sherlock-audit 2023-12-flatmoney-judging issues

sherlock-audit / 2023-12-flatmoney-judging

9 stars 8 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

xiaoming90 - Vault Inflation Attack

#190 sherlock-admin2 opened 5 months ago
13
xiaoming90 - Discrepancies in the data used during the invariant checks leading to liquidation issue

#189 sherlock-admin closed 5 months ago
2
xiaoming90 - Incorrect price used when updating the global position data

#188 sherlock-admin2 opened 5 months ago
3
xiaoming90 - Large amounts of points can be minted virtually without any cost

#187 sherlock-admin opened 5 months ago
25
xiaoming90 - Asymmetry in profit and loss (PnL) calculations

#186 sherlock-admin2 opened 5 months ago
2
xiaoming90 - Incorrect sign being used when checking skew

#185 sherlock-admin closed 5 months ago
2
xiaoming90 - Last long position that is underwater will be stuck

#184 sherlock-admin2 closed 5 months ago
2
xiaoming90 - Position can be immediately liquidated after opening

#183 sherlock-admin closed 5 months ago
1
xiaoming90 - Inconsistent in the margin transferred to LP during liquidation when settledMargin < 0

#182 sherlock-admin2 closed 4 months ago
10
xiaoming90 - `marginDepositedTotal` can be significantly inflated

#181 sherlock-admin closed 5 months ago
2
xiaoming90 - Incorrect handling of PnL during liquidation

#180 sherlock-admin2 opened 5 months ago
5
xiaoming90 - Deposit does not round in favor of the vault

#179 sherlock-admin closed 5 months ago
4
xiaoming90 - Revert when adjusting the position

#178 sherlock-admin2 closed 4 months ago
17
xiaoming90 - Oracle will not failover as expected during liquidation

#177 sherlock-admin opened 5 months ago
3
xiaoming90 - Malicious users can position themselves ahead of liquidation to profit from the price increase

#176 sherlock-admin2 closed 5 months ago
4
ubl4nk - liquidation process should not be paused while the protocol is paused

#175 sherlock-admin closed 5 months ago
1
Bjorn_Bug - msg.sender Can Only Announce One Order At a Time

#174 sherlock-admin2 closed 5 months ago
2
takarez - MIN_LIQUIDITY can lower than intended

#173 sherlock-admin closed 5 months ago
2
LTDingZhen - Keepers can avoid `updatePythPrice` by pass in an empty `priceUpdateData[]`

#172 sherlock-admin2 closed 5 months ago
1
LTDingZhen - `Keeperfee` will be miscalculated after Ecotone upgrade and cannot be upgraded

#171 sherlock-admin closed 5 months ago
2
nobody2018 - In executeOrder, OracleModule.getPrice(maxAge) may revert because maxAge is too small

#170 sherlock-admin2 closed 5 months ago
17
vvv - DoS attack by overflowing marginDepositedTotal value in Vault

#169 sherlock-admin closed 5 months ago
1
ydlee - User's FMPs may get locked forever when `unlockTaxVest` gets decreased.

#168 sherlock-admin2 closed 5 months ago
3
LTDingZhen - `executeLimitOrder` is not protected by `whenNotPaused`

#167 sherlock-admin closed 5 months ago
2
KingNFT - ````_globalPositions.marginDepositedTotal```` might be set to a extreme big number

#166 sherlock-admin2 closed 5 months ago
1
ydlee - The end time of the order's executability age is calculated incorrectly.

#165 sherlock-admin closed 5 months ago
2
nobody2018 - Missing Sequencer Uptime Feed check can cause unfair liquidations

#164 sherlock-admin2 closed 5 months ago
7
nobody2018 - If the oracle from Pyth is down, OracleModule._getPrice will always revert

#163 sherlock-admin closed 5 months ago
2
KingNFT - Users can not increase or decrease margin while ````screw >= 120````

#162 sherlock-admin2 closed 5 months ago
2
KingNFT - The algorithm used for accounting PnL is incorrect

#161 sherlock-admin closed 5 months ago
1
dimulski - There is no Chainlink rETH/USD data feed on Base Mainnet

#160 sherlock-admin2 closed 5 months ago
1
Bjorn_Bug - No check if Base L2 sequencer is down in Chainlink feeds

#159 sherlock-admin closed 5 months ago
2
Rhaydden - Insufficient checks for Unlocked tokens and Denial of Service Attack

#158 sherlock-admin2 closed 5 months ago
2
Bjorn_Bug - Incorrect Validation Of latestRoundData Function Can Lead to Stale Price Issue.

#157 sherlock-admin closed 5 months ago
1
evmboi32 - Offchain oracle price failure is handled incorrectly

#156 sherlock-admin2 closed 5 months ago
2
evmboi32 - Incorrect KeeperFee

#155 sherlock-admin closed 5 months ago
9
evmboi32 - _globalPositions.marginDepositedTotal can underflow

#154 sherlock-admin2 closed 5 months ago
1
evmboi32 - Incorrect accounting of marginDepositedTotal

#153 sherlock-admin closed 5 months ago
1
Bjorn_Bug - OracleModule#updatePythPrice() is inefficient and can lead to Unnecessary losses of funds for keepers

#152 sherlock-admin2 closed 5 months ago
2
evmboi32 - Users could gain a lot of points by wash trading.

#151 sherlock-admin closed 5 months ago
1
evmboi32 - Leverage NFT position token can be unlocked while having a pending leverageAdjust or leverageClose order.

#150 sherlock-admin2 closed 5 months ago
1
Dliteofficial - A leverage Trader can use additionalSize to exploit the Flat Money Points for more Flat Money Point Tokens in LeverageModule::executeOpen() or LeverageModule::executeAdjust()

#149 sherlock-admin closed 5 months ago
1
Dliteofficial - Missing check in `FlatcoinVault::setExecutabilityAge()` makes the time between executableAtTime and the maxExecutabilityAge short, resulting in more expired orders

#148 sherlock-admin2 closed 5 months ago
2
Dliteofficial - `_maxAge()` might cause transactions to revert due to staleness check in `OracleModule`

#147 sherlock-admin closed 5 months ago
7
Dliteofficial - Underflow in `FlatcoinVault::settleFundingFees()` if the absolute value of funding fees is higher than marginDepositedTotal.

#146 sherlock-admin2 closed 5 months ago
1
LTDingZhen - `OracleModule` is broken because there is no `RETH/USD` Chainlink oracle on Base chain

#145 sherlock-admin closed 5 months ago
1
LTDingZhen - User can reenter `executeOpen` to avoid trade fee on a limit order

#144 sherlock-admin2 closed 5 months ago
1
nobody2018 - In LeverageModule.executeOpen/executeAdjust, vault.checkSkewMax should be called after updating the global position data

#143 sherlock-admin opened 5 months ago
4
nobody2018 - StableModule.stableCollateralPerShare may return 0 in edge case

#142 sherlock-admin2 closed 5 months ago
9
nobody2018 - Malicious users can obtain large amounts of FMP at a small cost

#141 sherlock-admin closed 5 months ago
1

Previous Next