
kutugu - order has no expiration time and slippage protection

#93 sherlock-admin closed 1 year ago
0