issues
search
sherlock-audit
/
2023-10-notional-judging
5
stars
5
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
lemonmon - Due to multiple issues the reinvestor may be able to steal funds from the vault.
#121
sherlock-admin2
closed
9 months ago
0
shealtielanz - Unlimited slippage during `emergencyExit()`
#120
sherlock-admin
closed
9 months ago
18
Tri-pathi - Invariant should be round down instead of round up
#119
sherlock-admin2
closed
9 months ago
0
0xMaroutis - Absence sequencer status check in `_getOraclePairPrice`
#118
sherlock-admin
closed
9 months ago
0
ge6a - restoreVault() lacks grace period
#117
sherlock-admin2
closed
9 months ago
13
ddimitrov22 - Using `block.timestamp` for swap deadline offers no protection
#116
sherlock-admin
closed
9 months ago
0
Shubham - Hardcoding `block.timestamp` should not be used as deadline
#115
sherlock-admin2
closed
9 months ago
1
jah - wrong logic when swaping a token
#114
sherlock-admin
closed
9 months ago
1
0xMaroutis - Hardcoded chainId Restricts Smart Contract Deployment to Arbitrum Only
#113
sherlock-admin2
closed
9 months ago
0
lemonmon - Spot prices calculated inside `BalancerComposableAuraVault` may not be in line with spot prices from Balancer pools due to rounding differences.
#112
sherlock-admin
closed
9 months ago
0
Tri-pathi - Weighted pool spot price calculation is incorrect
#111
sherlock-admin2
closed
9 months ago
15
shealtielanz - An attacker can brick redemption from notional and settlements in crossCurrency vault
#110
sherlock-admin
closed
9 months ago
1
shealtielanz - If the lend token is eth, redeemfCash will most likely revert
#109
sherlock-admin2
closed
9 months ago
1
Jaraxxus - UUPSUpgradeable is not initialized
#108
sherlock-admin
closed
9 months ago
1
bareli - Lack of Access Control:
#107
sherlock-admin2
closed
9 months ago
0
0xMaroutis - No expiration deadline for trades can lead to loss of funds
#106
sherlock-admin
closed
9 months ago
0
Jaraxxus - oracleSlippagePercentOrLimit for static trades is not checked, can be set to arbitrary value
#105
sherlock-admin2
closed
9 months ago
0
jah - a user can steal another person approved tokens
#104
sherlock-admin
closed
9 months ago
1
bareli - Divide by zero error
#103
sherlock-admin2
closed
9 months ago
0
Jaraxxus - Approve to zero not used for lendunderlyingtokens, will affect tokens like USDT
#102
sherlock-admin
closed
9 months ago
14
lemonmon - `TokenUtils.getDecimals()` is not supporting tokens with more than 18 decimals
#101
sherlock-admin2
closed
9 months ago
12
0xMaroutis - Potential DOS in `reinvestReward` due to price manipulation
#100
sherlock-admin
closed
9 months ago
0
squeaky_cactus - `SingleSidedLPVaultBase.emergencyExit` can be reverted by a front running withdrawal under certain conditions
#99
sherlock-admin2
closed
9 months ago
14
lemonmon - `TradingModule.getOraclePrice()` return values not checked inside `CrossCurrencyVault.convertStrategyToUnderlying()` which may lead to calculation issues or division by 0
#98
sherlock-admin
closed
9 months ago
9
bitsurfer - Lack of Approve To Zero First
#97
sherlock-admin2
closed
9 months ago
0
bitsurfer - Potential Permanent Locking of LP in Vaults Due to lock state Deadlock when `emergencyExit` executed
#96
sherlock-admin
closed
9 months ago
4
shealtielanz - Incorrect check on the invariant
#95
sherlock-admin2
closed
9 months ago
1
shealtielanz - Use of transfer instead of call to send ETH.
#94
sherlock-admin
closed
9 months ago
11
0xmuxyz - The transaction of the AuraStakingMixin#`_initialApproveTokens()` may be reverted due to approving a pair token with only `type(uint256).max`
#93
sherlock-admin2
closed
9 months ago
3
BAICE - Unchanged fixed chainId in the contract
#92
sherlock-admin
closed
9 months ago
0
mstpr-brainbot - Balancer composable stable pools spot price calculation is wrong
#91
sherlock-admin2
closed
9 months ago
0
mstpr-brainbot - Vault can hold more LP than it supposed to which leads to inaccurate spot price
#90
sherlock-admin
closed
9 months ago
2
shealtielanz - the value of `oneLPValueInPrimary` is over inflated
#89
sherlock-admin2
closed
9 months ago
2
xiaoming90 - Leverage Vault on sidechains that support Curve V2 pools is broken
#88
sherlock-admin
opened
9 months ago
1
xiaoming90 - Single-sided instead of proportional exit is performed during emergency exit
#87
sherlock-admin2
opened
9 months ago
4
xiaoming90 - Native ETH not received when removing liquidity from Curve V2 pools
#86
sherlock-admin
opened
9 months ago
4
xiaoming90 - Different spot prices used during the comparison
#85
sherlock-admin2
opened
9 months ago
2
xiaoming90 - Unable to reinvest if the reward token equals one of the pool tokens
#84
sherlock-admin
opened
9 months ago
5
xiaoming90 - Incorrect invariant used for Balancer's composable pools
#83
sherlock-admin2
opened
9 months ago
3
xiaoming90 - Fewer than expected LP tokens if the pool is imbalanced during vault restoration
#82
sherlock-admin
opened
9 months ago
4
xiaoming90 - Incorrect Spot Price
#81
sherlock-admin2
opened
9 months ago
3
xiaoming90 - Re-enter with all tokens causing the vault to be vulnerable to donation attack
#80
sherlock-admin
closed
9 months ago
1
xiaoming90 - Incorrect scaling of the spot price
#79
sherlock-admin2
opened
9 months ago
4
xiaoming90 - Reward tokens are re-entered during vault restoration
#78
sherlock-admin
closed
9 months ago
2
xiaoming90 - Rounding differences when computing the invariant
#77
sherlock-admin2
opened
9 months ago
4
xiaoming90 - BPT LP Token could be sold off during re-investment
#76
sherlock-admin
opened
9 months ago
4
xiaoming90 - Potential rounding errors during deposit and redemption
#75
sherlock-admin2
closed
9 months ago
1
xiaoming90 - ETH can be sold during reinvestment
#74
sherlock-admin
opened
9 months ago
4
xiaoming90 - Hardcode Chain ID
#73
sherlock-admin2
closed
9 months ago
12
xiaoming90 - BPT could be brought during deposit trade
#72
sherlock-admin
closed
9 months ago
1
Next