sherlock-audit 2023-12-flatmoney-judging issues

sherlock-audit / 2023-12-flatmoney-judging

9 stars 7 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Avci - OracleModule will return the wrong price if the Chainlink aggregator returns price outside min/max range

#290 sherlock-admin2 closed 4 months ago
1
Afriauditor - make if (quotedAmount < minAmountOut) in delayedorder:announceStableDeposit (quotedAmount <= minAmountOut)

#289 sherlock-admin closed 4 months ago
2
Avci - OracleModule contract lack of chainlink heartbeat

#288 sherlock-admin2 closed 4 months ago
2
juan - Announced orders of a position are not deleted when liquidation happens

#287 sherlock-admin closed 4 months ago
20
deepplus - `_profitLoss` function of the `PerpMath` calculate the `PnL` incorrectly.

#286 sherlock-admin2 closed 4 months ago
2
cheatcode - Not checking Negative Values

#285 sherlock-admin closed 4 months ago
2
Avci - in `oracleModule.sol` contract if price.expo is less than 0, wrong prices will be recorded

#284 sherlock-admin2 closed 4 months ago
2
JP_Courses - Arithmetic underflow/overflow when deposit amount is +- 1.157e77

#283 sherlock-admin closed 4 months ago
3
iberry - `latestRoundData()` has no check for round completeness

#282 sherlock-admin2 closed 4 months ago
1
cheatcode - Reentrancy Vulnerability in FlatcoinVault Contract

#281 sherlock-admin closed 4 months ago
2
Afriauditor - In the FlatcoinVault.setExecutabilityAge add an extra check

#280 sherlock-admin2 closed 4 months ago
2
AuditorPraise - wrong assumption in OracleModule._getOnchainPrice() causes overvalueing of rETH/ETH price

#279 sherlock-admin closed 4 months ago
2
0xLogos - Wrong price used to update updateGlobalPositionData in liquidate

#278 sherlock-admin2 closed 4 months ago
2
cheatcode - Time Manipulation Vulnerability in FlatcoinVault Contract

#277 sherlock-admin closed 4 months ago
2
Avci - Users can call executeOrder() function without paying the Pyth network fee

#276 sherlock-admin2 closed 4 months ago
2
cheatcode - Division Before Multiplication in Fixed-Point Arithmetic

#275 sherlock-admin closed 4 months ago
2
Avci - Unsafe type casting of `_Price` can malfunction the whole market

#274 sherlock-admin2 closed 4 months ago
2
ge6a - OracleModule is not compatible with the existing Chainlink/Pyth feeds

#273 sherlock-admin closed 4 months ago
1
cheatcode - Front-Running Attacks in settleFundingFees and updateGlobalPositionData functions

#272 sherlock-admin2 closed 4 months ago
2
deepplus - `checkSkewMax` function of the `FlatcoinValut` contract calculate the `longSkewFraction` incorrectly.

#271 sherlock-admin closed 4 months ago
2
Afriauditor - Block.timestamp check in Delayorder:_prepareExecutionOrder is wrong

#270 sherlock-admin2 closed 4 months ago
4
SBSecurity - All position transfers will fail because of a flawed formula in the PointsModule

#269 sherlock-admin closed 4 months ago
1
abiih - Reentrancy attack can be done in mint function due to not following CEI pattern

#268 sherlock-admin2 closed 4 months ago
2
0xLogos - Close position trader fee can be bypassing

#267 sherlock-admin closed 4 months ago
2
SBSecurity - UNIT LP holders can sandwich leverage traders closing their positions and avoid price impact.

#266 sherlock-admin2 closed 4 months ago
2
cheatcode - Deadlock could potentially occur in announceLeverageClose and announceLeverageAdjust Functions

#265 sherlock-admin closed 4 months ago
2
SBSecurity - When skewFractionMax is lowered, liquidity providers will not be able to withdraw.

#264 sherlock-admin2 closed 4 months ago
2
stacey - The initialization contract `FlatcoinVault` fails if `_owner` is not the `msg.sender`

#263 sherlock-admin closed 4 months ago
2
SBSecurity - No rETH/USD oracle in Base chain

#262 sherlock-admin2 closed 4 months ago
1
ge6a - skewFractionMax can be significantly exceeded, putting LPs at risk

#261 sherlock-admin closed 4 months ago
2
cheatcode - Potential for Loss of Funds in `announceLeverageOpen`

#260 sherlock-admin2 closed 4 months ago
2
LTDingZhen - Calculations in Keeperfee are too crude, making users pay more KeeperFee.

#259 sherlock-admin closed 4 months ago
3
cheatcode - Front-Running Occurs in executeOrder function

#258 sherlock-admin2 closed 4 months ago
2
Bony - Wrong calculation in `PerpMath._profitLoss`

#257 sherlock-admin closed 4 months ago
1
deepplus - In `settleFundingFees` function of `FlatcoinVault` contract, `_globalPositions.marginDepositedTotal` is updated incorrectly.

#256 sherlock-admin2 closed 4 months ago
1
rekxor - PointsModule.sol :: _mintTo() function doesn't follow CEI pattern.

#255 sherlock-admin closed 4 months ago
2
kgothatso - an attacker can liquidate any position

#254 sherlock-admin2 closed 4 months ago
2
cheatcode - Lack of input validation announceStableDeposit function

#253 sherlock-admin closed 4 months ago
2
vesla0xfa - Malicious actors can accumulate a huge amount of internal points (FMP) and inflate their value

#252 sherlock-admin2 closed 4 months ago
1
0xLogos - OracleModule verifies even invalid Pyth network price against Chainlink price

#251 sherlock-admin closed 4 months ago
2
takarez - NFT Can Be transferred During An Order Announcement

#250 sherlock-admin2 closed 4 months ago
1
ge6a - DOS for long periods of time due to revert in getPrice()

#249 sherlock-admin closed 4 months ago
2
kgothatso - attacker can cancel any order limit and cause a denial of service for users

#248 sherlock-admin2 closed 4 months ago
2
Bony - In correct calculation logic of `FlatcoinVault.checkSkewMax` function

#247 sherlock-admin closed 4 months ago
2
LTDingZhen - Keepers can be forced to waste gas with a modified `onERC721Received()`

#246 sherlock-admin2 closed 4 months ago
7
ni8mare - `getKeeperFee` uses 2 oracles with the same _STALENESS_PERIOD, when their heartbeats could be different.

#245 sherlock-admin closed 4 months ago
15
kgothatso - user can call `announceLimitOrder` with same tokens

#244 sherlock-admin2 closed 4 months ago
2
toufik-airane - Possible Redirect of Refunds Due to Configurable Sender Parameter in updatePythPrice Function

#243 sherlock-admin closed 4 months ago
2
alexzoid - Mint Points Reverts When Locked Amount Less Than Mint Amount

#242 sherlock-admin2 closed 4 months ago
2
ni8mare - There is no oracle for reth/usd on base and the protocol does not account for it.

#241 sherlock-admin closed 4 months ago
1