issues
search
sherlock-audit
/
2023-12-flatmoney-judging
9
stars
7
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Avci - OracleModule will return the wrong price if the Chainlink aggregator returns price outside min/max range
#290
sherlock-admin2
closed
4 months ago
1
Afriauditor - make if (quotedAmount < minAmountOut) in delayedorder:announceStableDeposit (quotedAmount <= minAmountOut)
#289
sherlock-admin
closed
4 months ago
2
Avci - OracleModule contract lack of chainlink heartbeat
#288
sherlock-admin2
closed
4 months ago
2
juan - Announced orders of a position are not deleted when liquidation happens
#287
sherlock-admin
closed
4 months ago
20
deepplus - `_profitLoss` function of the `PerpMath` calculate the `PnL` incorrectly.
#286
sherlock-admin2
closed
4 months ago
2
cheatcode - Not checking Negative Values
#285
sherlock-admin
closed
4 months ago
2
Avci - in `oracleModule.sol` contract if price.expo is less than 0, wrong prices will be recorded
#284
sherlock-admin2
closed
4 months ago
2
JP_Courses - Arithmetic underflow/overflow when deposit amount is +- 1.157e77
#283
sherlock-admin
closed
4 months ago
3
iberry - `latestRoundData()` has no check for round completeness
#282
sherlock-admin2
closed
4 months ago
1
cheatcode - Reentrancy Vulnerability in FlatcoinVault Contract
#281
sherlock-admin
closed
4 months ago
2
Afriauditor - In the FlatcoinVault.setExecutabilityAge add an extra check
#280
sherlock-admin2
closed
4 months ago
2
AuditorPraise - wrong assumption in OracleModule._getOnchainPrice() causes overvalueing of rETH/ETH price
#279
sherlock-admin
closed
4 months ago
2
0xLogos - Wrong price used to update updateGlobalPositionData in liquidate
#278
sherlock-admin2
closed
4 months ago
2
cheatcode - Time Manipulation Vulnerability in FlatcoinVault Contract
#277
sherlock-admin
closed
4 months ago
2
Avci - Users can call executeOrder() function without paying the Pyth network fee
#276
sherlock-admin2
closed
4 months ago
2
cheatcode - Division Before Multiplication in Fixed-Point Arithmetic
#275
sherlock-admin
closed
4 months ago
2
Avci - Unsafe type casting of `_Price` can malfunction the whole market
#274
sherlock-admin2
closed
4 months ago
2
ge6a - OracleModule is not compatible with the existing Chainlink/Pyth feeds
#273
sherlock-admin
closed
4 months ago
1
cheatcode - Front-Running Attacks in settleFundingFees and updateGlobalPositionData functions
#272
sherlock-admin2
closed
4 months ago
2
deepplus - `checkSkewMax` function of the `FlatcoinValut` contract calculate the `longSkewFraction` incorrectly.
#271
sherlock-admin
closed
4 months ago
2
Afriauditor - Block.timestamp check in Delayorder:_prepareExecutionOrder is wrong
#270
sherlock-admin2
closed
4 months ago
4
SBSecurity - All position transfers will fail because of a flawed formula in the PointsModule
#269
sherlock-admin
closed
4 months ago
1
abiih - Reentrancy attack can be done in mint function due to not following CEI pattern
#268
sherlock-admin2
closed
4 months ago
2
0xLogos - Close position trader fee can be bypassing
#267
sherlock-admin
closed
4 months ago
2
SBSecurity - UNIT LP holders can sandwich leverage traders closing their positions and avoid price impact.
#266
sherlock-admin2
closed
4 months ago
2
cheatcode - Deadlock could potentially occur in announceLeverageClose and announceLeverageAdjust Functions
#265
sherlock-admin
closed
4 months ago
2
SBSecurity - When skewFractionMax is lowered, liquidity providers will not be able to withdraw.
#264
sherlock-admin2
closed
4 months ago
2
stacey - The initialization contract `FlatcoinVault` fails if `_owner` is not the `msg.sender`
#263
sherlock-admin
closed
4 months ago
2
SBSecurity - No rETH/USD oracle in Base chain
#262
sherlock-admin2
closed
4 months ago
1
ge6a - skewFractionMax can be significantly exceeded, putting LPs at risk
#261
sherlock-admin
closed
4 months ago
2
cheatcode - Potential for Loss of Funds in `announceLeverageOpen`
#260
sherlock-admin2
closed
4 months ago
2
LTDingZhen - Calculations in Keeperfee are too crude, making users pay more KeeperFee.
#259
sherlock-admin
closed
4 months ago
3
cheatcode - Front-Running Occurs in executeOrder function
#258
sherlock-admin2
closed
4 months ago
2
Bony - Wrong calculation in `PerpMath._profitLoss`
#257
sherlock-admin
closed
4 months ago
1
deepplus - In `settleFundingFees` function of `FlatcoinVault` contract, `_globalPositions.marginDepositedTotal` is updated incorrectly.
#256
sherlock-admin2
closed
4 months ago
1
rekxor - PointsModule.sol :: _mintTo() function doesn't follow CEI pattern.
#255
sherlock-admin
closed
4 months ago
2
kgothatso - an attacker can liquidate any position
#254
sherlock-admin2
closed
4 months ago
2
cheatcode - Lack of input validation announceStableDeposit function
#253
sherlock-admin
closed
4 months ago
2
vesla0xfa - Malicious actors can accumulate a huge amount of internal points (FMP) and inflate their value
#252
sherlock-admin2
closed
4 months ago
1
0xLogos - OracleModule verifies even invalid Pyth network price against Chainlink price
#251
sherlock-admin
closed
4 months ago
2
takarez - NFT Can Be transferred During An Order Announcement
#250
sherlock-admin2
closed
4 months ago
1
ge6a - DOS for long periods of time due to revert in getPrice()
#249
sherlock-admin
closed
4 months ago
2
kgothatso - attacker can cancel any order limit and cause a denial of service for users
#248
sherlock-admin2
closed
4 months ago
2
Bony - In correct calculation logic of `FlatcoinVault.checkSkewMax` function
#247
sherlock-admin
closed
4 months ago
2
LTDingZhen - Keepers can be forced to waste gas with a modified `onERC721Received()`
#246
sherlock-admin2
closed
4 months ago
7
ni8mare - `getKeeperFee` uses 2 oracles with the same _STALENESS_PERIOD, when their heartbeats could be different.
#245
sherlock-admin
closed
4 months ago
15
kgothatso - user can call `announceLimitOrder` with same tokens
#244
sherlock-admin2
closed
4 months ago
2
toufik-airane - Possible Redirect of Refunds Due to Configurable Sender Parameter in updatePythPrice Function
#243
sherlock-admin
closed
4 months ago
2
alexzoid - Mint Points Reverts When Locked Amount Less Than Mint Amount
#242
sherlock-admin2
closed
4 months ago
2
ni8mare - There is no oracle for reth/usd on base and the protocol does not account for it.
#241
sherlock-admin
closed
4 months ago
1
Next