sherlock-audit 2023-07-kyber-swap-judging issues

sherlock-audit / 2023-07-kyber-swap-judging

12 stars 8 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

okolicodes - Cross chain replay attack

#116 sherlock-admin2 closed 1 year ago
1
nican0r - secondsPerLiquidityGlobal will eventually overflow leading to incorrect calculations

#115 sherlock-admin closed 1 year ago
1
John_Femi - Add check for unlocked check unlockPool

#114 sherlock-admin2 closed 1 year ago
1
John_Femi - Token 1 and swapFeeUnits is not checked for non-zero value

#113 sherlock-admin closed 1 year ago
1
okolicodes - `abi.encodePacked` Allows Hash collision

#112 sherlock-admin2 closed 1 year ago
1
JP_Courses - Some minor issues & recommendations

#111 sherlock-admin closed 1 year ago
1
JP_Courses - Factory::enableSwapFee() - L152: no zero amount check for `swapFeeUnits`.

#110 sherlock-admin2 closed 1 year ago
1
GimelSec - `ReinvestmentMath.calcrMintQty` could go wrong

#109 sherlock-admin closed 1 year ago
1
Tri-pathi - Unbound loop enables denial ofservice

#108 sherlock-admin2 closed 1 year ago
1
jovi - Misleading Token Transfer Mechanism in _transferTokens Method

#107 sherlock-admin closed 1 year ago
1
jovi - Vulnerability in refundEth and unwrapWeth Functions

#106 sherlock-admin2 closed 1 year ago
1
Bauer - Steal fees from protocol

#105 sherlock-admin closed 1 year ago
1
jovi - Inheritance Misuse Leading to Unauthorized Token Withdrawals

#104 sherlock-admin2 closed 1 year ago
1
shirochan - Eth can be stolen in position manager and Swap Router contracts

#103 sherlock-admin closed 1 year ago
1
jovi - Exploitable Allowance Front-running in mint Function Due to Absence of Whitelist Checks

#102 sherlock-admin2 closed 1 year ago
1
Tri-pathi - `LinkedList.insert` can damage the whole tick state

#101 sherlock-admin closed 1 year ago
1
kaysoft - Signature malleability of EVM's ecrecover in the permit function of ERC721Permit.sol

#100 sherlock-admin2 closed 1 year ago
1
shirochan - Anyone can call `RouterTokenHelper.transferAllTokens` to steal protocol fees stored in manager and swap router contracts

#99 sherlock-admin closed 1 year ago
1
Bauer - Signature Malleability

#98 sherlock-admin2 closed 1 year ago
1
XDZIBEC - Order of Operations in calculation lead to Underflow and unexpected and incorrect value

#97 sherlock-admin closed 1 year ago
1
jovi - Liquidity Locking Vulnerability Due to Hardcoded MIN_LIQUIDITY Value in unlockPool Function

#96 sherlock-admin2 closed 1 year ago
1
Bauer - Use native account abstraction over ecrecover for validation on the zkSync

#95 sherlock-admin closed 1 year ago
1
Phantasmagoria - Risk of reuse of signatures across forks due to lack of chainID validation

#94 sherlock-admin2 closed 1 year ago
1
Tri-pathi - ` SwapMath.computeSwapStep ` set `nextSqrtP` incorrectly

#93 sherlock-admin closed 1 year ago
1
0x52 - Governance/fee recipient has no slippage protection when burning rTokens

#92 sherlock-admin2 closed 1 year ago
1
0x52 - Repeatedly adding dust liquidity to a position can be used to DOS it

#91 sherlock-admin closed 1 year ago
1
0x52 - Router.sol is vulnerable to address collission

#90 sherlock-admin2 opened 1 year ago
22
0x52 - Governance profits unfairly if there is a fee and pool is snip attacked

#89 sherlock-admin closed 1 year ago
11
0x52 - SnipAttack safeguards distribute snipped fees in a way that can still be abused

#88 sherlock-admin2 closed 1 year ago
14
0x52 - PoolOracle utilizes vulnerable OZ 4.3.1 UUPS implementation

#87 sherlock-admin closed 1 year ago
0
Qeew - Inappropriate Check Can Lead to Premature Adjustments In Liquidity

#86 sherlock-admin2 closed 1 year ago
1
Phantasmagoria - Pool can become inaccessible rendering users unable to access and retrieve their funds

#85 sherlock-admin closed 1 year ago
0
Qeew - Exposure to Frontrunning of Pool creation

#84 sherlock-admin2 closed 1 year ago
1
Phantasmagoria - Users can receive fewer RTokens than intended due to an incorrect formula

#83 sherlock-admin closed 1 year ago
1
Phantasmagoria - Users funds can be stolen via a malicious pool contract

#82 sherlock-admin2 closed 1 year ago
1
Oxhunter526 - Inaccurate Observations Due to Incorrect `time` and `tick` Parameters in Oracle Library

#81 sherlock-admin closed 1 year ago
1
MatricksDeCoder - initializers can be front run

#80 sherlock-admin2 closed 1 year ago
0
MatricksDeCoder - Lack of two step process change of critical address roles especially where lacking address(0) checks

#79 sherlock-admin closed 1 year ago
1
MatricksDeCoder - feeAmountTickDistances hardcoded makes protocol brittle

#78 sherlock-admin2 closed 1 year ago
1
radevauditor - The first user will not receive any minted reinvestment tokens.

#77 sherlock-admin closed 1 year ago
1
radevauditor - An attacker can easily compromise the entire `burnRTokens()` function.

#76 sherlock-admin2 closed 1 year ago
5
radevauditor - Lack of slippage protection in `burnRTokens`

#75 sherlock-admin closed 1 year ago
11
radevauditor - `Pool` contract applies slippage to sqrtPrice which is wrong and leads to unpredictable slippage

#74 sherlock-admin2 closed 1 year ago
10
radevauditor - Swapping can be sandwiched

#73 sherlock-admin closed 1 year ago
19
radevauditor - Reinvestment can be sabotaged by large deposit and withdraw

#72 sherlock-admin2 closed 1 year ago
1
radevauditor - User can drain the whole pool

#71 sherlock-admin closed 1 year ago
1
nican0r - Loss of rTokens owed if a user is owed more rTokens than the Position Manager's balance

#70 sherlock-admin2 closed 1 year ago
6
n33k - Pool: The first liquidity provider can manipulate `calcrMintQty` to steal swap fees

#69 sherlock-admin closed 1 year ago
1
cducrest-brainbot - estimateIncrementalLiquidity may give incoherent result

#68 sherlock-admin2 closed 1 year ago
1
Mahi_Vasisth - Use _safetransfer() instead of _transfer()

#67 sherlock-admin closed 1 year ago
1