sherlock-audit 2023-06-symmetrical-judging issues

sherlock-audit / 2023-06-symmetrical-judging

5 stars 4 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

simon135 - PartyB before A liquidation can tranfser out and not get liquidated in`transferAllocation`

#352 sherlock-admin closed 1 year ago
0
simon135 - There is no way for the system to make sure the user Already got its pnl and take some action on it in `partyAAvailableForQuote`

#351 sherlock-admin closed 1 year ago
0
AkshaySrivastav - `openPosition`: Insufficient validation on `openedPrice` input parameter

#350 sherlock-admin closed 1 year ago
1
nican0r - Incorrect accounting in openPosition partially fill logic

#349 sherlock-admin closed 1 year ago
0
cergyk - PartyB nonce is not incremented during liquidation and can lead to signature reuse

#348 sherlock-admin closed 1 year ago
0
shealtielanz - Unsafe casting of int256 to uint256 could lead to overflow and Incorrect calculation.

#347 sherlock-admin closed 1 year ago
0
GiorgioDalla - Allocation Discrepancy in LiquidatePartyB Function

#346 sherlock-admin closed 1 year ago
0
simon135 - Their is no limit on how many positions PartyB can take and it can cause dos in the system/free profit

#345 sherlock-admin closed 1 year ago
0
shealtielanz - Missing Initializer in ControlFacet.sol

#344 sherlock-admin closed 1 year ago
0
Kose - Forcing is not possible due to high cooldown

#343 sherlock-admin closed 1 year ago
0
simon135 - If liquiation is not called in few blocks/timestmaps PartyB other positions can't be liquidated and funds will stuck in ` liquidatePositionsPartyB`

#342 sherlock-admin closed 1 year ago
0
SAAJ - Some tokens may revert when zero value transfers are made

#341 sherlock-admin closed 1 year ago
0
SAAJ - Ownership can be transferred to anyone

#340 sherlock-admin closed 1 year ago
0
SAAJ - Division with large numbers results in zero

#339 sherlock-admin closed 1 year ago
0
simon135 - `liquidatePendingPositionsPartyA` dosnt give fee back when PartyA has positions in pending and instead liquidates them which should'nt happen

#338 sherlock-admin closed 1 year ago
0
SAAJ - Contract is vulnerable to fee-on-transfer accounting-related issues

#337 sherlock-admin closed 1 year ago
0
AkshaySrivastav - Liquidators can prevent users from making their positions healthy during an unpause

#336 sherlock-admin opened 1 year ago
9
SAAJ - Centralization risk for trusted owners

#335 sherlock-admin closed 1 year ago
0
AkshaySrivastav - The protocol allows opening a max possible position but prevents the user from keeping it healthy

#334 sherlock-admin closed 1 year ago
0
simon135 - An attacker can create a position with just UPNL which should not be allowed in `sendQuote`

#333 sherlock-admin closed 1 year ago
0
simon135 - since their is no check in openPosition for partyA pendingQuotes PartyA can get around the check for pendingPositions limits

#332 sherlock-admin closed 1 year ago
0
Kose - Malicious PartyB can force their PartyA's into liquidation

#331 sherlock-admin closed 1 year ago
5
SanketKogekar - The function `LibQuote.returnTradingFee` and `LibQuote.receiveTradingFee` misses an important check which can cause loss for the protocol.

#330 sherlock-admin closed 1 year ago
0
josephdara - Precision loss due to integer underflow

#329 sherlock-admin closed 1 year ago
9
simon135 - liquidatePositionsPartyA when we close the positions the pending wont be cleared and length wont be decreased

#328 sherlock-admin closed 1 year ago
0
AkshaySrivastav - `sendQuote`: Fee collection at last can itself make a position underwater

#327 sherlock-admin closed 1 year ago
0
simon135 - since we dont pop of `PartyAPendingQuotes` from the array The user wont be able to to use the protocol again

#326 sherlock-admin closed 1 year ago
0
simon135 - we never pop of `liquiditor` from the array causing no incentives for liquiditor after the first liquidation in the system in `liquidatePositionsPartyA`

#325 sherlock-admin closed 1 year ago
10
josephdara - DOS for accounts if liquidation expires.

#324 sherlock-admin closed 1 year ago
0
simon135 - PartyA can control liquidations in `liquidatePartyA`

#323 sherlock-admin closed 1 year ago
0
SanketKogekar - No Issue

#322 sherlock-admin closed 1 year ago
0
cergyk - Liquidator can get liquidation fee two times for the same quote

#321 sherlock-admin closed 1 year ago
0
simon135 - no check for exipred Price Timestamp like in PartyB which can cause price staleness

#320 sherlock-admin closed 1 year ago
0
AkshaySrivastav - Dust amount due to 18 decimals precision can be combined to pull out whole token amounts.

#319 sherlock-admin closed 1 year ago
5
simon135 - FeeCollector can get ouf WithdrawCooldown in `receiveTradingFees`

#318 sherlock-admin closed 1 year ago
5
panprog - Suspended partyB can use another partyA to transfer fraudlent funds via artificial profit/loss

#317 sherlock-admin closed 1 year ago
0
simon135 - If the fee collector is PartyA in function `receiveTradingFee` then they will get out trading fees which goes against the supposed spec of the system

#316 sherlock-admin closed 1 year ago
5
ni8mare - Missing modifiers on functions in AccountFacet

#315 sherlock-admin closed 1 year ago
6
simon135 - Threw the design of liquidations in the system, PartyA will be able to get out liquidations in `partyAAvailableBalanceForLiquidation->unpl`

#314 sherlock-admin closed 1 year ago
0
mahyar - AccountFacetImpl -> withdraw function doesn't check for balance

#313 sherlock-admin closed 1 year ago
0
Viktor_Cortess - Unrestricted access to forceCancelQuote(), forceCancelCloseRequest(), and forceClosePosition() Functions can cause system chaos

#312 sherlock-admin closed 1 year ago
11
AkshaySrivastav - `AccountFacet.transferAllocation` is missing `notLiquidatedPartyB` modifier

#311 sherlock-admin closed 1 year ago
0
SanketKogekar - `abi.encodePacked` should stop to be used since there are conversions around to deprecate it in future versions of Solidity

#310 sherlock-admin closed 1 year ago
0
josephdara - function ```withdrawCooldownOf``` returns wrong value.

#309 sherlock-admin closed 1 year ago
5
AkshaySrivastav - `AccountFacet.depositAndAllocateForPartyB` is missing `notLiquidatedPartyB` modifier

#308 sherlock-admin closed 1 year ago
0
simon135 - Both Partys can make `CloseQuote` revert by deallocate their funds and allowing the closing/liquidations to go threw

#307 sherlock-admin closed 1 year ago
6
SanketKogekar - The functions `forceCancelQuote`, `forceCancelCloseRequest`, `forceClosePosition` has the missing modifier `onlyPartyAOfQuote` which makes it callable by anyone.

#306 sherlock-admin closed 1 year ago
0
josephdara - Unsuspecting partyB users can successfully process a quote sent from a suspended address before suspension

#305 sherlock-admin closed 1 year ago
0
AkshaySrivastav - Validation of Muon signatures can be frontrunned by increasing nonces

#304 sherlock-admin closed 1 year ago
0
SanketKogekar - Missing modifier `onlyPartyB` on `AccountFaucer.transferAllocation`

#303 sherlock-admin closed 1 year ago
0