sherlock-audit 2023-06-real-wagmi-judging issues

sherlock-audit / 2023-06-real-wagmi-judging

3 stars 2 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

rogue-lion-0619 - Suboptimal LP Amount on Deposit

#189 sherlock-admin closed 1 year ago
0
0xhacksmithh - Hardcoded `MINIUM_AMOUNT` Is Insigificant In Some Token Cases

#188 sherlock-admin closed 1 year ago
0
ash - Flash Loan Attack Vulnerability in _withdraw() Function

#187 sherlock-admin closed 1 year ago
0
0xKodak - Missing Intended Implementation

#186 sherlock-admin closed 1 year ago
0
oxcm - Vulnerability to Front-Running Attacks in Liquidity Provision Function

#185 sherlock-admin closed 1 year ago
0
ash - Possible precision loss in _checkpositionsRange function

#184 sherlock-admin closed 1 year ago
0
0xpinky - `_getTicksForPosition` will not determine the valid lower and upper tick when `tickSpacingOffset > 0`

#183 sherlock-admin closed 1 year ago
0
ash - Possible precision loss in _checkpositionsRange function

#182 sherlock-admin closed 1 year ago
0
Tri-pathi - Missing Validation *_token0* and *_token1* argument could results in to missing of funds.

#181 sherlock-admin closed 1 year ago
0
minhtrng - Incorrect usage of slippage protection params

#180 sherlock-admin closed 1 year ago
11
0xKodak - Improper/ unsupposed Withdrawal of Owed token when user calls ''' function withdraw ( uint lpAmount, .....)''' with lpAmount parameter as 0

#179 sherlock-admin closed 1 year ago
0
0xdice91 - Loss Of Precision Due To Division Before Multiplication

#178 sherlock-admin closed 1 year ago
0
Avci - earn() function in the Multipool contract always revert

#177 sherlock-admin closed 1 year ago
0
Tri-pathi - Missing Validation *_owner* argument could indefinitely lock owner role

#176 sherlock-admin closed 1 year ago
0
toshii - Excess tokens not used to provide liquidity in the Multipool `deposit` function are effectively stolen from users

#175 sherlock-admin closed 1 year ago
0
rogue-lion-0619 - Using Spot Liquidity for LP Minting

#174 sherlock-admin closed 1 year ago
0
BugBusters - Flash Loan Attack Vulnerability in `_withdraw()` Function

#173 sherlock-admin closed 1 year ago
7
Avci - The estimated remove amount for lp token amount to remove after withdraw is based on total supply can be manipulated and its possible to even withdraw more than share

#172 sherlock-admin closed 1 year ago
15
0xhacksmithh - While Swapping One Token To Other via `getAmountOut()` Token Decimals Difference Are Not Taken To Consideration

#171 sherlock-admin closed 1 year ago
0
Tri-pathi - Missing Validation *_owner* argument could indefinitely lock owner role

#170 sherlock-admin closed 1 year ago
0
0xpinky - Multipool.sol: No fee would be collected when calling the `function earn() external`

#169 sherlock-admin closed 1 year ago
0
Tri-pathi - Missing Validation *_owner* argument could indefinitely lock owner role

#168 sherlock-admin closed 1 year ago
0
rogue-lion-0619 - Broken check and logic with different ERC20 token decimals

#167 sherlock-admin closed 1 year ago
0
stopthecap - Divergence in calculating lp amounts will cause an imbalance depositing and withdrawing

#166 sherlock-admin closed 1 year ago
9
Tri-pathi - Missing Validation *_owner* argument could indefinitely lock owner role

#165 sherlock-admin closed 1 year ago
0
Jaraxxus - Factory.getQuoteAtTick() calculates the latest quote at a given tick, instead of a quote at an arbitrary tick

#164 sherlock-admin closed 1 year ago
0
Avci - The deposit - withdraw - trade transaction lack of expiration timestamp check (DeadLine check)

#163 sherlock-admin opened 1 year ago
3
mau - Inconsistent array length pose risks for index-based data access

#162 sherlock-admin closed 1 year ago
0
duc - The `getAmountOut` function in Multipool contract might be permanently unactive or manipulated with low liquidity pools

#161 sherlock-admin closed 1 year ago
0
BugBusters - Flash Loan Attack Vulnerability in `estimateClaim()` Function

#160 sherlock-admin closed 1 year ago
6
Tri-pathi - Users could get same lpAmountRemoved (The estimated number of LP tokens) regardless of user's shares in the pool and the accumulated fees.

#159 sherlock-admin closed 1 year ago
0
0xJuda - User loses funds when withdrawing right after depositing

#158 sherlock-admin closed 1 year ago
1
toshii - Attacker can bypass fee accounting and effectively steal all fees from any Multipool contract

#157 sherlock-admin closed 1 year ago
0
lil.eth - Missing call to _optimizeAmount() function when rebalancing

#156 sherlock-admin closed 1 year ago
0
dipp - Approval to swapTarget is not reset at the end of ```rebalanceAll``` in the multipool

#155 sherlock-admin closed 1 year ago
2
rogue-lion-0619 - Unsafe downcasting of uint128

#154 sherlock-admin closed 1 year ago
0
0xhacksmithh - Mechanism For Calculation Of `fee0` and `fee1` In `_withdraw()` Is Wrong.

#153 sherlock-admin closed 1 year ago
0
toshii - Attacker can prevent any fees from going to admin by front-running calls to `deposit` and `withdraw`

#152 sherlock-admin closed 1 year ago
0
tnquanghuy0512 - Factory.estimateWithdrawalAmounts ouputs can lead to confusion

#151 sherlock-admin closed 1 year ago
0
Tri-pathi - Findings

#150 sherlock-admin closed 1 year ago
0
lil.eth - Unchecked slots may lead to imbalance in token ratios within the contract

#149 sherlock-admin closed 1 year ago
0
toshii - Factory contract does not support all ERC20 tokens, breaking core protocol requirement

#148 sherlock-admin closed 1 year ago
0
mau - Duplicate fee addition in _addUnderlyingPool function

#147 sherlock-admin closed 1 year ago
3
0xdice91 - `Factory.sol` never initialize `owner` for Ownable.sol

#146 sherlock-admin closed 1 year ago
0
lil.eth - Rounding Errors in the _getTicksForPosition()

#145 sherlock-admin closed 1 year ago
0
rogue-lion-0619 - Slippage amount0Min and amount1Min only applies partially

#144 sherlock-admin closed 1 year ago
0
tnquanghuy0512 - Dispatcher.poolInfo can lead to confusions

#143 sherlock-admin closed 1 year ago
0
duc - The `_estimateWithdrawalLp` function might return a very large value, result in users losing significant incentives or being unable to withdraw from the Dispatcher contract

#142 sherlock-admin opened 1 year ago
9
karanctf - _withdrawfee can be avoided by setting deviationBP as 0

#141 sherlock-admin closed 1 year ago
1
karanctf - withdrawfee can be avoided by setting deviationBP as 0

#140 sherlock-admin closed 1 year ago
0