issues
search
sherlock-audit
/
2023-07-blueberry-judging
2
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
feelereth - rounding errors in the deposit and withdraw logic
#92
sherlock-admin2
closed
1 year ago
1
feelereth - multiple token addresses could map to the same uint160 value, leading to collisions in the tokenIds
#91
sherlock-admin2
closed
1 year ago
1
Oxhunter526 - `ChainlinkAdapterOracleL2` Susceptible to DoS Due to Lack of Error Handling
#90
sherlock-admin2
closed
1 year ago
1
feelereth - fee calculation during withdraw can be manipulated by the user
#89
sherlock-admin2
closed
1 year ago
1
Oxhunter526 - Lack of Functionality to Pause Position Reduction in Protocol
#88
sherlock-admin2
closed
1 year ago
1
feelereth - total supply per tokenId is not tracked
#87
sherlock-admin2
closed
1 year ago
1
Oxhunter526 - Front-Running Risk in Liquidation after Repay Enablement
#86
sherlock-admin2
closed
1 year ago
1
feelereth - malicious actors can drain collateral and break the position's health putting other users' funds at risk
#85
sherlock-admin2
closed
1 year ago
1
feelereth - rounding error in the _repay() function that could lead to loss of shares over time
#84
sherlock-admin2
closed
1 year ago
1
feelereth - overflow in the _repay() function
#83
sherlock-admin2
closed
1 year ago
1
feelereth - Owner can pause repayments or borrowing by updating the bankStatus bit flags, which could lock user funds
#82
sherlock-admin2
closed
1 year ago
1
feelereth - Front-running vulnerability in the liquidate function
#81
sherlock-admin2
closed
1 year ago
1
twcctop - Possible Dos when Balancer pool token balance exist zero data
#80
sherlock-admin2
closed
1 year ago
1
feelereth - manipulation of debt shares in _repay.
#79
sherlock-admin2
closed
1 year ago
1
RadCet - Miscalculate liquidation by using `getIsolatedCollateralValue` without call `accrue` beforehand
#78
sherlock-admin2
closed
1 year ago
1
twcctop - AuraSpell#_getJoinPoolParamsAndApprove Leads to maxAmountsIn[i] Mismatch with Existing LP Tokens
#77
sherlock-admin2
closed
1 year ago
1
feelereth - reentrancy vulnerability in the _doERC20TransferIn and _doERC1155TransferIn functions
#76
sherlock-admin2
closed
1 year ago
1
ubermensch - Incorrect Assumption of Return Data in swap Function Leads to Denial of Service on Arbitrum
#75
sherlock-admin2
closed
1 year ago
2
ubermensch - Unhandled Fee-on-Transfer Case in the Lend Method
#74
sherlock-admin2
closed
1 year ago
1
ubermensch - Withdraw Fees Are Taken Twice When Withdrawing Lend
#73
sherlock-admin2
closed
1 year ago
1
Avci - WeightedBPTOracle does not support tokens whose decimal is greater than 18
#72
sherlock-admin2
closed
1 year ago
3
Hama - Flash Loan Attack Vulnerability in Deposit and Withdrawal Mechanisms
#71
sherlock-admin2
closed
1 year ago
1
Oxhunter526 - Inadequate Verification of Collateral Token and ID
#70
sherlock-admin2
closed
1 year ago
1
Avci - Not checking answer min/max price would return the wrong price
#69
sherlock-admin2
closed
1 year ago
0
nobody2018 - The WAuraPools/WConvexPools.extraRewards array does not delete items, which may cause OOG in the long run
#68
sherlock-admin2
closed
1 year ago
12
Hama - Precision Loss in Calculation of lessShare Variable
#67
sherlock-admin2
closed
1 year ago
1
nobody2018 - WAuraPools/WConvexPools.burn may revert if one of extraRewardsTokens does not support 0 value transfer
#66
sherlock-admin2
closed
1 year ago
14
nobody2018 - ShortLongSpell.openPosition cannot increase position on the existing position
#65
sherlock-admin2
closed
1 year ago
1
nobody2018 - In IchiSpell._withdraw, it is invalid to use block.timestamp as deadline
#64
sherlock-admin2
closed
1 year ago
0
nobody2018 - AuraSpell.openPositionFarm will revert in some cases
#63
sherlock-admin2
closed
1 year ago
0
nobody2018 - IBalancerVault.exitPool lacks slippage protection in AuraSpell.closePositionFarm
#62
sherlock-admin2
closed
1 year ago
1
nobody2018 - In CurveSpell.closePositionFarm, _removeLiquidity lacks slippage protection if isKilled is True
#61
sherlock-admin2
closed
1 year ago
1
nobody2018 - ConvexSpell/CurveSpell.openPositionFarm will revert in some cases
#60
sherlock-admin2
opened
1 year ago
1
Avci - Block access to price feeds not handled in the getPrice() function
#59
sherlock-admin2
closed
1 year ago
1
Hama - Underflow Bug in takeCollateral Function
#58
sherlock-admin2
closed
1 year ago
1
Hama - Flash Loan Attack Risk in getPrice Function leads to financial losses
#57
sherlock-admin2
closed
1 year ago
1
Hama - Underflow problems occurring when a token has >18 decimals
#56
sherlock-admin2
closed
1 year ago
1
cryptoThemeX - Wrong precision in ChainlinkAdapterOracleL2.getPrice function
#55
sherlock-admin2
closed
1 year ago
2
Hama - Chainlink Oracle will return the wrong price for asset if underlying aggregator hits minAnswer
#54
sherlock-admin2
closed
1 year ago
0
Topmark - Contract Might Fail to Approve withdrawal from HardVault for Lender
#53
sherlock-admin2
closed
1 year ago
1
Oxhunter526 - Lack of Withdrawal Mechanism for Earned Interest and Rewards
#52
sherlock-admin2
closed
1 year ago
1
Oxhunter526 - Precision Mismatch in Exchange Rate Calculation
#51
sherlock-admin2
closed
1 year ago
1
Oxhunter526 - Users will not receive their accrued rewards when they choose to close their positions from the `AuraSpell` contract
#50
sherlock-admin2
closed
1 year ago
1
pks_ - Malicious token creator can change token decimals to make token price abnormally and cause contract asset stolen
#49
sherlock-admin2
closed
1 year ago
1
pks_ - Uncorrect price calculation when l2 sequencer goes down
#48
sherlock-admin2
closed
1 year ago
1
pks_ - Potential dos when call getPositionRisk function in some cases
#47
sherlock-admin2
closed
1 year ago
1
Oxhunter526 - Failed transaction when trying to distribute rewards in the `AuraSpell.sol` contract
#46
sherlock-admin2
closed
1 year ago
1
wangxx2026 - Hackers can obtain users' lend and collateral assets by helping users liquidate
#45
sherlock-admin2
closed
1 year ago
1
shtesesamoubiq - You must check if the price is greater than minPrice in when using latestRoundData()
#44
sherlock-admin2
closed
1 year ago
0
0xjoseph - PSwap Library Swap could revert incorrectly.
#43
sherlock-admin2
closed
1 year ago
1
Previous
Next