issues
search
sherlock-audit
/
2023-11-olympus-judging
9
stars
8
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Drynooo - removeCategoryGroup function does not update variables correctly
#109
sherlock-admin
closed
9 months ago
0
Drynooo - Variable categorization is not updated correctly
#108
sherlock-admin2
closed
9 months ago
0
Bandit - Bunni Reserves Differ From Twap Reserves When Tick Range is Not Full Range
#107
sherlock-admin
closed
9 months ago
0
tvdung94 - removeCategoryGroup() does not completely remove groups
#106
sherlock-admin2
closed
9 months ago
0
tvdung94 - Removing asset with multiple locations will cause Out Of Bound error
#105
sherlock-admin
closed
9 months ago
0
tvdung94 - OlympusTreasury::addAsset() does not check duplications in locations array
#104
sherlock-admin2
closed
9 months ago
0
tvdung94 - repayDebt() will revert when repay amount is greater than reserve debt
#103
sherlock-admin
closed
9 months ago
1
tvdung94 - Debt Approval methods lack handling overflow and underflow mechanism
#102
sherlock-admin2
closed
9 months ago
1
0xepley - `_validatePriceFeedResult` uses the same heartbeat for both feeds which is highly dangerous
#101
sherlock-admin
closed
9 months ago
1
0xepley - FlashLoan attack probability
#100
sherlock-admin2
closed
9 months ago
0
Coinstein - Revert when retrieving pool token price with low output decimals
#99
sherlock-admin
closed
9 months ago
1
0xepley - `_getFeedPrice` function will return the wrong price for asset if underlying aggregator hits minAnswer
#98
sherlock-admin2
closed
9 months ago
0
jovi - removeAsset attempts out of bounds array accesses
#97
sherlock-admin
closed
9 months ago
0
jovi - getBunniTokenPrice output not in outputDecimals
#96
sherlock-admin2
closed
9 months ago
1
jovi - getBunniTokenPrice calculates a bunniToken price based on instant held reserves at a certain tick range
#95
sherlock-admin
closed
9 months ago
1
pipidu83 - ```setDebt``` could be front-runned on purpose or by accident
#94
sherlock-admin2
closed
9 months ago
1
Coinstein - UniswapV2 pool token price may not be correctly calculated due to incorrect calculation of pool supply
#93
sherlock-admin
closed
9 months ago
0
jovi - getTokenPriceFromStablePool is not compatible with all stable pools
#92
sherlock-admin2
closed
9 months ago
0
jovi - getReserves doesn't utilize the most accurate method to determine totalSupply for some Balancer pools
#91
sherlock-admin
closed
9 months ago
0
jovi - addAsset allows a location to be accounted for more than once
#90
sherlock-admin2
closed
9 months ago
0
jovi - getTimeWeightedTick unsafely casts uint32 to int32
#89
sherlock-admin
closed
9 months ago
1
jovi - getCategoryBalance returns a balance variable that is determined by balances of unrelated tokens
#88
sherlock-admin2
closed
9 months ago
1
Coinstein - Chainlink heartbeat time gap is too huge
#87
sherlock-admin
closed
9 months ago
1
Coinstein - BalancerPoolTokenPrice should support Composable Stable Pools
#86
sherlock-admin2
closed
9 months ago
1
Coinstein - The getStablePoolTokenPrice and getTokenPriceFromStablePool functions are incompatible with two specific stable pools
#85
sherlock-admin
closed
9 months ago
0
Arabadzhiev - `BunniPrice::getBunniTokenPrice` returns the TVL in the given Bunni token instead of the price per share of that token
#84
sherlock-admin2
closed
9 months ago
0
Arabadzhiev - `BunniSupply::getProtocolOwnedLiquidityOhm` does not take uncollected fees into account, leading to OHM balance discrepancy
#83
sherlock-admin
closed
9 months ago
1
Arabadzhiev - `AuraBalancerSupply` retrieves the total BPT supply of Balancer pools through the `totalSupply` function, which is not correct for some types of pools
#82
sherlock-admin2
closed
9 months ago
0
Arabadzhiev - Missing `minAnswer`/`maxAnswer` circuit breakers in `ChainlinkPriceFeeds`
#81
sherlock-admin
closed
9 months ago
0
ZanyBonzy - Removed vaults might still be holding funds.
#80
sherlock-admin2
closed
9 months ago
1
Arabadzhiev - `OlympusTreasury::removeAsset` will always revert when `locations.length > 1`
#79
sherlock-admin
closed
9 months ago
0
chrisling - `addAsset` does not check for duplicates of `locations`, which may result in double counting of balances in `_getCurrentBalance` and break core logics of `OlympusTreasury.sol`
#78
sherlock-admin2
closed
9 months ago
4
lemonmon - BLVaultSupply, IncurDebtSupply, SiloSupply not compatible with Appraiser and price modules
#77
sherlock-admin
closed
9 months ago
2
lemonmon - OlympusSupply.getReservesByCategory will revert if the optional submoduleReservesSelector is set to be zero
#76
sherlock-admin2
closed
9 months ago
0
lemonmon - OlympusTreasury.addAsset allows duplicated locations, resulting in incorrect asset balance
#75
sherlock-admin
closed
9 months ago
0
zraxx - In function `updateAssetPriceFeeds`, the length check for feeds_ is missing
#74
sherlock-admin2
closed
9 months ago
4
zraxx - In function `addAsset`, duplicate check for `locations_` is missing
#73
sherlock-admin
closed
9 months ago
0
nobody2018 - OlympusTreasury.getCategoryBalance may return incorrect balance
#72
sherlock-admin2
closed
9 months ago
4
ggg_ttt_hhh - An infinite loop may occur during the calculation of the token price.
#71
sherlock-admin
closed
9 months ago
1
ggg_ttt_hhh - Remove categories when removing a category group
#70
sherlock-admin2
closed
9 months ago
0
lil.eth - Front-Running leading to underflow in Debt Approval Management
#69
sherlock-admin
closed
9 months ago
1
nobody2018 - When asset.useMovingAverage is true, _getCurrentPrice may get stale price in some cases
#68
sherlock-admin2
closed
9 months ago
6
nobody2018 - BunniHelper.getReservesRatio does not consider the situation that the current tick is out of [tickLower, tickUpper]
#67
sherlock-admin
closed
9 months ago
3
vipeo - Solmate's SafeTransferLib does not check for token contract's existence
#66
sherlock-admin2
closed
9 months ago
0
BradMoonUESTC - Vulnerability in Oracle Data Freshness and Accuracy
#65
sherlock-admin
closed
9 months ago
1
BradMoonUESTC - Uniswap V2 Price Manipulation Vulnerability in getTokenPrice Function
#64
sherlock-admin2
closed
9 months ago
0
BradMoonUESTC - Smart Contract Decimal Vulnerability in `getReservesRatio` Function
#63
sherlock-admin
closed
9 months ago
0
BradMoonUESTC - Analysis of Potential Vulnerability in Uniswap V3 Pool Reserve Ratio Calculation
#62
sherlock-admin2
closed
9 months ago
1
BradMoonUESTC - Smart Contract Price Update Vulnerability
#61
sherlock-admin
closed
9 months ago
1
BradMoonUESTC - Decimal Place Mismatch Vulnerability in Smart Contract Price Calculation
#60
sherlock-admin2
closed
9 months ago
1
Previous
Next