sherlock-audit 2023-12-arcadia-judging issues

sherlock-audit / 2023-12-arcadia-judging

19 stars 15 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

jokr - Liquidation penatly should only be paid by account owner

#221 sherlock-admin2 closed 9 months ago
2
PR-Security - Violation of ERC-721 Standard in Factory.sol#tokenURI() implementation.

#220 sherlock-admin closed 9 months ago
2
PR-Security - `Factory.sol#safeTransferAccount()` function never will work, when Account itself want to transfer ownership

#219 sherlock-admin2 closed 9 months ago
2
PR-Security - `StakedStargateAM` won't work on some L2 chains

#218 sherlock-admin closed 9 months ago
2
PR-Security - Account never will be able to update account registry

#217 sherlock-admin2 closed 9 months ago
2
anya - Insufficient Allowance Check in flashAction Function in LendingPool.sol

#216 sherlock-admin closed 9 months ago
2
anya - Premature earlyTerminate Flag Setting in auctionRepay Function in LendinPool.sol

#215 sherlock-admin2 closed 9 months ago
2
cheatcode - Lack of Sequencer Uptime Oracle Update Mechanism

#214 sherlock-admin closed 9 months ago
2
ge6a - DOS of StakedStargateAM

#213 sherlock-admin2 closed 9 months ago
1
Topmark - Incomplete flashAction by Creditor Manager due to missing Implementation

#212 sherlock-admin closed 9 months ago
2
cheatcode - Inflexible Asset and Oracle Module Management

#211 sherlock-admin2 closed 9 months ago
2
anya - Insufficient Allowance Handling in withdraw Function and redeem in Tranche.sol

#210 sherlock-admin closed 9 months ago
2
deth - Factory.sol#tokenURI() - The function doesn’t comply with ERC721 standard

#209 sherlock-admin2 closed 9 months ago
2
iberry - The setAssetManager function in AccountV1 contract can be called by anyone

#208 sherlock-admin closed 9 months ago
2
akhoronko - Missing checks for down L2 Sequencer in `Registry.getRateInUsd` function

#207 sherlock-admin2 closed 9 months ago
1
anya - Incomplete Auction State Management in startLiquidation, and _endLiquidation Function in LendingPool.sol

#206 sherlock-admin closed 9 months ago
3
Topmark - Dos due to Absence of Unblocked Functionality for Blocked Account Version

#205 sherlock-admin2 closed 9 months ago
2
cheatcode - Oracle Integrity for Asset Pricing

#204 sherlock-admin closed 9 months ago
2
santiellena - USDbC (Bridged USDC on Base) may cause insolvency in the protocol if it deppegs from USDC

#203 sherlock-admin2 closed 9 months ago
2
iberry - setApprovedCreditor function in AccountV1 contract can be called by anyone

#202 sherlock-admin closed 9 months ago
2
Topmark - Blocked Accounts are not Checked before Transfer to New Innocent Users

#201 sherlock-admin2 closed 9 months ago
2
cheatcode - Grace Period Enforcement Inconsistency

#200 sherlock-admin closed 9 months ago
2
anya - Missing Tranche Validation in donateToTranche Function in LendingPool.sol

#199 sherlock-admin2 closed 9 months ago
1
anya - Redundant Type Casting in calcUnrealisedDebt Function

#198 sherlock-admin closed 9 months ago
2
Topmark - Same Oracle can be added mutiple times thereby give Room for Price Manipulation

#197 sherlock-admin2 closed 9 months ago
2
Topmark - sequencerDown would Return True even During Grace Period

#196 sherlock-admin closed 9 months ago
2
anya - Mismatched Return Types in maxDeposit && maxMint in Tranche.sol

#195 sherlock-admin2 closed 9 months ago
2
waffleWizard96 - Unintended Emission in LendingPool Contract

#194 sherlock-admin closed 9 months ago
2
Nyxaris - M-5 Lack of Support for Depositing and Withdrawing ERC777 Tokens

#193 sherlock-admin2 closed 9 months ago
2
Topmark - Replay can be executed with Excess Amount during Multicall

#192 sherlock-admin closed 9 months ago
2
ast3ros - Missing sequencerNotDown modifier in getValuesInUsdRecursive

#191 sherlock-admin2 closed 9 months ago
1
ast3ros - Incorrect accounting for rewards in mint and increaseLiquidity

#190 sherlock-admin closed 9 months ago
1
waffleWizard96 - Incomplete State Update: setTreasuryWeights Function

#189 sherlock-admin2 closed 9 months ago
2
Topmark - Liquidator can unfairly liquidate a users asset

#188 sherlock-admin closed 9 months ago
2
zzykxx - Possible griefing attack on lending pools interest rates

#187 sherlock-admin2 closed 9 months ago
0
deth - AbstractDerivedAM.sol#processIndirectDeposit() - Incorrect rounding direction will favor the user

#186 sherlock-admin closed 9 months ago
2
Topmark - Transfer of Ownership without Cool Down Validation would trigger Account Action that might be disadvantageous to New Owner

#185 sherlock-admin2 closed 9 months ago
2
kaysoft - Lack of sequencer Uptime check for L2 networks can cause unfair liquidations

#184 sherlock-admin closed 9 months ago
1
Topmark - Incomplete Revert Implementation in the AccountV1 Contract

#183 sherlock-admin2 closed 9 months ago
2
zzykxx - _convertValueInUsdToValueInNumeraire() rounds in the wrong direction

#182 sherlock-admin closed 9 months ago
2
Topmark - Approval Address can Interact on Behalf of A Creditor Even when The Creditor has not been Set at All

#181 sherlock-admin2 closed 9 months ago
2
Topmark - Numeraire is not Reset when MarginAccount is Closed

#180 sherlock-admin closed 9 months ago
2
Topmark - Wrong Implementation in the openMarginAccount Function

#179 sherlock-admin2 closed 9 months ago
2
0xRich_forEver - H-2: Degradation of Collateral Health Post-Liquidation

#178 sherlock-admin closed 9 months ago
2
iberry - depositInLendingPool function in LendingPool.sol don't check 'from' address whether is belong to msg.sender allowance for msg.sender can by malicious use

#177 sherlock-admin2 closed 9 months ago
1
Topmark - Denial of Service When the Excess Value of from DeltaAsset is enough to handle Subsequent Asset exposure

#176 sherlock-admin closed 9 months ago
2
zzykxx - Approval in StakedStargateAM::_stake() doesn't use safeApprove

#175 sherlock-admin2 closed 9 months ago
2
0xRich_forEver - H-1: Liquidation Reverts due Block Gas Limit

#174 sherlock-admin closed 9 months ago
2
Topmark - Liquadator Address Can be Set Even when There is no Creditor

#173 sherlock-admin2 closed 9 months ago
2
zzykxx - StakedStargateAM does not implement an emergencyWithdraw() function

#172 sherlock-admin closed 9 months ago
0