issues
search
sherlock-audit
/
2023-10-real-wagmi-judging
16
stars
14
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
bareli - Different ERC20 has different decimal
#96
sherlock-admin2
closed
11 months ago
1
handsomegiraffe - Malicious liquidity provider can prevent liquidation of loan and loss of funds to other liquidity providers
#95
sherlock-admin
closed
11 months ago
0
bareli - Verifying the 0 address.
#94
sherlock-admin2
closed
11 months ago
1
Bandit - Attacker Can use `Repay` to make trading profits off Liquidity Lender
#93
sherlock-admin
closed
11 months ago
1
bareli - Data manipulated using MEV bots
#92
sherlock-admin2
closed
11 months ago
1
Bandit - Collateral Precision Hardcoded to 18 Decimals
#91
sherlock-admin
closed
11 months ago
2
Bandit - Lack of Slippage Control For Liquidity Functions
#90
sherlock-admin2
closed
11 months ago
5
Bandit - No Incentive to Liquidate Small Positions
#89
sherlock-admin
closed
11 months ago
1
Bandit - Uniswap Fees Are Sent to Liquidity Manager Without Being Attributed to the LP Owner
#88
sherlock-admin2
closed
11 months ago
1
Bandit - Liquidity Position Payoff Does not Match Disassembled Payoff
#87
sherlock-admin
closed
11 months ago
1
seeques - Incorrect calculations of borrowingCollateral leads to DoS for positions in the current tick range due to underflow
#86
sherlock-admin2
opened
11 months ago
14
0x52 - Protocol is incompatible with ZkSync Era due to differences in address deviation
#85
sherlock-admin
closed
11 months ago
0
0x52 - Pragma isn't compatible with Arbitrum and other rollups that don't support Push0
#84
sherlock-admin2
closed
11 months ago
2
0x52 - Blacklisted creditor can block all repayment besides emergency closure
#83
sherlock-admin
opened
11 months ago
2
0x52 - Adversary can overwrite function selector in _patchAmountAndCall due to inline assembly lack of overflow protection
#82
sherlock-admin2
opened
11 months ago
4
seeques - Borrowers that borrow from certain positions can get leverage without paying collateral due to inaccurate borrowingCollateral calculations
#81
sherlock-admin
closed
11 months ago
1
IceBear - Use of slot0 to get sqrtPriceLimitX96 can lead to price manipulation.
#80
sherlock-admin2
closed
11 months ago
0
0x52 - Slippage controls inside _restoreLiqudity are ineffective allowing repay() calls to be sandwiched and all profits stolen
#79
sherlock-admin
closed
11 months ago
2
0x52 - Creditor can maliciously burn UniV3 position to permanently lock funds
#78
sherlock-admin2
opened
11 months ago
2
0x52 - Rollup address aliasing blocks users from repaying/topping up during sequencer downtime
#77
sherlock-admin
closed
11 months ago
13
0x52 - Adversary can reenter takeOverDebt() during liquidation to steal vault funds
#76
sherlock-admin2
opened
11 months ago
3
sh0lt0 - Not using slippage parameter or deadline while swapping on UniswapV3
#75
sherlock-admin
closed
11 months ago
1
newt - Users cannot swap token1 for token0
#74
sherlock-admin2
closed
11 months ago
1
ali_shehab - `takeOverDebt` is not setting the new borrowing for the new borrowe/trader, resulting him paying funds without getting anything in return
#73
sherlock-admin
closed
11 months ago
0
Bauer - Incorrect implementation of checking whether borrowing collateral exceeds the maximum allowed collateral limit
#72
sherlock-admin2
closed
11 months ago
1
AuditorPraise - Possible underflow in ApproveSwapAndPay._v3SwapExactInput() when calculating `amountOut` resulting in an enormous value.
#71
sherlock-admin
closed
11 months ago
1
Bauer - If the token id has been burned, the borrower will not be able to repay the loan
#70
sherlock-admin2
closed
11 months ago
0
Bauer - The borrower may be unable to repay a loan
#69
sherlock-admin
closed
11 months ago
0
p-tsanev - LiquidityBorrowingManager.sol - missing platform payments
#68
sherlock-admin2
closed
11 months ago
25
seeques - Collateral sent during borrowing is lost due to not accounting for borrowingCollateral in borrowing.DailyRateCollateralBalance
#67
sherlock-admin
closed
11 months ago
18
zraxx - No assignment to the state variable `tokenIdToBorrowingKeys`
#66
sherlock-admin2
closed
11 months ago
1
zraxx - In `_v3SwapExactInput`, `amountOut` is underflowed
#65
sherlock-admin
closed
11 months ago
2
zraxx - In `takeOverDebt`, wrong parameter `borrowingKey` is used to call `_addKeysAndLoansInfo`
#64
sherlock-admin2
closed
11 months ago
0
Bauer - Attacker can manipulate low TVL Uniswap V3 pool to swap to make user in loss
#63
sherlock-admin
closed
11 months ago
7
Bauer - `uniswapV3SwapCallback()` is vulnerable to address collission
#62
sherlock-admin2
closed
11 months ago
1
Bauer - Exchange operations on Uniswap V3 are susceptible to front-running
#61
sherlock-admin
closed
11 months ago
1
Bauer - Missing check for `sqrtRatioAX96 > 0`
#60
sherlock-admin2
closed
11 months ago
1
peanuts - Obtaining sqrtPriceX96 from slot0 may be dangerous if liquidity is low
#59
sherlock-admin
closed
11 months ago
0
peanuts - Any position can be taken over immediately
#58
sherlock-admin2
closed
11 months ago
1
peanuts - Liquidation bonus can be stolen through repay() as the fund is not returned to original borrower when a new borrower calls takeOverDebt()
#57
sherlock-admin
closed
11 months ago
1
peanuts - Platform fees is counted twice when takingOverDebt
#56
sherlock-admin2
closed
11 months ago
1
IceBear - LiquidityManager.sol _increaseLiquidity() lacks slippage protection
#55
sherlock-admin
closed
11 months ago
5
peanuts - No slippage and deadline check when decreasing liquidity
#54
sherlock-admin2
closed
11 months ago
1
AuditorPraise - old borrowing key is used instead of `newBorrowingKey` when adding old loans to the newBorrowing in LiquidityBorrowingManager.takeOverDebt()
#53
sherlock-admin
opened
11 months ago
3
HHK - Wrong check in `repay()` makes borrower loose its `dailyCollateral` if closing position quickly after opening it.
#52
sherlock-admin2
closed
11 months ago
1
HHK - No deadline and slippage check on `takeOverDebt()` can lead to unexpected results
#51
sherlock-admin
opened
11 months ago
26
peanuts - Low decimal tokens such as EURS will not work as dailyRateCollateral will be overinflated
#50
sherlock-admin2
closed
11 months ago
0
peanuts - MAX_NUM_USER_POSOTION can be bypassed
#49
sherlock-admin
closed
11 months ago
1
feelereth - The loop counter i is incremented without checks on the length of the tokens array. This can cause an overflow and potentially overwrite memory.
#48
sherlock-admin2
closed
11 months ago
1
HHK - Borrower cannot `repay()` if lender burns its NFT
#47
sherlock-admin
closed
11 months ago
3
Previous
Next