issues
search
sherlock-audit
/
2023-06-real-wagmi-judging
3
stars
2
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
rogue-lion-0619 - Suboptimal LP Amount on Deposit
#189
sherlock-admin
closed
1 year ago
0
0xhacksmithh - Hardcoded `MINIUM_AMOUNT` Is Insigificant In Some Token Cases
#188
sherlock-admin
closed
1 year ago
0
ash - Flash Loan Attack Vulnerability in _withdraw() Function
#187
sherlock-admin
closed
1 year ago
0
0xKodak - Missing Intended Implementation
#186
sherlock-admin
closed
1 year ago
0
oxcm - Vulnerability to Front-Running Attacks in Liquidity Provision Function
#185
sherlock-admin
closed
1 year ago
0
ash - Possible precision loss in _checkpositionsRange function
#184
sherlock-admin
closed
1 year ago
0
0xpinky - `_getTicksForPosition` will not determine the valid lower and upper tick when `tickSpacingOffset > 0`
#183
sherlock-admin
closed
1 year ago
0
ash - Possible precision loss in _checkpositionsRange function
#182
sherlock-admin
closed
1 year ago
0
Tri-pathi - Missing Validation *_token0* and *_token1* argument could results in to missing of funds.
#181
sherlock-admin
closed
1 year ago
0
minhtrng - Incorrect usage of slippage protection params
#180
sherlock-admin
closed
1 year ago
11
0xKodak - Improper/ unsupposed Withdrawal of Owed token when user calls ''' function withdraw ( uint lpAmount, .....)''' with lpAmount parameter as 0
#179
sherlock-admin
closed
1 year ago
0
0xdice91 - Loss Of Precision Due To Division Before Multiplication
#178
sherlock-admin
closed
1 year ago
0
Avci - earn() function in the Multipool contract always revert
#177
sherlock-admin
closed
1 year ago
0
Tri-pathi - Missing Validation *_owner* argument could indefinitely lock owner role
#176
sherlock-admin
closed
1 year ago
0
toshii - Excess tokens not used to provide liquidity in the Multipool `deposit` function are effectively stolen from users
#175
sherlock-admin
closed
1 year ago
0
rogue-lion-0619 - Using Spot Liquidity for LP Minting
#174
sherlock-admin
closed
1 year ago
0
BugBusters - Flash Loan Attack Vulnerability in `_withdraw()` Function
#173
sherlock-admin
closed
1 year ago
7
Avci - The estimated remove amount for lp token amount to remove after withdraw is based on total supply can be manipulated and its possible to even withdraw more than share
#172
sherlock-admin
closed
1 year ago
15
0xhacksmithh - While Swapping One Token To Other via `getAmountOut()` Token Decimals Difference Are Not Taken To Consideration
#171
sherlock-admin
closed
1 year ago
0
Tri-pathi - Missing Validation *_owner* argument could indefinitely lock owner role
#170
sherlock-admin
closed
1 year ago
0
0xpinky - Multipool.sol: No fee would be collected when calling the `function earn() external`
#169
sherlock-admin
closed
1 year ago
0
Tri-pathi - Missing Validation *_owner* argument could indefinitely lock owner role
#168
sherlock-admin
closed
1 year ago
0
rogue-lion-0619 - Broken check and logic with different ERC20 token decimals
#167
sherlock-admin
closed
1 year ago
0
stopthecap - Divergence in calculating lp amounts will cause an imbalance depositing and withdrawing
#166
sherlock-admin
closed
1 year ago
9
Tri-pathi - Missing Validation *_owner* argument could indefinitely lock owner role
#165
sherlock-admin
closed
1 year ago
0
Jaraxxus - Factory.getQuoteAtTick() calculates the latest quote at a given tick, instead of a quote at an arbitrary tick
#164
sherlock-admin
closed
1 year ago
0
Avci - The deposit - withdraw - trade transaction lack of expiration timestamp check (DeadLine check)
#163
sherlock-admin
opened
1 year ago
3
mau - Inconsistent array length pose risks for index-based data access
#162
sherlock-admin
closed
1 year ago
0
duc - The `getAmountOut` function in Multipool contract might be permanently unactive or manipulated with low liquidity pools
#161
sherlock-admin
closed
1 year ago
0
BugBusters - Flash Loan Attack Vulnerability in `estimateClaim()` Function
#160
sherlock-admin
closed
1 year ago
6
Tri-pathi - Users could get same lpAmountRemoved (The estimated number of LP tokens) regardless of user's shares in the pool and the accumulated fees.
#159
sherlock-admin
closed
1 year ago
0
0xJuda - User loses funds when withdrawing right after depositing
#158
sherlock-admin
closed
1 year ago
1
toshii - Attacker can bypass fee accounting and effectively steal all fees from any Multipool contract
#157
sherlock-admin
closed
1 year ago
0
lil.eth - Missing call to _optimizeAmount() function when rebalancing
#156
sherlock-admin
closed
1 year ago
0
dipp - Approval to swapTarget is not reset at the end of ```rebalanceAll``` in the multipool
#155
sherlock-admin
closed
1 year ago
2
rogue-lion-0619 - Unsafe downcasting of uint128
#154
sherlock-admin
closed
1 year ago
0
0xhacksmithh - Mechanism For Calculation Of `fee0` and `fee1` In `_withdraw()` Is Wrong.
#153
sherlock-admin
closed
1 year ago
0
toshii - Attacker can prevent any fees from going to admin by front-running calls to `deposit` and `withdraw`
#152
sherlock-admin
closed
1 year ago
0
tnquanghuy0512 - Factory.estimateWithdrawalAmounts ouputs can lead to confusion
#151
sherlock-admin
closed
1 year ago
0
Tri-pathi - Findings
#150
sherlock-admin
closed
1 year ago
0
lil.eth - Unchecked slots may lead to imbalance in token ratios within the contract
#149
sherlock-admin
closed
1 year ago
0
toshii - Factory contract does not support all ERC20 tokens, breaking core protocol requirement
#148
sherlock-admin
closed
1 year ago
0
mau - Duplicate fee addition in _addUnderlyingPool function
#147
sherlock-admin
closed
1 year ago
3
0xdice91 - `Factory.sol` never initialize `owner` for Ownable.sol
#146
sherlock-admin
closed
1 year ago
0
lil.eth - Rounding Errors in the _getTicksForPosition()
#145
sherlock-admin
closed
1 year ago
0
rogue-lion-0619 - Slippage amount0Min and amount1Min only applies partially
#144
sherlock-admin
closed
1 year ago
0
tnquanghuy0512 - Dispatcher.poolInfo can lead to confusions
#143
sherlock-admin
closed
1 year ago
0
duc - The `_estimateWithdrawalLp` function might return a very large value, result in users losing significant incentives or being unable to withdraw from the Dispatcher contract
#142
sherlock-admin
opened
1 year ago
9
karanctf - _withdrawfee can be avoided by setting deviationBP as 0
#141
sherlock-admin
closed
1 year ago
1
karanctf - withdrawfee can be avoided by setting deviationBP as 0
#140
sherlock-admin
closed
1 year ago
0
Next