issues
search
sherlock-audit
/
2023-07-blueberry-judging
2
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
chainNue - All closing positions, except for full exits, need to verify that their position size meets the minimum requirement set by `minPositionSize`
#142
sherlock-admin2
closed
1 year ago
0
HALITUS - WeightedBPTOracle can return an uncertain price due to unchecked values
#141
sherlock-admin2
closed
1 year ago
1
0xMosh - Malicious borrower can self liquidate and eventually steal funds .
#140
sherlock-admin2
closed
1 year ago
1
BugBusters - Risk of Insolvency Due to Blocked `Repayment`
#139
sherlock-admin2
closed
1 year ago
1
kaysoft - `deadline` should not be `block.timestamp`
#138
sherlock-admin2
closed
1 year ago
0
sandy - MAX_TIME_GAP can be set too high for token price feeds whose heartbeat is as low as 1 hour.
#137
sherlock-admin2
closed
1 year ago
1
kaysoft - OwnableUpgradable not initialized in the initialize function of the WAuraPools.sol contract
#136
sherlock-admin2
closed
1 year ago
1
trauki - approve() call with incorrect function signature will make any SoftVault deployed with USDT as the underlying token unusable
#135
sherlock-admin2
opened
1 year ago
13
mert_eren - wAur pools extra reward have a chance to track false
#134
sherlock-admin2
closed
1 year ago
1
nisedo - Hardcoded Decimal Precision in `ChainlinkAdapterOracleL2.getPrice()`
#133
sherlock-admin2
closed
1 year ago
3
Oxhunter526 - Inconsistent Interest Accrual for Debt Tokens in BlueBerryBank Contract
#132
sherlock-admin2
closed
1 year ago
0
BugBusters - Possible precision loss in `getPrice` function of `CurveVolatileOracle.sol`
#131
sherlock-admin2
closed
1 year ago
1
JP_Courses - IchiSpell#_deposit: `ichiVaultShare` local variable isn't actually used anywhere other than being assigned the result of the vault.deposit.
#130
sherlock-admin2
closed
1 year ago
1
Strausses - Only one action can be allowed
#129
sherlock-admin2
closed
1 year ago
1
mert_eren - Lack of accrue underlyingToken in liquidiate
#128
sherlock-admin2
closed
1 year ago
0
bitsurfer - AuraSpell close position open for slippage issue due to `minAmountsOut` is 0, no deadline check and the ClosePosParam's `amountOutMin` value is ignored
#127
sherlock-admin2
closed
1 year ago
0
fides - The success flag of `augustusSwapper.call(data)` isn't checked.
#126
sherlock-admin2
closed
1 year ago
1
bitsurfer - AuraSpell `openPositionFarm` will revert when the tokens contains `lpToken`
#125
sherlock-admin2
opened
1 year ago
0
fides - Zero Address Validation implementation is incorrect.
#124
sherlock-admin2
closed
1 year ago
1
fides - Curve MetaPool Registry is incorrectly added in `addressProvider.get_address()`
#123
sherlock-admin2
closed
1 year ago
0
bitsurfer - Potential for user positions to fall below `minPositionSize` when partially closing or reducing positions
#122
sherlock-admin2
closed
1 year ago
7
feelereth - race condition in the mint() function could allow a malicious user to manipulate the approval.
#121
sherlock-admin2
closed
1 year ago
1
feelereth - _getPendingReward() function is vulnerable to manipulation of the rewardPerToken
#120
sherlock-admin2
closed
1 year ago
1
Kow - WConvexPool.sol will be broken on Arbitrum due to improper integration with Convex Arbitrum contracts
#119
sherlock-admin2
opened
1 year ago
0
fides - The `poolToken0` and `poolToken1` are incorrectly returned.
#118
sherlock-admin2
closed
1 year ago
0
mert_eren - wrong bToken's exchangeRateStored used for calculate ColleteralValue
#117
sherlock-admin2
opened
1 year ago
7
Kow - CurveVolatileOracle.sol reports heavily overvalued price of curve LP tokens for volatile pools
#116
sherlock-admin2
closed
1 year ago
0
Kow - CurveTricryptoOracle.sol reports heavily undervalued price of tricrypto LP token allowing unsafe position sizes
#115
sherlock-admin2
closed
1 year ago
1
sweven - Missing Explicit Reverts for Enhanced User Clarity"
#114
sherlock-admin2
closed
1 year ago
1
Strausses - onlyEOAEx can be bypassed
#113
sherlock-admin2
closed
1 year ago
1
feelereth - pendingRewards() function can return incorrect reward
#112
sherlock-admin2
closed
1 year ago
1
sweven - Missing Explicit Reverts for Enhanced User Clarity"
#111
sherlock-admin2
closed
1 year ago
1
feelereth - rounding errors due to performing divisions on raw token amounts in _getPendingReward().
#110
sherlock-admin2
closed
1 year ago
1
0x52 - CVX/AURA distribution calculation is incorrect and will lead to loss of rewards at the end of each cliff
#109
sherlock-admin2
opened
1 year ago
7
0x52 - WAuraPools doesn't correctly account for AuraStash causing all deposits to be permanently lost
#108
sherlock-admin2
opened
1 year ago
6
0x52 - Issue #145 from Update #1 is still present in IchiSpell
#107
sherlock-admin2
closed
1 year ago
0
0x52 - Issue #47 from Update #1 is still present in ConvexSpell
#106
sherlock-admin2
opened
1 year ago
8
0x52 - ConvexSpell is completely broken for any curve LP that utilizes native ETH
#105
sherlock-admin2
opened
1 year ago
1
0x52 - Adversary can abuse hanging approvals left by PSwapLib.swap to bypass reward fees
#104
sherlock-admin2
opened
1 year ago
10
0x52 - AuraSpell#closePositionFarm will take reward fees on underlying tokens when borrow token is also a reward
#103
sherlock-admin2
opened
1 year ago
0
0x52 - AuraSpell#closePositionFarm exits pool with single token and without any slippage protection
#102
sherlock-admin2
opened
1 year ago
8
0x52 - CurveVolatileOracle#getPrice contains precision errors that heavily over values LP
#101
sherlock-admin2
closed
1 year ago
9
0x52 - CurveTricryptoOracle#getPrice contains math error that causes LP to be priced completely wrong
#100
sherlock-admin2
opened
1 year ago
5
feelereth - usage of type(uint).max to represent an unset reward per share can lead to overflow errors
#99
sherlock-admin2
closed
1 year ago
1
0x52 - CurveTricryptoOracle incorrectly assumes that WETH is always the last token in the pool which leads to bad LP pricing
#98
sherlock-admin2
opened
1 year ago
5
0x52 - Stable BPT valuation is incorrect and can be exploited to cause protocol insolvency
#97
sherlock-admin2
opened
1 year ago
7
0x52 - Mainnet oracles are incompatible with wstETH causing many popular yields strategies to be broken
#96
sherlock-admin2
opened
1 year ago
9
feelereth - Reentrancy vulnerability in the withdraw() function
#95
sherlock-admin2
closed
1 year ago
1
tsueti_ - _safeMint() SHOULD BE USED RATHER THAN _mint() WHEREVER POSSIBLE
#94
sherlock-admin2
closed
1 year ago
1
feelereth - Risk of ETH becoming locked in the contract
#93
sherlock-admin2
closed
1 year ago
1
Next