sherlock-audit 2023-10-notional-judging issues

sherlock-audit / 2023-10-notional-judging

5 stars 5 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

lemonmon - Due to multiple issues the reinvestor may be able to steal funds from the vault.

#121 sherlock-admin2 closed 9 months ago
0
shealtielanz - Unlimited slippage during `emergencyExit()`

#120 sherlock-admin closed 9 months ago
18
Tri-pathi - Invariant should be round down instead of round up

#119 sherlock-admin2 closed 9 months ago
0
0xMaroutis - Absence sequencer status check in `_getOraclePairPrice`

#118 sherlock-admin closed 9 months ago
0
ge6a - restoreVault() lacks grace period

#117 sherlock-admin2 closed 9 months ago
13
ddimitrov22 - Using `block.timestamp` for swap deadline offers no protection

#116 sherlock-admin closed 9 months ago
0
Shubham - Hardcoding `block.timestamp` should not be used as deadline

#115 sherlock-admin2 closed 9 months ago
1
jah - wrong logic when swaping a token

#114 sherlock-admin closed 9 months ago
1
0xMaroutis - Hardcoded chainId Restricts Smart Contract Deployment to Arbitrum Only

#113 sherlock-admin2 closed 9 months ago
0
lemonmon - Spot prices calculated inside `BalancerComposableAuraVault` may not be in line with spot prices from Balancer pools due to rounding differences.

#112 sherlock-admin closed 9 months ago
0
Tri-pathi - Weighted pool spot price calculation is incorrect

#111 sherlock-admin2 closed 9 months ago
15
shealtielanz - An attacker can brick redemption from notional and settlements in crossCurrency vault

#110 sherlock-admin closed 9 months ago
1
shealtielanz - If the lend token is eth, redeemfCash will most likely revert

#109 sherlock-admin2 closed 9 months ago
1
Jaraxxus - UUPSUpgradeable is not initialized

#108 sherlock-admin closed 9 months ago
1
bareli - Lack of Access Control:

#107 sherlock-admin2 closed 9 months ago
0
0xMaroutis - No expiration deadline for trades can lead to loss of funds

#106 sherlock-admin closed 9 months ago
0
Jaraxxus - oracleSlippagePercentOrLimit for static trades is not checked, can be set to arbitrary value

#105 sherlock-admin2 closed 9 months ago
0
jah - a user can steal another person approved tokens

#104 sherlock-admin closed 9 months ago
1
bareli - Divide by zero error

#103 sherlock-admin2 closed 9 months ago
0
Jaraxxus - Approve to zero not used for lendunderlyingtokens, will affect tokens like USDT

#102 sherlock-admin closed 9 months ago
14
lemonmon - `TokenUtils.getDecimals()` is not supporting tokens with more than 18 decimals

#101 sherlock-admin2 closed 9 months ago
12
0xMaroutis - Potential DOS in `reinvestReward` due to price manipulation

#100 sherlock-admin closed 9 months ago
0
squeaky_cactus - `SingleSidedLPVaultBase.emergencyExit` can be reverted by a front running withdrawal under certain conditions

#99 sherlock-admin2 closed 9 months ago
14
lemonmon - `TradingModule.getOraclePrice()` return values not checked inside `CrossCurrencyVault.convertStrategyToUnderlying()` which may lead to calculation issues or division by 0

#98 sherlock-admin closed 9 months ago
9
bitsurfer - Lack of Approve To Zero First

#97 sherlock-admin2 closed 9 months ago
0
bitsurfer - Potential Permanent Locking of LP in Vaults Due to lock state Deadlock when `emergencyExit` executed

#96 sherlock-admin closed 9 months ago
4
shealtielanz - Incorrect check on the invariant

#95 sherlock-admin2 closed 9 months ago
1
shealtielanz - Use of transfer instead of call to send ETH.

#94 sherlock-admin closed 9 months ago
11
0xmuxyz - The transaction of the AuraStakingMixin#`_initialApproveTokens()` may be reverted due to approving a pair token with only `type(uint256).max`

#93 sherlock-admin2 closed 9 months ago
3
BAICE - Unchanged fixed chainId in the contract

#92 sherlock-admin closed 9 months ago
0
mstpr-brainbot - Balancer composable stable pools spot price calculation is wrong

#91 sherlock-admin2 closed 9 months ago
0
mstpr-brainbot - Vault can hold more LP than it supposed to which leads to inaccurate spot price

#90 sherlock-admin closed 9 months ago
2
shealtielanz - the value of `oneLPValueInPrimary` is over inflated

#89 sherlock-admin2 closed 9 months ago
2
xiaoming90 - Leverage Vault on sidechains that support Curve V2 pools is broken

#88 sherlock-admin opened 9 months ago
1
xiaoming90 - Single-sided instead of proportional exit is performed during emergency exit

#87 sherlock-admin2 opened 9 months ago
4
xiaoming90 - Native ETH not received when removing liquidity from Curve V2 pools

#86 sherlock-admin opened 9 months ago
4
xiaoming90 - Different spot prices used during the comparison

#85 sherlock-admin2 opened 9 months ago
2
xiaoming90 - Unable to reinvest if the reward token equals one of the pool tokens

#84 sherlock-admin opened 9 months ago
5
xiaoming90 - Incorrect invariant used for Balancer's composable pools

#83 sherlock-admin2 opened 9 months ago
3
xiaoming90 - Fewer than expected LP tokens if the pool is imbalanced during vault restoration

#82 sherlock-admin opened 9 months ago
4
xiaoming90 - Incorrect Spot Price

#81 sherlock-admin2 opened 9 months ago
3
xiaoming90 - Re-enter with all tokens causing the vault to be vulnerable to donation attack

#80 sherlock-admin closed 9 months ago
1
xiaoming90 - Incorrect scaling of the spot price

#79 sherlock-admin2 opened 9 months ago
4
xiaoming90 - Reward tokens are re-entered during vault restoration

#78 sherlock-admin closed 9 months ago
2
xiaoming90 - Rounding differences when computing the invariant

#77 sherlock-admin2 opened 9 months ago
4
xiaoming90 - BPT LP Token could be sold off during re-investment

#76 sherlock-admin opened 9 months ago
4
xiaoming90 - Potential rounding errors during deposit and redemption

#75 sherlock-admin2 closed 9 months ago
1
xiaoming90 - ETH can be sold during reinvestment

#74 sherlock-admin opened 9 months ago
4
xiaoming90 - Hardcode Chain ID

#73 sherlock-admin2 closed 9 months ago
12
xiaoming90 - BPT could be brought during deposit trade

#72 sherlock-admin closed 9 months ago
1