issues
search
sherlock-audit
/
2023-12-dodo-gsp-judging
6
stars
5
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
osmanozdemir1 - `GSPFunding::buyShares()` doesn't refund unused tokens according to the `mintRatio`
#74
sherlock-admin
closed
9 months ago
2
cergyk - GPSFunding::buyShares A malicious user can sandwich buyShares and ensure buyer gets zero shares
#73
sherlock-admin2
closed
9 months ago
0
fibonacci - Loss of funds during trades due to lack of slippage checks
#72
sherlock-admin
closed
9 months ago
0
IceBear - initOwner() lack of access control
#71
sherlock-admin2
closed
9 months ago
0
cergyk - GSPVault::adjustPrice A user can sandwich adjust price to extract some funds from the LPs
#70
sherlock-admin
closed
9 months ago
0
fibonacci - Pool with TWAP DoS due to overflows
#69
sherlock-admin2
closed
9 months ago
0
Chinmay - Attacker can manipulate reserves to mint fewer shares in buyShares() function
#68
sherlock-admin
closed
9 months ago
0
Bandit - First Depositor Forced to Deposit at Inaccurate Token Ratio
#67
sherlock-admin2
closed
9 months ago
1
0xepley - Missing Min Amount and Deadline Parameters in Swap Functions
#66
sherlock-admin
closed
9 months ago
0
Chinmay - mtFee can get locked forever if the MAINTAINER address is blacklisted by one of the tokens of a pool
#65
sherlock-admin2
closed
9 months ago
1
Bandit - Target Reserves Can Go Out of Sync
#64
sherlock-admin
closed
9 months ago
0
Bandit - Missing Slippage And Deadline Check on Flashloan
#63
sherlock-admin2
closed
9 months ago
0
Bandit - Excess Tokens Not Refunded For buyShares
#62
sherlock-admin
closed
9 months ago
0
Bandit - BuyShares Slippage Parameters Cannot be Enforced by Return Values
#61
sherlock-admin2
closed
9 months ago
0
Bandit - First Depositor Can Inflate Share Value to Cause Extreme Rounding Loss And Prohibitively Expensive Mints
#60
sherlock-admin
closed
9 months ago
0
Chinmay - Shares in a pool are subject to approval race condition
#59
sherlock-admin2
closed
9 months ago
0
osmanozdemir1 - Signature replay attacks are possible in case of hard fork due to domain separator being defined at deployment
#58
sherlock-admin
closed
9 months ago
0
ArmedGoose - Flashloans do not deduct fees, leaking value from protocol
#57
sherlock-admin2
closed
9 months ago
1
IvanFitro - GSP.sol :: Hardcoded chainId can provocate a possible replay attacks between chains in the event of a future chain split.
#56
sherlock-admin
closed
9 months ago
0
0xpep7 - Share Price Inflation by First LP-er, Enabling DOS Attacks on Subsequent buyShares with Up to 1001x the Attacking Cost
#55
sherlock-admin2
opened
9 months ago
3
0xpep7 - Hard Fork Replay Vulnerability in Contract Initialization due to Hardcoded chainId
#54
sherlock-admin
closed
9 months ago
0
0xpep7 - Interoperability Issue: Incorrect Value of Version Used to Compute the Domain Separator
#53
sherlock-admin2
closed
9 months ago
0
Chinmay - In case of a hardfork on any chain, the permit functionality will be bricked/ signature replay risk
#52
sherlock-admin
closed
9 months ago
0
Bauer - Dos attack to`buyShares()`
#51
sherlock-admin2
closed
9 months ago
1
Bauer - The protocol lacks slippage protection, which result in financial losses for users
#50
sherlock-admin
closed
9 months ago
0
mstpr-brainbot - First depositor can brick the pool
#49
sherlock-admin2
closed
8 months ago
3
mstpr-brainbot - First depositor can lock the quote target value to zero
#48
sherlock-admin
opened
9 months ago
4
mstpr-brainbot - RState can be inconsistent with the mathematical formula because of the LP_FEES
#47
sherlock-admin2
closed
8 months ago
3
NOT USED
#46
sherlock-admin
closed
9 months ago
0
cawfree - `GSP.sol` can be initialized with values of `_MT_FEE_RATE_` in excess of the intended maxima.
#45
sherlock-admin2
closed
9 months ago
0
ZanyBonzy - Possible case of replay attacks
#44
sherlock-admin
closed
9 months ago
0
ZanyBonzy - `transferFrom` uses allowance even if spender == from
#43
sherlock-admin2
closed
9 months ago
0
AuditorPraise - Base token and Quote token in GSPTrader.sol can be stolen via GSPTrader.flashLoan()
#42
sherlock-admin
closed
8 months ago
3
ZanyBonzy - Shares can be minted to 0 address
#41
sherlock-admin2
closed
9 months ago
1
mstpr-brainbot - Adjusting "_I_" will create a sandwich opportunity because of price changes
#40
sherlock-admin
opened
9 months ago
3
mstpr-brainbot - Adjusting "_I_" requires a twap update because it changes the mid price immediately
#39
sherlock-admin2
closed
8 months ago
4
ArmedGoose - `sellBase` and `sellQuote` do not implement any slippage protection
#38
sherlock-admin
closed
9 months ago
1
NOT USED
#37
sherlock-admin2
closed
9 months ago
0
Bauer - Manipulating the ratio of reserves results in financial losses for users
#36
sherlock-admin
closed
9 months ago
0
ubl4nk - DOMAIN_SEPARATOR will remain the same even after a hard-fork
#35
sherlock-admin2
closed
9 months ago
0
pks_ - GSPFunding contract can be sandwiched by MEV to steal funds
#34
sherlock-admin
closed
9 months ago
0
NOT USED
#33
sherlock-admin2
closed
9 months ago
0
Hama - Flash Loan Function Allows Unauthorized Operations
#32
sherlock-admin
closed
9 months ago
0
Hama - Missing Slippage Protection in buyShares and sellShares Functions
#31
sherlock-admin2
closed
9 months ago
0
Hama - Flashloan Manipulation Exploit in buyShares and sellShares Functions
#30
sherlock-admin
closed
9 months ago
1
Hama - Integer Overflow in _BASE_TARGET_ Downcast
#29
sherlock-admin2
closed
9 months ago
1
Hama - First depositor can abuse exchange rate to steal funds from later depositors
#28
sherlock-admin
closed
9 months ago
0
Hama - Access Control Vulnerability in Dodo Decentralized Exchange Smart Contract
#27
sherlock-admin2
closed
9 months ago
1
IvanFitro - GSPFunding.sol :: buyShares() A user may loss funds when sending different amounts of tokens to mint shares.
#26
sherlock-admin
closed
9 months ago
0
p-tsanev - DODOMath.sol/DecimalMath.sol
#25
sherlock-admin2
closed
9 months ago
2
Previous
Next