sherlock-audit 2023-11-olympus-judging issues

sherlock-audit / 2023-11-olympus-judging

9 stars 8 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Drynooo - removeCategoryGroup function does not update variables correctly

#109 sherlock-admin closed 9 months ago
0
Drynooo - Variable categorization is not updated correctly

#108 sherlock-admin2 closed 9 months ago
0
Bandit - Bunni Reserves Differ From Twap Reserves When Tick Range is Not Full Range

#107 sherlock-admin closed 9 months ago
0
tvdung94 - removeCategoryGroup() does not completely remove groups

#106 sherlock-admin2 closed 9 months ago
0
tvdung94 - Removing asset with multiple locations will cause Out Of Bound error

#105 sherlock-admin closed 9 months ago
0
tvdung94 - OlympusTreasury::addAsset() does not check duplications in locations array

#104 sherlock-admin2 closed 9 months ago
0
tvdung94 - repayDebt() will revert when repay amount is greater than reserve debt

#103 sherlock-admin closed 9 months ago
1
tvdung94 - Debt Approval methods lack handling overflow and underflow mechanism

#102 sherlock-admin2 closed 9 months ago
1
0xepley - `_validatePriceFeedResult` uses the same heartbeat for both feeds which is highly dangerous

#101 sherlock-admin closed 9 months ago
1
0xepley - FlashLoan attack probability

#100 sherlock-admin2 closed 9 months ago
0
Coinstein - Revert when retrieving pool token price with low output decimals

#99 sherlock-admin closed 9 months ago
1
0xepley - `_getFeedPrice` function will return the wrong price for asset if underlying aggregator hits minAnswer

#98 sherlock-admin2 closed 9 months ago
0
jovi - removeAsset attempts out of bounds array accesses

#97 sherlock-admin closed 9 months ago
0
jovi - getBunniTokenPrice output not in outputDecimals

#96 sherlock-admin2 closed 9 months ago
1
jovi - getBunniTokenPrice calculates a bunniToken price based on instant held reserves at a certain tick range

#95 sherlock-admin closed 9 months ago
1
pipidu83 - ```setDebt``` could be front-runned on purpose or by accident

#94 sherlock-admin2 closed 9 months ago
1
Coinstein - UniswapV2 pool token price may not be correctly calculated due to incorrect calculation of pool supply

#93 sherlock-admin closed 9 months ago
0
jovi - getTokenPriceFromStablePool is not compatible with all stable pools

#92 sherlock-admin2 closed 9 months ago
0
jovi - getReserves doesn't utilize the most accurate method to determine totalSupply for some Balancer pools

#91 sherlock-admin closed 9 months ago
0
jovi - addAsset allows a location to be accounted for more than once

#90 sherlock-admin2 closed 9 months ago
0
jovi - getTimeWeightedTick unsafely casts uint32 to int32

#89 sherlock-admin closed 9 months ago
1
jovi - getCategoryBalance returns a balance variable that is determined by balances of unrelated tokens

#88 sherlock-admin2 closed 9 months ago
1
Coinstein - Chainlink heartbeat time gap is too huge

#87 sherlock-admin closed 9 months ago
1
Coinstein - BalancerPoolTokenPrice should support Composable Stable Pools

#86 sherlock-admin2 closed 9 months ago
1
Coinstein - The getStablePoolTokenPrice and getTokenPriceFromStablePool functions are incompatible with two specific stable pools

#85 sherlock-admin closed 9 months ago
0
Arabadzhiev - `BunniPrice::getBunniTokenPrice` returns the TVL in the given Bunni token instead of the price per share of that token

#84 sherlock-admin2 closed 9 months ago
0
Arabadzhiev - `BunniSupply::getProtocolOwnedLiquidityOhm` does not take uncollected fees into account, leading to OHM balance discrepancy

#83 sherlock-admin closed 9 months ago
1
Arabadzhiev - `AuraBalancerSupply` retrieves the total BPT supply of Balancer pools through the `totalSupply` function, which is not correct for some types of pools

#82 sherlock-admin2 closed 9 months ago
0
Arabadzhiev - Missing `minAnswer`/`maxAnswer` circuit breakers in `ChainlinkPriceFeeds`

#81 sherlock-admin closed 9 months ago
0
ZanyBonzy - Removed vaults might still be holding funds.

#80 sherlock-admin2 closed 9 months ago
1
Arabadzhiev - `OlympusTreasury::removeAsset` will always revert when `locations.length > 1`

#79 sherlock-admin closed 9 months ago
0
chrisling - `addAsset` does not check for duplicates of `locations`, which may result in double counting of balances in `_getCurrentBalance` and break core logics of `OlympusTreasury.sol`

#78 sherlock-admin2 closed 9 months ago
4
lemonmon - BLVaultSupply, IncurDebtSupply, SiloSupply not compatible with Appraiser and price modules

#77 sherlock-admin closed 9 months ago
2
lemonmon - OlympusSupply.getReservesByCategory will revert if the optional submoduleReservesSelector is set to be zero

#76 sherlock-admin2 closed 9 months ago
0
lemonmon - OlympusTreasury.addAsset allows duplicated locations, resulting in incorrect asset balance

#75 sherlock-admin closed 9 months ago
0
zraxx - In function `updateAssetPriceFeeds`, the length check for feeds_ is missing

#74 sherlock-admin2 closed 9 months ago
4
zraxx - In function `addAsset`, duplicate check for `locations_` is missing

#73 sherlock-admin closed 9 months ago
0
nobody2018 - OlympusTreasury.getCategoryBalance may return incorrect balance

#72 sherlock-admin2 closed 9 months ago
4
ggg_ttt_hhh - An infinite loop may occur during the calculation of the token price.

#71 sherlock-admin closed 9 months ago
1
ggg_ttt_hhh - Remove categories when removing a category group

#70 sherlock-admin2 closed 9 months ago
0
lil.eth - Front-Running leading to underflow in Debt Approval Management

#69 sherlock-admin closed 9 months ago
1
nobody2018 - When asset.useMovingAverage is true, _getCurrentPrice may get stale price in some cases

#68 sherlock-admin2 closed 9 months ago
6
nobody2018 - BunniHelper.getReservesRatio does not consider the situation that the current tick is out of [tickLower, tickUpper]

#67 sherlock-admin closed 9 months ago
3
vipeo - Solmate's SafeTransferLib does not check for token contract's existence

#66 sherlock-admin2 closed 9 months ago
0
BradMoonUESTC - Vulnerability in Oracle Data Freshness and Accuracy

#65 sherlock-admin closed 9 months ago
1
BradMoonUESTC - Uniswap V2 Price Manipulation Vulnerability in getTokenPrice Function

#64 sherlock-admin2 closed 9 months ago
0
BradMoonUESTC - Smart Contract Decimal Vulnerability in `getReservesRatio` Function

#63 sherlock-admin closed 9 months ago
0
BradMoonUESTC - Analysis of Potential Vulnerability in Uniswap V3 Pool Reserve Ratio Calculation

#62 sherlock-admin2 closed 9 months ago
1
BradMoonUESTC - Smart Contract Price Update Vulnerability

#61 sherlock-admin closed 9 months ago
1
BradMoonUESTC - Decimal Place Mismatch Vulnerability in Smart Contract Price Calculation

#60 sherlock-admin2 closed 9 months ago
1

Previous Next