sherlock-audit 2023-12-arcadia-judging issues

sherlock-audit / 2023-12-arcadia-judging

19 stars 15 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

iberry - skim() is external function in LendingPool.sol don't limit access

#171 sherlock-admin2 closed 9 months ago
2
Topmark - Old Owner can take Advantage of updateActionTimestamp Modifier Absence to Front RunAccountV1 contract Against New Owner

#170 sherlock-admin closed 9 months ago
2
FastTiger - Did not set a value to the `interestWeight` variable in the `LendingPool.sol#setTreasuryWeights` function.

#169 sherlock-admin2 closed 9 months ago
4
fibonacci - An attacker could prevent the account from being transferred or sold on secondary markets

#168 sherlock-admin closed 9 months ago
24
zzykxx - Account auction price will keep decreasing even when bids can't be placed

#167 sherlock-admin2 closed 9 months ago
1
infect3d - `AbstractAM._getKeyFromAsset` is vulnerable to collision

#166 sherlock-admin closed 9 months ago
2
Kalyan-Singh - Directly adding minimumMargin to openPosition might be problematic

#165 sherlock-admin2 closed 9 months ago
2
Kalyan-Singh - Missing totalAssets() == 0 checks might DOS the protocol permanently

#164 sherlock-admin closed 9 months ago
2
0xRich_forEver - M-1: Liquidation Reverts Due to Zero Debt Token Mint

#163 sherlock-admin2 closed 9 months ago
2
Kalyan-Singh - MinRewardWeight does not behave as intended and can lead to extra reward payout than minimum margin

#162 sherlock-admin closed 9 months ago
24
Kalyan-Singh - Dutch auction buys can be griefed resulting in Bad Debt accrual for the protocol

#161 sherlock-admin2 closed 9 months ago
6
Kalyan-Singh - Donation attacks on Tranches can't be prevented by VAS alone

#160 sherlock-admin closed 9 months ago
0
AuditorPraise - There's a discrepancy between how the external stargate staking contract and AbstractStakingAM calculates `pending rewards` and `lastRewardPosition`

#159 sherlock-admin2 closed 9 months ago
1
infect3d - Underflow in `AbstractStakingAM._getRewardBalances` will cause a DoS of all operations during a period of time

#158 sherlock-admin closed 9 months ago
1
iberry - startLiquidation() is external function in LendingPool.sol don't limit access

#157 sherlock-admin2 closed 9 months ago
1
pash0k - `AbstractStakingAM.sol::_getRewardBalances()` will fail and lead to loss of rewards and DOS

#156 sherlock-admin closed 9 months ago
1
FCSE507 - The current interest is not included in the used margin calculation.

#155 sherlock-admin2 closed 9 months ago
2
0xadrii - Caching Uniswap position liquidity allows borrowing using undercollateralized Uni positions

#154 sherlock-admin opened 9 months ago
4
0xadrii - Reentrancy in flashAction() allows draining liquidity pools

#153 sherlock-admin2 opened 9 months ago
5
FCSE507 - The liquidity in the Uniswap position cannot be accurately calculated as collateral.

#152 sherlock-admin closed 9 months ago
1
3th - Newly-minted staked Stargate positions will be locked in Action Handler

#151 sherlock-admin2 closed 9 months ago
1
3th - Amount of reward tokens deposited in account after claiming may differ from amount of reward tokens sent from asset module; remainder lost to Action Handler

#150 sherlock-admin closed 9 months ago
2
3th - Incorrect position ownership check throughout abstract staking asset module

#149 sherlock-admin2 closed 9 months ago
2
NentoR - Optimistically paid initiation rewards may not get covered when liquidations settle through unhappy flow

#148 sherlock-admin closed 9 months ago
2
Nihavent - [M-1] Accounts can be liquidated when deposits are paused

#147 sherlock-admin2 closed 9 months ago
2
0x52 - The permissionless variant of `LendingPoolGuardian#unpause` will cause race conditions between repayment and liquidation

#146 sherlock-admin closed 9 months ago
9
0x52 - `LendingPool#flashAction` is broken when trying to refinance position across `LendingPools` due to improper access control

#145 sherlock-admin2 opened 9 months ago
5
0x52 - Differences in spot price vs AMM prices can be abused to completely misrepresent the holdings of a UniV3 LP tokens

#144 sherlock-admin closed 8 months ago
12
0x52 - `riskFactor` is incorrectly double applied to `StakeStargateAM` assets

#143 sherlock-admin2 closed 9 months ago
2
0x52 - Users can easily bypass exposure limits by adding liquidity to UniV3 LP tokens after deposit

#142 sherlock-admin closed 9 months ago
2
0x52 - `COOL_DOWN_PERIOD` is not long enough to prevent block stuffing on some L2s

#141 sherlock-admin2 closed 9 months ago
2
0x52 - `AccountV1#flashActionByCreditor` can be used to drain assets from account without withdrawing

#140 sherlock-admin opened 9 months ago
8
NentoR - Happy flow rewards are not backed by account's assets, leading to bad debt

#139 sherlock-admin2 closed 9 months ago
2
iberry - pauseTimestamp don't init in afterCoolDownOf when first call pause()

#138 sherlock-admin closed 9 months ago
2
Robert - Chainlink Returns Allow a 0 Price

#137 sherlock-admin2 closed 9 months ago
1
Nyxaris - M-4 Inadequate Debt Management in executeRepay Function

#136 sherlock-admin closed 9 months ago
2
Tricko - StakedStargateAM._getCurrentReward() fetches incorrect values, affecting rewards calculation.

#135 sherlock-admin2 closed 9 months ago
1
0xmuxyz - Some Accounts may immediately be liquidated - right after the `minimumMargin` would be updated (increased) via the LendingPool#`setMinimumMargin()`

#134 sherlock-admin closed 9 months ago
2
Nyxaris - H-1 Lack of Ownership Verification which leads vulnerability to gain control over accounts

#133 sherlock-admin2 closed 9 months ago
1
Nyxaris - H-0 Lack of Ownership Verification which leads vulnerability to gain control over accounts

#132 sherlock-admin closed 9 months ago
1
bareli - ORACLE Manupilation

#131 sherlock-admin2 closed 9 months ago
1
deth - AccountV1.sol#upgradeAccount() - When upgrading an account to a new version the numeraire, minimumMargin and liquidator are not checked if they have been changed

#130 sherlock-admin closed 9 months ago
2
0xDazai - 0xDazai - Use of `slot0` can lead to price manipulation

#129 sherlock-admin2 closed 9 months ago
1
pash0k - LendingPool.sol::donateToTranche() may be frontrun

#128 sherlock-admin closed 9 months ago
2
neo - Tranche gets unfair share of interests regardless of its liquidity

#127 sherlock-admin2 closed 9 months ago
2
0xDazai - 0xDazai - If answer returned from `_getRate()` function is `0,` `getRate()`will return 0 value for price

#126 sherlock-admin closed 9 months ago
1
0xDazai - 0xDazai - _stake() function can revert if used with USDT duo to approve not set to zero first

#125 sherlock-admin2 closed 9 months ago
1
neo - Account owner can make account healthy between liquidation start and auction bid, resulting in bidder getting rewarded.

#124 sherlock-admin closed 9 months ago
2
Hajime - `rewards` is not calculated correctly

#123 sherlock-admin2 closed 9 months ago
1
0xDazai - 0xDazai - addAsset() function missing access control , making it able to be called from end-user

#122 sherlock-admin closed 9 months ago
1

Previous Next