sherlock-audit 2023-11-olympus-judging issues

sherlock-audit / 2023-11-olympus-judging

9 stars 8 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

SAAJ - No check for empty array can result in unexpected outcome

#209 sherlock-admin closed 11 months ago
1
evilakela - Deviation calculation inconsistent

#208 sherlock-admin closed 11 months ago
0
SAAJ - Difference in array input length for ``` addAsset``` function can result in unexpected behaviour

#207 sherlock-admin closed 11 months ago
1
shealtielanz - `AuraBalancerSupply.sol` wrongly assumes that all of the weighted pools uses `totalSupply`

#206 sherlock-admin2 closed 11 months ago
0
hash - Bunni liquidityReserves doesn't count owed fees

#205 sherlock-admin closed 11 months ago
1
evilakela - OlympusTreasury.removeAsset can fail

#204 sherlock-admin2 closed 11 months ago
0
0xMR0 - Inadequate Gas Limit in Staticcall while checking for balancer reentrancy would fail

#203 sherlock-admin closed 10 months ago
28
ge6a - DOS of removeAsset() when asset.locations.length > 1

#202 sherlock-admin2 closed 11 months ago
0
jasonxiale - `UniswapV2PoolTokenPrice.getTokenPrice` might return inaccurate value if `lookupToken's balance` is small

#201 sherlock-admin closed 11 months ago
3
hash - usage of totalSupply for newer balancer pools should be replaced with getActualSupply

#200 sherlock-admin2 closed 11 months ago
0
bareli - Access Control: The contract uses an onlyParent modifier for admin functions

#199 sherlock-admin closed 11 months ago
1
ge6a - getBunniTokenPrice wrongly returns the total price of all tokens

#198 sherlock-admin2 opened 11 months ago
2
kgothatso - This division is incorrect and return incorrect values

#197 sherlock-admin closed 11 months ago
1
ge6a - Wrong methodology for stable BPT price calculation

#196 sherlock-admin2 closed 11 months ago
0
ast3ros - Incompatibility of ERC4626 vault with different asset and underlying decimals

#195 sherlock-admin closed 10 months ago
2
ast3ros - Incorrect total supply calculation in Balancer Weighted Pools

#194 sherlock-admin2 closed 11 months ago
0
ast3ros - Incorrect deviation calculation in isDeviatingWithBpsCheck function

#193 sherlock-admin opened 11 months ago
10
ast3ros - Incorrect calculation of pool token for the Balancer stable pool

#192 sherlock-admin2 closed 11 months ago
0
nirohgo - PRICE module AddAsset doesn't properly detect faulty configurations

#191 sherlock-admin closed 11 months ago
4
nirohgo - Price Module reports wrong MA/Current Price for asset using MA when feeds are down after storePrice has been called

#190 sherlock-admin2 closed 10 months ago
2
bareli - Decentralized Oracle Usage:

#189 sherlock-admin closed 11 months ago
0
hash - No way to updated added/removed categories in metrics

#188 sherlock-admin2 closed 11 months ago
2
bareli - Interface Assumptions

#187 sherlock-admin closed 11 months ago
1
NOT USED

#186 sherlock-admin2 closed 11 months ago
0
Arabadzhiev - `OlympusTreasury`

#185 sherlock-admin closed 11 months ago
0
ge6a - Using incorrect function to determine the token supply in a Balancer weighted pool

#184 sherlock-admin2 closed 11 months ago
0
bareli - Not implemented permissioned modifier

#183 sherlock-admin closed 11 months ago
1
shealtielanz - `ChainlinkPriceFeeds.sol` will return the wrong price for an asset if underlying aggregator hits `minAnswer` or `maxAnswer` as `_validatePriceFeedResult()` doesn't check against it. which will affect the `RBS`

#182 sherlock-admin2 closed 11 months ago
0
pontifex - Unexpected error when assets removal at the OlympusTreasury

#181 sherlock-admin closed 11 months ago
0
ge6a - ChainlinkPriceFeeds will use a wrong price if the Chainlink registry returns price outside min/max range

#180 sherlock-admin2 closed 11 months ago
0
hash - Incorrect price for tokens of Balancer stable pools due to fixed 1e18 input amount

#179 sherlock-admin closed 10 months ago
28
hash - Possible incorrect price for tokens in Balancer stable pool due to amplification parameter update

#178 sherlock-admin2 opened 11 months ago
19
hash - Possible outdated price for tokens in Balancer stable pools due to cached rate

#177 sherlock-admin closed 10 months ago
14
hash - Incorrect StablePool BPT price calculation

#176 sherlock-admin2 opened 11 months ago
2
hash - Flawed clearing of asset locations array will cause `removeAsset` to revert

#175 sherlock-admin closed 11 months ago
0
hash - Incorrect deviation check

#174 sherlock-admin2 closed 11 months ago
0
hash - setDebt can be front-runned

#173 sherlock-admin closed 11 months ago
1
hash - Incorrect ProtocolOwnedLiquidityOhm calculation due to inclusion of other user's reserves

#172 sherlock-admin2 opened 11 months ago
3
cu5t0mPe0 - No check for active L2 Sequencer

#171 sherlock-admin closed 11 months ago
1
hash - BunniPrice returns totalValue instead of pool token price

#170 sherlock-admin2 closed 11 months ago
0
hash - Pool manipulation check in BunniHelper is flawed as uncollected fees is used

#169 sherlock-admin closed 11 months ago
1
0xMR0 - `BalancerPoolTokenPrice.getWeightedPoolTokenPrice()` wrongly assumes that all of the weighted pools uses `totalSupply()`

#168 sherlock-admin2 closed 11 months ago
0
hash - Balancer vault reentrancy is not checked when interacting with BLVaultManager

#167 sherlock-admin closed 10 months ago
17
Irissme - Critical Re-entry Vulnerability in UniswapV3OracleHelper's getTimeWeightedTick Function in Oracle.sol

#166 sherlock-admin2 closed 11 months ago
1
cu5t0mPe0 - `BalancerPoolTokenPrice.sol` wrongly assumes that all of the weighted pools uses `totalSupply`

#165 sherlock-admin closed 11 months ago
0
Irissme - UniswapV3OracleHelper Contract: Lack of Token Address Validation in getTWAPRatio Function in Oracle.sol

#164 sherlock-admin2 closed 11 months ago
1
0xMR0 - In `ERC4626Price.sol`, `getPriceFromUnderlying()` function is vulnerable to price manipulation

#163 sherlock-admin closed 11 months ago
2
jah - the function removeassest will not work

#162 sherlock-admin2 closed 11 months ago
0
detectiveking - `operate()` is missing a case when activating / deactivating

#161 sherlock-admin closed 11 months ago
1
0xMR0 - TWAP observation window period is very low allowing the TWAP price to be easily manipulated

#160 sherlock-admin2 closed 10 months ago
1