sherlock-audit 2023-07-perennial-judging issues

sherlock-audit / 2023-07-perennial-judging

2 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

[External Audit] Reentrancy in MultiInvoker due to calls to unauthenticated contracts

#182 arjun-io opened 1 year ago
4
[Perennial Self Report] MultiInvoker doesn't handle collateral magic value

#181 arjun-io opened 1 year ago
3
[Perennial Self Report] Incorrect funding between makers and minors during socialization

#180 arjun-io opened 1 year ago
3
[Perennial Self Report] Invalid parameter limits could lead to core accounting logic bugs

#179 arjun-io opened 1 year ago
3
[Perennial Self Report] Incorrect fee calculation in closed markets

#178 arjun-io opened 1 year ago
3
[Perennial Self Report] Fix non-requested commits after oracle grace period

#177 arjun-io opened 1 year ago
4
[Perennial Self Report] Initial Provider can't sync without any versions

#176 arjun-io opened 1 year ago
3
ak1 - pyth oracle implementation is not considering the outage days,

#175 sherlock-admin2 closed 1 year ago
1
marcoyaax - Possible reentrancy with claimReward() function

#174 sherlock-admin closed 1 year ago
1
0x73696d616f - Stuck fees in `MarketFactory` as there is no function to withdraw them

#173 sherlock-admin2 closed 1 year ago
1
OxZ00mer - Lack of update check for ETH/USD oracle allows the for use of outdated prices

#172 sherlock-admin closed 1 year ago
1
minhtrng - Incorrect price calculation in PythOracle

#171 sherlock-admin2 closed 1 year ago
1
minhtrng - Oracle requests are not limited to granularity

#170 sherlock-admin closed 1 year ago
7
minhtrng - Oracle requests dont check if latest provider is still active

#169 sherlock-admin2 closed 1 year ago
12
kaysoft - All functions calls to MultiInvoker.sol#_latest() will throw errors and revert.

#168 sherlock-admin closed 1 year ago
1
minhtrng - PythOracle pushes wrong timestamp when data is requested

#167 sherlock-admin2 closed 1 year ago
1
minhtrng - Lack of staleness check in Kept

#166 sherlock-admin closed 1 year ago
1
0x73696d616f - Missing refund to the `keeper` in the `PythOracle` if they send extra native when commiting a price

#165 sherlock-admin2 closed 1 year ago
1
minhtrng - Eth oracle feed not updateable in Kept

#164 sherlock-admin closed 1 year ago
1
ak1 - OracleFactory.sol : No way to unregister the factory and remove the authorization of a caller in OracleFactory contract.

#163 sherlock-admin2 closed 1 year ago
13
kaysoft - PythFactory.sol contract has an `authorize` function but no `unauthorize` function.

#162 sherlock-admin closed 1 year ago
1
0x73696d616f - Missing refund to the `keeper` in the

#161 sherlock-admin2 closed 1 year ago
1
0x73696d616f - Missing refund to the `keeper

#160 sherlock-admin closed 1 year ago
1
0x73696d616f - Missing `updatedAt` and recommended timeout checks in `Kept.sol` fetched chainlink prices

#159 sherlock-admin2 closed 1 year ago
2
WATCHPUG - Past rewards should be settled before changing makerRewardRate / longRewardRate / shortRewardRate

#158 sherlock-admin closed 1 year ago
1
WATCHPUG - `PythOracle#commitRequested()` extra ETH should be refunded.

#157 sherlock-admin closed 1 year ago
1
kaysoft - Chainlink Oracle Price freshness not checked.

#156 sherlock-admin closed 1 year ago
1
WATCHPUG - `claimAssets` should not pay for a `settlementFee`

#155 sherlock-admin closed 1 year ago
1
tives - Early Vault depositor can manipulate exchange rates to steal funds from later depositors

#154 sherlock-admin closed 1 year ago
10
0x73696d616f - Drained oracle fees from market by depositing and withdrawing immediately without triggering settlement fees

#153 sherlock-admin opened 1 year ago
11
WATCHPUG - Gas `multiplier` should also apply to the `buffer`

#152 sherlock-admin closed 1 year ago
1
MohammedRizwan - Chainlink oracle will return the wrong price if the aggregator hits minAnswer

#151 sherlock-admin closed 1 year ago
2
ak1 - Global.sol#L47 : `incrementFees` is not deducting the `keeper fee` while calculating the `donation`.

#150 sherlock-admin closed 1 year ago
1
WATCHPUG - `claimAssets` should not increase `Checkpoint.count`

#149 sherlock-admin closed 1 year ago
1
cryptphi - No user supplied input validation in MultiInvoker.invoke() can lead to loss of funds

#148 sherlock-admin closed 1 year ago
1
bin2chen - settle(address(0)) global overwritten by local

#147 sherlock-admin closed 1 year ago
1
OxZ00mer - No L2 sequencer check when getting ETH price for the sake of calculating keeper fees

#146 sherlock-admin closed 1 year ago
2
WATCHPUG - `OracleVersion latestVersion` of `Oracle.status()` may go backwards when updating to a new oracle provider and result in wrong settlement in `_processPositionLocal()`.

#145 sherlock-admin opened 1 year ago
9
WATCHPUG - Suden price change can result in collateral shortfall and bad debt

#144 sherlock-admin closed 1 year ago
1
WATCHPUG - Protocol's fee is claimed by the factory, but there is no way to move tokens out.

#143 sherlock-admin closed 1 year ago
1
WATCHPUG - Attacker can deposit many times to the Vault to earn keeper rewards from the Vault.

#142 sherlock-admin closed 1 year ago
1
WATCHPUG - User may not be able to withdraw funds from the `Vault` (account freeze) due to `minPosition` limit

#141 sherlock-admin closed 1 year ago
1
WATCHPUG - `Liquidation` should not put the market into a worse state (more bad debt).

#140 sherlock-admin closed 1 year ago
1
WATCHPUG - `_accumulateFunding()` maker will get the wrong amount of funding fee.

#139 sherlock-admin opened 1 year ago
4
WATCHPUG - New orders should request for a new oracle version at `currentTimestamp` (the next whole hour) instead of the current time (`block.timestamp`)

#138 sherlock-admin closed 1 year ago
1
WATCHPUG - `settle(address(0))` can result in incorrect `assets` and `shares` due to a miscalculation that mistakenly treats the global account as a local account.

#137 sherlock-admin closed 1 year ago
1
kaysoft - ETH sent to PythOracle.sol#commit function will be lost forever.

#136 sherlock-admin closed 1 year ago
1
ak1 - Market.sol : `claimReward` need to have reentrancy protection, since the state update is done after making the external call.

#135 sherlock-admin closed 1 year ago
19
ak1 - StrategyLib.sol#L112 : `_loadContext` is not accumulating the market's `maintenance`

#134 sherlock-admin closed 1 year ago
8
cryptphi - Vault.update() does not save updated context

#133 sherlock-admin closed 1 year ago
1