issues
search
sherlock-audit
/
2023-06-dinari-judging
5
stars
4
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
0xeix - There is no upper limit for _perOrderFee in OrderFees.sol
#92
sherlock-admin
closed
1 year ago
0
twcctop - BuyOrderIssuer.sol#_fillBuyOrder doesn't transfer `receivedAmount`
#91
sherlock-admin
closed
1 year ago
0
0xyPhilic - Lack of anti-slippage measure exposes users
#90
sherlock-admin
closed
1 year ago
5
bin2chen - takeEscrow() possible take funds from closed orders
#89
sherlock-admin
closed
1 year ago
0
Delvir0 - Blacklist mechanism is not in place
#88
sherlock-admin
closed
1 year ago
0
Delvir0 - _distributeProceeds incorrectly handles fees to treasury in some cases
#87
sherlock-admin
closed
1 year ago
0
Delvir0 - Order fill process does not check minReceived
#86
sherlock-admin
closed
1 year ago
0
Tri-pathi - Arbitrage opportunity due to different behavior of `Fee` with low and high `inputValue`
#85
sherlock-admin
closed
1 year ago
0
0x007 - Refunds are sent to recipient instead of requester when orders are cancelled
#84
sherlock-admin
closed
1 year ago
0
ihtishamsudo - [M-01] Centralisation Risk For Trusted Owners
#83
sherlock-admin
closed
1 year ago
0
nisedo - No Allowance or Permit set before safeTransferFrom
#82
sherlock-admin
closed
1 year ago
0
chainNue - `DirectBuyIssuer`'s getOrderEscrow amount didn't updated after `_fillOrderAccounting`
#81
sherlock-admin
closed
1 year ago
0
toshii - Users can circumvent blacklist to continue to receive and send tokens
#80
sherlock-admin
closed
1 year ago
0
toshii - The order lifecycle outlined in DirectBuyIssuer will revert in most cases for filled orders
#79
sherlock-admin
closed
1 year ago
0
toshii - Malicious user can prevent treasury from getting fees in BuyOrderIssuer
#78
sherlock-admin
closed
1 year ago
10
0xpanicError - perOrderFlatFee can revert due to overflow
#77
sherlock-admin
closed
1 year ago
0
rugpull_detector - `block.chainid` should be included to generate `orderId` to prevent cross-chain replay attack vector
#76
sherlock-admin
closed
1 year ago
0
rugpull_detector - No Storage gap for upgradable base contracts `OrderProcessor`, `BuyOrderIssuer`
#75
sherlock-admin
closed
1 year ago
0
rugpull_detector - Perpertual non-cancellable order can be created by backrunning `cancelOrder` with `requestOrder`
#74
sherlock-admin
closed
1 year ago
2
rugpull_detector - A malicious user can block any order request by frontrunning it. Front-run victim's tx will revert.
#73
sherlock-admin
closed
1 year ago
0
chainNue - `requestOrder` lack of slippage (mint & burn)
#72
sherlock-admin
closed
1 year ago
0
hals - Operators can take escrow of any cancelled order
#71
sherlock-admin
closed
1 year ago
0
hals - The protocol will pay double of the directBuy order amount if the order escrow is fully taken then fully fulfilled
#70
sherlock-admin
closed
1 year ago
0
hals - `_cancelOrderAccounting` in `SellOrderPeocessor` contract will revert if the `orderRequest.recipient` is a blacklisted account in `BridgedERC20` dShare token
#69
sherlock-admin
closed
1 year ago
0
0xmurali7 - Function parameter name not define
#68
sherlock-admin
closed
1 year ago
0
Kaiziron - Front-running of restrict() function
#67
sherlock-admin
closed
1 year ago
0
dec3ntraliz3d - Front-Running Vulnerability in TransferRestrictor Contract's restrict Function
#66
sherlock-admin
closed
1 year ago
0
p12473 - Orders can be manipulated to make it not profitable to close
#65
sherlock-admin
closed
1 year ago
0
ctf_sec - Bypass the blacklist restriction because the blacklist check is not done when minting or burning
#64
sherlock-admin
opened
1 year ago
5
ctf_sec - TransferRestrictor#restrict can be front-run and user can transfer their dShare out to avoid being blacklisted
#63
sherlock-admin
closed
1 year ago
3
ctf_sec - Griefing attack can DOS all new orders
#62
sherlock-admin
closed
1 year ago
0
ctf_sec - Cancellation refunds should return tokens to order creator, not recipient
#61
sherlock-admin
opened
1 year ago
4
ctf_sec - Lack of slippage protection when executing the order
#60
sherlock-admin
closed
1 year ago
0
ctf_sec - Fund can be infinitely locked in the OrderProcessor contract if external token admin pause the transfer or blacklist the OrderProcessor contract
#59
sherlock-admin
closed
1 year ago
0
ctf_sec - The percentage fee can vary during the life of a sell order
#58
sherlock-admin
closed
1 year ago
8
ctf_sec - Blocklisted recipient or address(0) force operator to waste gas when filling the sell order or filling the cancel order
#57
sherlock-admin
closed
1 year ago
16
ctf_sec - Escrow record not cleared on cancellation and order fill
#56
sherlock-admin
opened
1 year ago
4
ctf_sec - Blocklisted address or address(0) recipient can lock protocol fund when order is partially filled
#55
sherlock-admin
closed
1 year ago
24
01xcoder - prb-math not yet been audited
#54
sherlock-admin
closed
1 year ago
0
0xMAKEOUTHILL - Incorrect OrderRequest keccak256
#53
sherlock-admin
closed
1 year ago
0
0xdice91 - Underflow in `_fillBuyOrder` will lead to `fillOrder` failing.
#52
sherlock-admin
closed
1 year ago
0
Ignite - No Storage Gap in OrderProcessor and BuyOrderIssuer contracts Might Lead to Storage Slot Collision
#51
sherlock-admin
closed
1 year ago
0
Ignite - Front Run of restrict() Function
#50
sherlock-admin
closed
1 year ago
0
0xdice91 - `No` token is `transfered` into the protocol when `requestOrder` is called
#49
sherlock-admin
closed
1 year ago
0
SanketKogekar - Funds could get stuck in the `DirectBuyIssuer.sol` contract which could be remain unaccessable by the Operator (`OPERATOR_ROLE`).
#48
sherlock-admin
closed
1 year ago
0
Ch_301 - The logic can't handle the negative price of the securities
#47
sherlock-admin
closed
1 year ago
3
shogoki - Malicious User can can create orders, which cannot be fulfilled and cause the operator to take loss
#46
sherlock-admin
closed
1 year ago
0
SanketKogekar - The orderId is not deleted when the `requestCancel` function successful executes, which keeps the order alive for further actions.
#45
sherlock-admin
closed
1 year ago
0
p-tsanev - OrderProcessor.sol# - incorrect usage of the BridgedERC20
#44
sherlock-admin
closed
1 year ago
0
SanketKogekar - Incorrect funds will be transffered because of miscalculation in filling orders.
#43
sherlock-admin
closed
1 year ago
0
Previous
Next