sherlock-audit 2023-10-aloe-judging issues

sherlock-audit / 2023-10-aloe-judging

9 stars 6 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Chinmay - Wrong method of calculating price of token1 in terms of token0 from the token0/token1 price

#102 sherlock-admin closed 1 year ago
1
0xmuxyz - No slippage protection parameters when withdrawing liquidity from a UniswapV3Pool via the Borrower#`_uniswapWithdraw()`, which lead to a sandwich attack and could result in a huge slippage loss

#101 sherlock-admin2 closed 1 year ago
1
feelereth - The reserveFactor is loaded from storage in the same slot as rateModel. A malicious contract could exploit this to manipulate values.

#100 sherlock-admin closed 1 year ago
1
kaysoft - Using block.timestamp as deadline on increase liquidity transaction can allow the transaction to be mined a later time.

#99 sherlock-admin2 closed 1 year ago
1
drextron - Bit-bleeding in slot-stuffed variables can result in messed up variable values that can result in unintended consequences for the protocol

#98 sherlock-admin closed 1 year ago
1
drextron - Core functions of Lending logic are susceptible to reentrancy attacks that could severely compromise system account balances and other important accounting data in potentially calamitous ways

#97 sherlock-admin2 closed 1 year ago
1
handsomegiraffe - Couriers may transfer lender tokens to another address and earn rewards

#96 sherlock-admin closed 1 year ago
2
feelereth - Potential reentrancy vulnerability related to the lastAccrualTime variable.

#95 sherlock-admin2 closed 1 year ago
1
kaysoft - Loss of funds due to lack of slippage protection on increaseLiquidity and decreaseLiquidity.

#94 sherlock-admin closed 1 year ago
1
0xmuxyz - Lack of the slippage protection parameters when the UniswapV3Pool#`mint()` would be called in the Borrower#`uniswapDeposit()`, which lead to a huge slippage loss

#93 sherlock-admin2 closed 1 year ago
2
0xmuxyz - Due to a gas limit (2300 gas) of the `transfer()` function of Native ETH, the transaction of the `payable(callee).transfer(address(this).balance / strain)` in the Borrower#`liquidate()` may be reverted

#92 sherlock-admin closed 1 year ago
1
roguereddwarf - VolatilityOracle skips implied volatility updates due to time constraints

#91 sherlock-admin2 closed 1 year ago
1
Nyx - Liquidations can be DOSed

#90 sherlock-admin closed 1 year ago
1
kaysoft - safeApprove(...) function can revert

#89 sherlock-admin2 closed 1 year ago
1
kaysoft - use _safeMint(...) instead of _mint(...)

#88 sherlock-admin closed 1 year ago
1
kaysoft - Use of address.transfer(...) native function can revert.

#87 sherlock-admin2 closed 1 year ago
1
IceBear - Lender.sol flash() is a vulnerable function, can drain the asset

#86 sherlock-admin closed 1 year ago
1
roguereddwarf - Oracle.sol: observe function has overflow risk and should cast to uint256 like Uniswap V3 does

#85 sherlock-admin2 opened 1 year ago
10
IceBear - Lender.sol Failure to comply with the EIP-2612

#84 sherlock-admin closed 1 year ago
1
roguereddwarf - Governance should always be able to make liquidations profitable

#83 sherlock-admin2 closed 1 year ago
19
t.aksoy - Users can lose rewards if they call claimRewards() before rewardsToken assigned

#82 sherlock-admin closed 1 year ago
5
AuditorPraise - Missing deadline and deadline checker on Liquidation function might cause certain inefficiencies on Ethereum Mainnet

#81 sherlock-admin2 closed 1 year ago
1
rvierdiiev - Courier allowance is dangerous

#80 sherlock-admin closed 1 year ago
1
BugHunter101 - `Lende.redeem()` has slippage attack problem

#79 sherlock-admin2 closed 1 year ago
1
BugHunter101 - `approve()` function has in-front problem

#78 sherlock-admin closed 1 year ago
1
Nyx - Wrong repay amount inside the liquidate function

#77 sherlock-admin2 closed 1 year ago
1
rvierdiiev - In case if pool is paused, then borrower can't avoid liquidation

#76 sherlock-admin closed 1 year ago
2
Stoicov - Solmate's safeTransferLib does not check if a token address has associated code with it, which may cause loss of funds.

#75 sherlock-admin2 closed 1 year ago
1
capu - Transferring an insufficient amount on `Lender.deposit` causes a `.transferFrom` of the full amount, without minting extra shares

#74 sherlock-admin closed 1 year ago
2
roguereddwarf - Borrower.sol: Two minutes grace period is too short and can lead to unintended liquidations

#73 sherlock-admin2 closed 1 year ago
17
Bandit - Liquidations Allowed When Paused

#72 sherlock-admin closed 1 year ago
2
rvierdiiev - Liquidation doesn't consider uniswap fees, so wrong incentive can be calculated

#71 sherlock-admin2 closed 1 year ago
2
rvierdiiev - Borrower can dos liquidations

#70 sherlock-admin closed 1 year ago
1
pks_ - `Borrower#modify()` function may Dos in some cases

#69 sherlock-admin2 closed 1 year ago
10
rvierdiiev - bad debt is not socialized

#68 sherlock-admin closed 1 year ago
3
rvierdiiev - Liquidator receives all eth balance of borrower instead of ante

#67 sherlock-admin2 closed 1 year ago
1
rvierdiiev - liquidation can be called even without warn

#66 sherlock-admin closed 1 year ago
2
Bandit - Position Can be Opened Which Are Immediately Liquidatable

#65 sherlock-admin2 closed 1 year ago
2
Bandit - No Slippage Protection When Adding and Removing Liquidity and Liquidations

#64 sherlock-admin closed 1 year ago
2
Bandit - IV Can be Decreased for Free

#63 sherlock-admin2 opened 1 year ago
11
rvierdiiev - Borrower.liquidate can revert if liqudators need more than 2300 gas to hadle payment

#62 sherlock-admin closed 1 year ago
1
rvierdiiev - Courier can be cheated to avoid fees

#61 sherlock-admin2 opened 1 year ago
11
rvierdiiev - Courier is not reset if owner burnt all shares

#60 sherlock-admin closed 1 year ago
1
roguereddwarf - Borrowers cannot earn Uniswap V3 liquidity incentives on their positions

#59 sherlock-admin2 closed 1 year ago
1
alymurtazamemon - Did not Approve to Zero First

#58 sherlock-admin closed 1 year ago
1
alymurtazamemon - Race condition in the ERC20 `approve` function may lead to token theft

#57 sherlock-admin2 closed 1 year ago
1
funkornaut - One Wallet Can Control All Courier Ids

#56 sherlock-admin closed 1 year ago
1
panprog - No handling of L2 sequencer down situation, which can lead to intentional bad debt creation and other malicious actions while sequencer is down or just after it becomes active again

#55 sherlock-admin2 closed 1 year ago
25
Oxhunter526 - Zero transaction Status Verification After Fund Transfer

#54 sherlock-admin closed 1 year ago
1
0xfave - Borrower.sol#withdrawAnte - transfer()` depends on gas constants

#53 sherlock-admin2 closed 1 year ago
1

Previous Next