sherlock-audit 2023-10-perennial-judging issues

sherlock-audit / 2023-10-perennial-judging

11 stars 7 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Self-Report - Liquidation fee can be retried during periods of downtime

#59 kbrizzle opened 10 months ago
1
Self-Report - Taker fees are only "adiabatic" to a singular counterparty

#58 kbrizzle opened 10 months ago
1
Self-Report - Overflow in Global.pAccumulator.skew

#57 kbrizzle opened 10 months ago
1
kaysoft - Transaction to MultiInvoker.invoke(...) function can revert due to address.transfer() function

#56 sherlock-admin closed 10 months ago
1
Emmanuel - Current `KeeperFactory#settle` logic is not entirely correct: Keepers that input lower maxCounts earn more keeper fees than those that input larger maxCounts

#55 sherlock-admin2 closed 10 months ago
2
kaysoft - Use the ERC20Upgradable instead of ERC20 contract for upgradable Reward.sol

#54 sherlock-admin closed 10 months ago
1
kaysoft - No Validation for round completeness, staleness and negative value from Chainlink pricefeed latestRoundData

#53 sherlock-admin2 closed 10 months ago
1
kaysoft - There is no check on whether seqencers are down for Chainlink L2 Arbitrum, Optimism and Base

#52 sherlock-admin closed 10 months ago
1
bin2chen - TriggerOrder when delta.isZero should set position to MAGIC_VALUE_FULLY_CLOSED_POSITION

#51 sherlock-admin2 closed 10 months ago
2
Emmanuel - Attacker can call `KeeperFactory#settle` with empty arrays as input parameters to steal all keeper fees

#50 sherlock-admin opened 10 months ago
4
tvdung94 - Latest version price might be updated incorrectly

#49 sherlock-admin2 closed 10 months ago
2
0xkaden - Can drain market contracts via self-liquidating positions to negative collateral amounts

#48 sherlock-admin closed 10 months ago
2
tvdung94 - Malicious users might grief other users by forcing execute orders

#47 sherlock-admin2 closed 10 months ago
1
bin2chen - vault.claimReward() If have a market without reward token, it may cause all markets to be unable to retrieve rewards.

#46 sherlock-admin opened 10 months ago
2
tvdung94 - MultiInvoker:_executeOrder might send fee to wrong address

#45 sherlock-admin2 closed 10 months ago
1
bin2chen - KeeperOracle callbacks only can set first market and user

#44 sherlock-admin closed 10 months ago
1
bin2chen - interfaceFee Incorrectly converted uint40 when stored

#43 sherlock-admin2 opened 10 months ago
3
tvdung94 - Vault might not settle correctly

#42 sherlock-admin closed 10 months ago
2
bin2chen - MultiInvoker closableAmount the calculation logic is wrong

#41 sherlock-admin2 opened 10 months ago
4
bin2chen - MultiInvoker orders that retrieve all collaterals and have a fee cannot be executed.

#40 sherlock-admin closed 10 months ago
2
0xkaden - Positions can be liquidated without ever having been unmaintained

#39 sherlock-admin2 closed 10 months ago
10
bin2chen - invoke() contracts that do not accept eth cannot execute

#38 sherlock-admin closed 10 months ago
1
bin2chen - invoke() early return eth

#37 sherlock-admin2 closed 10 months ago
29
0xkaden - TriggerOrder.execute withdraws full position if the provided delta is 0

#36 sherlock-admin closed 10 months ago
2
0xkaden - Broken market efficiency invariant check

#35 sherlock-admin2 closed 10 months ago
2
0xkaden - Incorrect maintenance check results in users being unable to withdraw collateral if it would have resulted in shortfall with latest position magnitude

#34 sherlock-admin closed 10 months ago
3
0xkaden - Settlement fee of unused markets is still charged in Vault

#33 sherlock-admin2 opened 10 months ago
2
panprog - `MultiInvoker._latest` calculates incorrect closable for the current oracle version causing some liquidations to revert

#32 sherlock-admin opened 10 months ago
2
panprog - `MultiInvoker._latest` will return `latestPrice = 0` when latest oracle version is invalid causing liquidation to send 0 fee to liquidator or incorrect order execution

#31 sherlock-admin2 opened 10 months ago
2
panprog - `TriggerOrder.comparison` can have values from -2 to 2, but only -1 to 1 are implemented

#30 sherlock-admin closed 10 months ago
1
panprog - Vault max redeem calculations limit redeem amount to the smallest position size in underlying markets which can lead to very small max redeem amount even with huge TVL vault

#29 sherlock-admin2 opened 10 months ago
4
panprog - Pending keeper and position fees are not accounted for in vault collateral calculation which can be abused to liquidate vault when it's small

#28 sherlock-admin opened 10 months ago
2
panprog - Vault `_maxDeposit` incorrect calculation allows to bypass vault deposit cap

#27 sherlock-admin2 opened 10 months ago
6
panprog - `KeeperOracle.commit` will revert and won't work for all markets if any single `Market` is paused.

#26 sherlock-admin opened 10 months ago
4
panprog - `KeeperOracle.request` adds only the first pair of market+account addresses per oracle version to callback list, ignoring all the subsequent ones

#25 sherlock-admin2 opened 10 months ago
2
panprog - Invalid oracle version can cause the `maker` position to exceed `makerLimit`, temporarily or permanently bricking the Market contract

#24 sherlock-admin opened 10 months ago
3
panprog - It is possible to open and liquidate your own position in 1 transaction to overcome efficiency and liquidity removal limits at almost no cost

#23 sherlock-admin2 opened 10 months ago
2
rvierdiiev - MultiInvoker doesn't pay keepers refund for l1 calldata

#22 sherlock-admin opened 10 months ago
4
rvierdiiev - Keeper payment for the commit of price doesn't consider global callbacks amount

#21 sherlock-admin2 closed 10 months ago
11
rvierdiiev - Only one callback per oracle version can be registered in the KeeperOracle callbacks

#20 sherlock-admin closed 10 months ago
1
kaancaglan - Consider using OpenZeppelin’s `SafeCast` library to prevent unexpected overflows when casting from various type int/uint values

#19 sherlock-admin2 closed 10 months ago
1
kaancaglan - Use Of `transfer` or `send` Instead Of `call` To Send Native Assets

#18 sherlock-admin closed 10 months ago
1
kaancaglan - Missing checks for `address(0)` in functions

#17 sherlock-admin2 closed 10 months ago
1
kaancaglan - Centralization risk for privileged functions|19|

#16 sherlock-admin closed 10 months ago
1
kaancaglan - Consider using OpenZeppelin’s `SafeCast` library to prevent unexpected overflows when casting from various type int/uint values

#15 sherlock-admin2 closed 10 months ago
1
kaancaglan - Use Of `transfer` or `send` Instead Of `call` To Send Native Assets

#14 sherlock-admin closed 10 months ago
1
kaancaglan - Floating Pragma

#13 sherlock-admin2 closed 10 months ago
1
kaancaglan - Missing checks for `address(0)` when updating state variables

#12 sherlock-admin closed 10 months ago
1
kaancaglan - Missing checks for `address(0)` in constructor/initializers

#11 sherlock-admin2 closed 10 months ago
1
kaancaglan - Centralization risk for privileged functions

#10 sherlock-admin closed 10 months ago
1