issues
search
sherlock-audit
/
2023-11-olympus-judging
9
stars
7
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
detectiveking - updateMarket functions incorrectly, as it does not set marketCapacity
#159
sherlock-admin
closed
6 months ago
1
0x52 - OlympusTreasury#removeCategoryGroup fails to properly clear the categorization which can lead to incorrect asset categorization
#158
sherlock-admin2
closed
5 months ago
11
0x52 - CustomSupply contains no methodology to set _protocolOwnedTreasuryOhm after it has been set
#157
sherlock-admin
closed
6 months ago
10
0x52 - TWAP manipulation of held Bunni tokens can be used to DOS entire RBS system
#156
sherlock-admin2
closed
6 months ago
8
0x52 - Balancer LP valuation methodologies use the incorrect supply metric
#155
sherlock-admin
opened
6 months ago
1
0x52 - Oracle#getTimeWeightedTick fails to provide an accurate TWAP due to the exponential nature of tick math
#154
sherlock-admin2
closed
6 months ago
7
0x52 - Submodules can be installed but never removed causing bloat and potential DOS over time
#153
sherlock-admin
closed
6 months ago
1
Irissme - Potential Security Risk in the 'execOnSubmodule' Function
#152
sherlock-admin2
closed
6 months ago
1
bin2chen - removeAsset() when locations.length>1 will revert
#151
sherlock-admin
closed
5 months ago
11
bin2chen - CustomSupply miss setProtocolOwnedTreasuryOhm()
#150
sherlock-admin2
closed
6 months ago
0
bin2chen - getReservesByCategory() when useSubmodules =true and submoduleReservesSelector=bytes4(0) will revert
#149
sherlock-admin
opened
6 months ago
3
Coinstein - ChainlinkPriceFeeds#getTwoFeedPriceMul should not revert for certain output decimals
#148
sherlock-admin2
closed
6 months ago
7
CL001 - Due to the timestamp(asset and base) of cached price out of sync,the calculated price (the asset in units of `base_`) may be inaccurate
#147
sherlock-admin
closed
6 months ago
1
eta - Mislabeled Parameter in BunniSupply.sol and Missing Check in OlympusSupply.sol Open Doors to Errors and Exploitation
#146
sherlock-admin2
closed
6 months ago
1
bin2chen - getWeightedPoolTokenPrice() wrongly assumes that all of the weighted pools uses totalSupply
#145
sherlock-admin
closed
6 months ago
0
CL001 - After addAssetLocation,there is not initialize cache with current value
#144
sherlock-admin2
closed
6 months ago
6
tvdung94 - Missing check on observationFrequency in the constructor of olympus price contract
#143
sherlock-admin
closed
6 months ago
1
tvdung94 - Token weights are being converted into wrong decimals at multiple places in BalancerPoolTokenPrice contract
#142
sherlock-admin2
closed
6 months ago
1
tvdung94 - BalancerPoolTokenPrice::getStablePoolTokenPrice()'s approach might be wrong
#141
sherlock-admin
closed
6 months ago
0
tvdung94 - BalancerPoolTokenPrice::getStablePoolTokenPrice() returns price in wrong decimals when poolDecimals is not 18
#140
sherlock-admin2
closed
6 months ago
1
tvdung94 - Balances and scaling factors length should be checked before scaling
#139
sherlock-admin
closed
6 months ago
1
tvdung94 - BunniPrice::getBunniTokenPrice() returns incorrect price
#138
sherlock-admin2
closed
6 months ago
0
tvdung94 - BunniPrice::_getBunniReserves() does not add uncollected fee into total value calculation
#137
sherlock-admin
closed
6 months ago
1
tvdung94 - ChainlinkPriceFeeds::_getFeedPrice() should get feed decimals directly from chainlink feeds instead of input arguments
#136
sherlock-admin2
closed
6 months ago
1
cuthalion0x - Precision assumptions do not hold and can lead to improper scaling of output prices
#135
sherlock-admin
closed
6 months ago
1
cuthalion0x - Rounding errors in `BalancerPoolTokenPrice#_getWeightedPoolRawValue()` can produce vastly incorrect LP token prices
#134
sherlock-admin2
closed
6 months ago
10
tvdung94 - UniswapV2PoolTokenPrice::getTokenPrice() still proceeds even when lookupToken does not exist
#133
sherlock-admin
closed
6 months ago
1
dany.armstrong90 - Wrong calculation of ProtocolOwnedLiquidityOhm in BunnySupply.
#132
sherlock-admin2
closed
6 months ago
1
tvdung94 - OlympusSupply contract lacks of ohm and gohm validation in constructor
#131
sherlock-admin
closed
6 months ago
1
KupiaSec - `removeAsset` reverts in `OlympusTreasury`.
#130
sherlock-admin2
closed
6 months ago
0
KupiaSec - No re-entrancy checking in `BunniSupply` and `AuraBalancerSupply`.
#129
sherlock-admin
closed
6 months ago
1
KupiaSec - BunnySupply missing accumulated fees in Protocol Owned Liquidity(aka POL) calculation
#128
sherlock-admin2
closed
6 months ago
1
KupiaSec - Price calculation can be manipulated by intentionally reverting some of price feeds.
#127
sherlock-admin
opened
6 months ago
22
jasonxiale - `OlympusTreasury.removeAsset` will revert if `asset.locations.length` is larger than 1
#126
sherlock-admin2
closed
6 months ago
0
jasonxiale - `BunniPrice.getBunniTokenPrice` calculates price incorrectly
#125
sherlock-admin
closed
6 months ago
0
jasonxiale - `BalancerPoolTokenPrice.getStablePoolTokenPrice` calculates price incorrectly
#124
sherlock-admin2
closed
6 months ago
0
KupiaSec - Invalid price calculation for BunniTokens leads to price manipulation
#123
sherlock-admin
closed
6 months ago
11
tvdung94 - balancerPool.totalSupply() might not give correct results for newer weighted pools
#122
sherlock-admin2
closed
6 months ago
0
cu5t0mPe0 - _getOhmReserves calculates the number of ohm incorrectly
#121
sherlock-admin
closed
6 months ago
4
tvdung94 - Dusted Ohm token in balancer supply might be ignored
#120
sherlock-admin2
closed
6 months ago
1
cu5t0mPe0 - locations_ array may contain duplicate members
#119
sherlock-admin
closed
6 months ago
0
0xMR0 - Solmate safetransfer and safetransferfrom doesnot check the codesize of the token address, which may lead to fund loss
#118
sherlock-admin2
closed
6 months ago
1
tvdung94 - BunniSupply::getProtocolOwnedLiquidityReserves() returns incorrect amount of reserves
#117
sherlock-admin
closed
6 months ago
2
tvdung94 - Supply arb-related submodules don't reflect the true state of reserve for their specific pools
#116
sherlock-admin2
closed
6 months ago
1
0xMR0 - `getReserveBalance()` does not return actual tokens held by treasury and it breaks other contract functionality like swaps
#115
sherlock-admin
closed
6 months ago
2
Drynooo - getBunniTokenPrice function calculation error
#114
sherlock-admin2
closed
6 months ago
0
Drynooo - The removeCategory function may fail due to exceeding the gas limit.
#113
sherlock-admin
closed
6 months ago
1
Drynooo - Wrong function used to get totalSupply
#112
sherlock-admin2
closed
6 months ago
0
NOT USED
#111
sherlock-admin
closed
6 months ago
0
Drynooo - location may be added repeatedly
#110
sherlock-admin2
closed
6 months ago
0
Previous
Next