sherlock-audit 2023-10-notional-judging issues

sherlock-audit / 2023-10-notional-judging

5 stars 5 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

xiaoming90 - Leverage vault will break in Optimism sidechain

#71 sherlock-admin2 closed 11 months ago
3
xiaoming90 - Maximum number of tokens supported is incorrect

#70 sherlock-admin closed 10 months ago
16
ZanyBonzy - Hardcoding chainID might force redeployment in case of hardfork

#69 sherlock-admin2 closed 11 months ago
0
ZanyBonzy - Logic for revert on max approval tokens

#68 sherlock-admin closed 11 months ago
1
ZanyBonzy - Did not approve first to 0

#67 sherlock-admin2 closed 11 months ago
0
Bauer - The protocol doesn't correctly account for AuraStash causing reward to be lost

#66 sherlock-admin closed 11 months ago
5
mstpr-brainbot - Malicious reward investor role holder can manipulate price of vault shares

#65 sherlock-admin2 closed 11 months ago
1
mstpr-brainbot - Emergency action is insufficient in some cases

#64 sherlock-admin closed 11 months ago
1
mstpr-brainbot - Vault will misprice the lp tokens when the underlying curve/balancer pool is imbalanced

#63 sherlock-admin2 closed 11 months ago
5
Im_th3AK - Missing event emission in setter function that updates the state of the vault.

#62 sherlock-admin closed 11 months ago
1
Im_th3AK - Dubious typecast from int256 to uint256 that can cause overflow or underflow.

#61 sherlock-admin2 closed 11 months ago
1
Im_th3AK - Multiplication on the result of a division that can cause precision loss

#60 sherlock-admin closed 11 months ago
1
Im_th3AK - Missing zero address validation for Ether or token transfers.

#59 sherlock-admin2 closed 11 months ago
1
Im_th3AK - Ignored return value of an external function call

#58 sherlock-admin closed 11 months ago
1
Im_th3AK - Uninitialized local variable in constructor.

#57 sherlock-admin2 closed 11 months ago
1
Im_th3AK - Unprotected initializer function that approves unlimited allowance

#56 sherlock-admin closed 11 months ago
1
Im_th3AK - Unprotected call to a function sending Ether to an arbitrary address.

#55 sherlock-admin2 closed 11 months ago
1
Im_th3AK - Setter function does not use function parameters and hardcodes the storage slot

#54 sherlock-admin closed 11 months ago
1
tvdung94 - SingleSidedLPVault 's minting shares mechanism might make vaults broken

#53 sherlock-admin2 closed 11 months ago
1
mstpr-brainbot - Emergency withdraw might not be enough if the underlying pool is a nested pool

#52 sherlock-admin opened 11 months ago
4
Vagner - `depositFromNotional` function is payable, which means that it should accept Ether, but in reality will revert 100% when msg.value > 0

#51 sherlock-admin2 opened 11 months ago
26
Bauer - Potential Stranded Rewards in Aura Pool for Newly Added Tokens

#50 sherlock-admin closed 11 months ago
4
Bauer - `reinvestReward()` will not function as intended

#49 sherlock-admin2 closed 11 months ago
2
mstpr-brainbot - Yield can be sandwiched

#48 sherlock-admin closed 11 months ago
1
mstpr-brainbot - Restoring the vault can result in big losses if balances are changed

#47 sherlock-admin2 closed 11 months ago
0
Vagner - If the pool used in `Curve2TokenConvexVault.sol` is killed `emergencyExit` would revert 100% of times, blocking this important functionality

#46 sherlock-admin closed 11 months ago
0
dany.armstrong90 - CrossCurrencyVault.sol#_redeemfCash: IWrappedfCash#redeem function call will revert.

#45 sherlock-admin2 closed 11 months ago
1
Vagner - `getOraclePrice` in `SingleSidedLPVaultBase.sol` does not check if the sequencer is down for Arbitrum/Optimism

#44 sherlock-admin closed 11 months ago
0
mstpr-brainbot - Reward token can be an underlying token and it would not be possible to reinvest rewards

#43 sherlock-admin2 closed 11 months ago
0
Vagner - Most of the composable stable pools uses wstETH on the mainnet, which is would not work with the current codebase because of `_getOraclePairPrice`

#42 sherlock-admin closed 11 months ago
1
mstpr-brainbot - Some curve pools will not be able to remove liquidity single sided

#41 sherlock-admin2 closed 11 months ago
5
mstpr-brainbot - Some curve pools can not be used as a single sided strategy

#40 sherlock-admin opened 11 months ago
4
Vagner - `_checkReentrancyContext` should be called in more instances than already is, to protect against read-only reentrancy

#39 sherlock-admin2 closed 11 months ago
13
shealtielanz - TradingUtils._executeTrade() will leak ETH to WETH

#38 sherlock-admin closed 11 months ago
10
shealtielanz - Unexpected behavior for UniV3Adapter, and ZeroExAdapter when msgValue is not zero

#37 sherlock-admin2 closed 11 months ago
1
Vagner - `BalancerWeightedAuraVault.sol` wrongly assumes that all of the weighted pools uses `totalSupply`

#36 sherlock-admin opened 11 months ago
7
wangxx2026 - Historical pooltoken will still decrease the allowance of (owner, spender) even when the allowance is set to type (uint256).max

#35 sherlock-admin2 closed 11 months ago
9
wangxx2026 - Loss of judgment on withdrawal asset length and slippage length leads to redemption failure

#34 sherlock-admin closed 11 months ago
1
djanerch - Gas limit DoS via unbounded operations

#33 sherlock-admin2 closed 11 months ago
0
djanerch - Functions can reach block gas-limit via unbounded operations

#32 sherlock-admin closed 11 months ago
1
shealtielanz - ` params.oracleSlippagePercentOrLimit` for static trades is not checked.

#31 sherlock-admin2 closed 11 months ago
1
shealtielanz - EXACT_IN trades will be prone to extremely high slippage.

#30 sherlock-admin closed 11 months ago
19
shealtielanz - setting deadline to block.timestamp can be very problematic when trades are in the mempool.

#29 sherlock-admin2 closed 11 months ago
0
shealtielanz - `_mintVaultShares()` in `SingleSidedLPVaultBase.sol` can revert unexpectedly, causing DOS to deposits from notional.

#28 sherlock-admin closed 11 months ago
1
shealtielanz - Incorrect computing of the Invariant due to rounding differences

#27 sherlock-admin2 closed 11 months ago
0
shealtielanz - `_deleverageVaultAccount()` in `FlashLiquidatorBase.sol` is prone to read-only reentrancy whenever `actionParams.useVaultDeleverage` is false allowing for reentrancy

#26 sherlock-admin closed 11 months ago
1
Bauer - Funds Loss Risk in Exchange Rate Calculation

#25 sherlock-admin2 closed 11 months ago
3
dany.armstrong90 - CrossCurrencyVault.convertStrategyToUnderlying: The return value is miscalculated.

#24 sherlock-admin closed 11 months ago
1
0xpep7 - Potential reversion in the Curve2TokenConvexVault.emergencyExit function when the Curve pool is killed, leading to vault locking failure

#23 sherlock-admin2 closed 11 months ago
0
Bauer - Bypassing access controls for `REWARD_REINVESTMENT_ROLE` in `claimRewardTokens()`

#22 sherlock-admin closed 11 months ago
2

Previous Next