sherlock-audit 2023-10-real-wagmi-judging issues

sherlock-audit / 2023-10-real-wagmi-judging

16 stars 14 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Avci - the liquidators arent able to call repay function for liquidating the trader

#196 sherlock-admin2 closed 1 year ago
1
handsomegiraffe - If loan is not liquidated in time, underflow may prevent loan from being liquidated using emergency mode

#195 sherlock-admin closed 1 year ago
8
psb01 - owner of Ownable.sol is not set by default

#194 sherlock-admin2 closed 1 year ago
1
tsvetanovv - Malicious lender can use blacklisted address and harm borrower

#193 sherlock-admin closed 1 year ago
0
Avci - the contracts aren't ready for using some tokens that uniswap v3 supports.

#192 sherlock-admin2 closed 1 year ago
1
Kral01 - [H-03] Use of `slot0` to get `sqrtPriceLimitX96` can lead to price manipulation.

#191 sherlock-admin closed 1 year ago
0
AuditorPraise - key is not updated during the transfer of the ownership of a borrowing via takeOverDebt() function

#190 sherlock-admin2 closed 1 year ago
0
kaysoft - use of block.timestamp for deadline on increase liquidity and decrease liquidity

#189 sherlock-admin closed 1 year ago
1
jah - the function takeoverDebt doesn't properly update the liquidator balance

#188 sherlock-admin2 closed 1 year ago
1
jah - the function takeoverDebt doesn't properly update the liquidator balance

#187 sherlock-admin closed 1 year ago
0
Kral01 - [H-02] SqrtPriceX96 is calculation is not done correctly which can lead to loss of funds.

#186 sherlock-admin2 closed 1 year ago
47
jah - the function takeoverDebt doesn't properly update

#185 sherlock-admin closed 1 year ago
1
Avci - Lack of Borrower Liquidation Check in `TakeOverDebt` Function

#184 sherlock-admin2 closed 1 year ago
1
lil.eth - _restoreLiquidity() is extemely easy to manipulate due to how it calculates underlying token balances

#183 sherlock-admin closed 1 year ago
0
0xMaroutis - Misuse of Old Borrowing key instead of New Key in takeOverDebt Function

#182 sherlock-admin2 closed 1 year ago
0
HHK - `MINIMUM_AMOUNT` will result in higher rate for tokens with low decimals

#181 sherlock-admin closed 1 year ago
1
0xReiAyanami - DoS of protocol - borrow function will revert if contract holds holdToken

#180 sherlock-admin2 closed 1 year ago
0
lucifero - An attacker can increase liquidity to the position's UniswapNFT to prevent the loan from being repaid

#179 sherlock-admin closed 1 year ago
0
Kral01 - [H-01] Particularly high value of MINIMUM_BORROWED_AMOUNT can make the protocol unusable.

#178 sherlock-admin2 closed 1 year ago
0
0xMaroutis - Issue with Borrower's Incentive in using this protocol

#177 sherlock-admin closed 1 year ago
3
tsvetanovv - `COLLATERAL_BALANCE_PRECISION` is used for each calculation of each token type without actually checking how many decimal points the token has

#176 sherlock-admin2 closed 1 year ago
2
ReadyPlayer2 - Invalid caller bypass in LiquidityBorrowingManager.sol repay function

#175 sherlock-admin closed 1 year ago
1
ali_shehab - Assuming all tokens are 18 decimals

#174 sherlock-admin2 closed 1 year ago
0
0xpep7 - Project may fail to be deployed to Arbitrum chain

#173 sherlock-admin closed 1 year ago
0
tsvetanovv - Some tokens must approve by zero first

#172 sherlock-admin2 closed 1 year ago
1
0xkazim - calling transferToken Function Disrupts Repay Functionality

#171 sherlock-admin closed 1 year ago
1
ReadyPlayer2 - Redundant deadline mechanism in LiquidationBorrowingManager possibly leading to postperiod calls.

#170 sherlock-admin2 closed 1 year ago
1
0xkazim - attacker can front-running the lender calls when `isEmergency` is true

#169 sherlock-admin closed 1 year ago
0
0xpep7 - `takeOverDebt._addKeysAndLoansInfo` function mistakenly updates newBorrowing with the old borrowingKey, enabling attacker to steal loans liquidity

#168 sherlock-admin2 closed 1 year ago
0
lucifero - User may be unable to repay loan

#167 sherlock-admin closed 1 year ago
0
phenom - Use Ownable2Step rather than Ownable

#166 sherlock-admin2 closed 1 year ago
1
phenom - Timestamp may be manipulation

#165 sherlock-admin closed 1 year ago
0
phenom - Loss of precision in divisions

#164 sherlock-admin2 closed 1 year ago
1
phenom - Enum values should be used instead of constant array indexes

#163 sherlock-admin closed 1 year ago
0
Nyx - The borrower may receive lower profits because of slippage

#162 sherlock-admin2 closed 1 year ago
1
phenom - Missing Reentrancy Guard in Functions with Transfer Hooks

#161 sherlock-admin closed 1 year ago
0
phenom - Governance functions should be controlled by time locks

#160 sherlock-admin2 closed 1 year ago
1
phenom - Using block.timestamp as the deadline/expiry invites MEV

#159 sherlock-admin closed 1 year ago
1
IceBear - ApproveSwapAndPay.sol is vulnerable to address collission

#158 sherlock-admin2 closed 1 year ago
1
pinalikefruit - Lack of slippage protection can lead to a significant loss of user funds

#157 sherlock-admin closed 1 year ago
3
0xJuda - Absence of Slippage Protection in LiquidityBorrowingManager#repay

#156 sherlock-admin2 closed 1 year ago
0
phenom - Use descriptive constant instead of 0 as a parameter

#155 sherlock-admin closed 1 year ago
0
MohammedRizwan - Using `slot0` for `sqrtPriceX96` in order to calculate amount could lead to price manipulation

#154 sherlock-admin2 closed 1 year ago
0
0xkazim - Unsafe type casting lead to unintended behavior

#153 sherlock-admin closed 1 year ago
1
seeques - Liquidators might pay high gas fee costs on L1 and may not be incentivized to initiate liquidation

#152 sherlock-admin2 closed 1 year ago
0
tsvetanovv - `_getCurrentSqrtPriceX96()` is easy to manipulation

#151 sherlock-admin closed 1 year ago
0
MohammedRizwan - Use `unchecked` in `TickMath.sol` which is extensively used in `LiquidityManager.sol`

#150 sherlock-admin2 closed 1 year ago
18
836541 - "zeroForSaleToken" variable is incorrect calculated, fixing the sale direction of every pair

#149 sherlock-admin closed 1 year ago
2
shtesesamoubiq - The protocol isn't going to work with difference decimals other than 18

#148 sherlock-admin2 closed 1 year ago
0
Ragnark_323 - Unbounded loop in `collectProtocol` function can leads to DOS

#147 sherlock-admin closed 1 year ago
1