sherlock-audit 2023-12-dodo-gsp-judging issues

sherlock-audit / 2023-12-dodo-gsp-judging

6 stars 5 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

dian.ivanov - buyShares allows to = address(0)

#174 sherlock-admin closed 10 months ago
0
0xMaroutis - Malicious attacker can drain funds via `flashLoan` function

#173 sherlock-admin closed 10 months ago
0
nisedo - DoS when `_MT_FEE_QUOTE_` and/or `_MT_FEE_BASE_` get too big

#172 sherlock-admin closed 10 months ago
1
Avci - not every token works FINE with IERC20 standard thus the decimal value would be wrong.

#171 sherlock-admin closed 10 months ago
1
mstpr-brainbot - "buyShares "lacks deadline parameter

#170 sherlock-admin closed 10 months ago
0
Angry_Mustache_Man - Lack of Proper Slippage Controls can cause freezing of funds during High Volatility times

#169 sherlock-admin closed 10 months ago
1
Varun_05 - Division before multiplication can cause incorrect calculation causing less tokens being sent to the user

#168 sherlock-admin closed 10 months ago
0
PranavGarg - Risk of reuse of signatures across forks due to lack of chain ID validation

#167 sherlock-admin closed 10 months ago
0
Tri-pathi - `DODOMath._SolveQuadraticFunctionForTrade` is implemented incorrect

#166 sherlock-admin closed 10 months ago
1
inzinko - Users that try to call `buyShares` and mint shares with only base tokens, will loose those tokens permanently

#165 sherlock-admin closed 10 months ago
1
nuthan2x - GSP pool can be permanently paused by gaming the initial liquidity action

#164 sherlock-admin closed 10 months ago
0
0xBhumii - missing reentrency guard

#163 sherlock-admin closed 10 months ago
0
0xMaroutis - Users can lose funds when buying shares or executing flashLoan

#162 sherlock-admin closed 10 months ago
0
unforgiven - attacker can DOS empty DSP pools (blocking protocol core functionality) and grief the deployer

#161 sherlock-admin closed 10 months ago
0
0xBhumii - use of tx.origin is not recommonded

#160 sherlock-admin closed 10 months ago
1
Ragnark_323 - sellBase() and sellQuote() functions doesn't handle the slippage check which can leads to loss of user funds

#159 sherlock-admin closed 10 months ago
0
zach030 - Front-Running in buyShares Function

#158 sherlock-admin closed 10 months ago
0
Varun_05 - Base/Quote token reserve can become equal to zero when K=0

#157 sherlock-admin2 closed 10 months ago
1
pontifex - Lack of chainID validation allows reuse of signatures across forks

#156 sherlock-admin closed 10 months ago
0
pontifex - DoS due to unexpected revert in twap update

#155 sherlock-admin2 closed 10 months ago
13
inzinko - A withdrawal DOS will occur for the maintainer if the tokens in the pool are not able to pay the accumulated maintainer fee

#154 sherlock-admin closed 10 months ago
1
0xBhumii - Frontrunning risks!

#153 sherlock-admin2 closed 10 months ago
0
0xMaroutis - Proxy and upgradable tokens (like TUSD) can cause issues to the protocol

#152 sherlock-admin closed 10 months ago
1
0xmystery - ERC20 Approve/Allowance Front-Running Vulnerability and Mitigation in GSPVault.sol with USDT Example

#151 sherlock-admin2 closed 10 months ago
0
bareli - zero address verification for owner

#150 sherlock-admin closed 10 months ago
1
bareli - Division by Zero

#149 sherlock-admin2 closed 10 months ago
1
0xhashiman - User can lose fund when trying to call sellShares()

#148 sherlock-admin closed 10 months ago
1
0xBhumii - Unclear Reentrency implementation

#147 sherlock-admin2 closed 10 months ago
1
bareli - wrong implementation of timeElapsed.

#146 sherlock-admin closed 10 months ago
1
NOT USED

#145 sherlock-admin2 closed 10 months ago
0
Angry_Mustache_Man - Fee amount charged by the Protocol can be circumvented for low-decimal Stablecoins

#144 sherlock-admin closed 10 months ago
1
0xMaroutis - Slippage issues when the slippage factor `k` is higher

#143 sherlock-admin2 closed 10 months ago
0
bareli - wrong implementation of correctRState() function

#142 sherlock-admin closed 10 months ago
1
0xmystery - Lack of On-Chain Deadline and Slippage Protection in the buyShares Function of the GSPFunding Contract

#141 sherlock-admin2 closed 10 months ago
0
0xBhumii - Missing lower bound check for K (Swap curve parameter)

#140 sherlock-admin closed 10 months ago
0
inzinko - User Will loose their tokens if they deposit the same amount of Quote token as the Maintainer Fee

#139 sherlock-admin2 closed 10 months ago
1
nuthan2x - Pool balancing swappers aren't attracted due to unupdated target state after sync action

#138 sherlock-admin closed 10 months ago
3
AuditorPraise - if baseInputRatio == quoteInputRatio, there will be no `mintRatio` in GSPFunding.buyShares(), this will affect the shares minted for users.

#137 sherlock-admin2 closed 10 months ago
1
bareli - centralization Risk:

#136 sherlock-admin closed 10 months ago
1
bareli - totalshares can be 0 and function can be reverted.

#135 sherlock-admin2 closed 10 months ago
1
NOT USED

#134 sherlock-admin closed 10 months ago
0
dian.ivanov - Potential Front-Running Vulnerability in GSP Contract's Initialization Process

#133 sherlock-admin2 closed 10 months ago
0
hash - Initial depositor can alter the reserve-target ratio to trade subsequent depositors tokens at lower prices

#132 sherlock-admin closed 10 months ago
0
hash - possible overflow in _GeneralIntegrate

#131 sherlock-admin2 closed 10 months ago
1
bareli - wrong implementation of mint function

#130 sherlock-admin closed 10 months ago
0
shealtielanz - All contracts using `DecimalMath.sol` for calculations will be broken for stableTokens like `USDC` that have only `6` Decimals.

#129 sherlock-admin2 closed 10 months ago
1
hash - lower decimal token as quote asset allows initial depositor to set QUOTE_TARGET to 0 always

#128 sherlock-admin closed 10 months ago
0
inzinko - Malicious user can steal the tokens of other users to mint and buy GSP shares

#127 sherlock-admin2 closed 10 months ago
0
hash - cached domainSeperator allows for replay in case of chain forks

#126 sherlock-admin closed 10 months ago
0
AuditorPraise - `mintRatio` in GSPFunding.buyShares() uses lesser input ratio to calculate shares, this could cause discrepancies between funds deposited by users and shares minted for users

#125 sherlock-admin2 closed 10 months ago
0