issues
search
sherlock-audit
/
2023-12-flatmoney-judging
9
stars
8
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
xiaoming90 - Vault Inflation Attack
#190
sherlock-admin2
opened
5 months ago
13
xiaoming90 - Discrepancies in the data used during the invariant checks leading to liquidation issue
#189
sherlock-admin
closed
5 months ago
2
xiaoming90 - Incorrect price used when updating the global position data
#188
sherlock-admin2
opened
5 months ago
3
xiaoming90 - Large amounts of points can be minted virtually without any cost
#187
sherlock-admin
opened
5 months ago
25
xiaoming90 - Asymmetry in profit and loss (PnL) calculations
#186
sherlock-admin2
opened
5 months ago
2
xiaoming90 - Incorrect sign being used when checking skew
#185
sherlock-admin
closed
5 months ago
2
xiaoming90 - Last long position that is underwater will be stuck
#184
sherlock-admin2
closed
5 months ago
2
xiaoming90 - Position can be immediately liquidated after opening
#183
sherlock-admin
closed
5 months ago
1
xiaoming90 - Inconsistent in the margin transferred to LP during liquidation when settledMargin < 0
#182
sherlock-admin2
closed
4 months ago
10
xiaoming90 - `marginDepositedTotal` can be significantly inflated
#181
sherlock-admin
closed
5 months ago
2
xiaoming90 - Incorrect handling of PnL during liquidation
#180
sherlock-admin2
opened
5 months ago
5
xiaoming90 - Deposit does not round in favor of the vault
#179
sherlock-admin
closed
5 months ago
4
xiaoming90 - Revert when adjusting the position
#178
sherlock-admin2
closed
4 months ago
17
xiaoming90 - Oracle will not failover as expected during liquidation
#177
sherlock-admin
opened
5 months ago
3
xiaoming90 - Malicious users can position themselves ahead of liquidation to profit from the price increase
#176
sherlock-admin2
closed
5 months ago
4
ubl4nk - liquidation process should not be paused while the protocol is paused
#175
sherlock-admin
closed
5 months ago
1
Bjorn_Bug - msg.sender Can Only Announce One Order At a Time
#174
sherlock-admin2
closed
5 months ago
2
takarez - MIN_LIQUIDITY can lower than intended
#173
sherlock-admin
closed
5 months ago
2
LTDingZhen - Keepers can avoid `updatePythPrice` by pass in an empty `priceUpdateData[]`
#172
sherlock-admin2
closed
5 months ago
1
LTDingZhen - `Keeperfee` will be miscalculated after Ecotone upgrade and cannot be upgraded
#171
sherlock-admin
closed
5 months ago
2
nobody2018 - In executeOrder, OracleModule.getPrice(maxAge) may revert because maxAge is too small
#170
sherlock-admin2
closed
5 months ago
17
vvv - DoS attack by overflowing marginDepositedTotal value in Vault
#169
sherlock-admin
closed
5 months ago
1
ydlee - User's FMPs may get locked forever when `unlockTaxVest` gets decreased.
#168
sherlock-admin2
closed
5 months ago
3
LTDingZhen - `executeLimitOrder` is not protected by `whenNotPaused`
#167
sherlock-admin
closed
5 months ago
2
KingNFT - ````_globalPositions.marginDepositedTotal```` might be set to a extreme big number
#166
sherlock-admin2
closed
5 months ago
1
ydlee - The end time of the order's executability age is calculated incorrectly.
#165
sherlock-admin
closed
5 months ago
2
nobody2018 - Missing Sequencer Uptime Feed check can cause unfair liquidations
#164
sherlock-admin2
closed
5 months ago
7
nobody2018 - If the oracle from Pyth is down, OracleModule._getPrice will always revert
#163
sherlock-admin
closed
5 months ago
2
KingNFT - Users can not increase or decrease margin while ````screw >= 120````
#162
sherlock-admin2
closed
5 months ago
2
KingNFT - The algorithm used for accounting PnL is incorrect
#161
sherlock-admin
closed
5 months ago
1
dimulski - There is no Chainlink rETH/USD data feed on Base Mainnet
#160
sherlock-admin2
closed
5 months ago
1
Bjorn_Bug - No check if Base L2 sequencer is down in Chainlink feeds
#159
sherlock-admin
closed
5 months ago
2
Rhaydden - Insufficient checks for Unlocked tokens and Denial of Service Attack
#158
sherlock-admin2
closed
5 months ago
2
Bjorn_Bug - Incorrect Validation Of latestRoundData Function Can Lead to Stale Price Issue.
#157
sherlock-admin
closed
5 months ago
1
evmboi32 - Offchain oracle price failure is handled incorrectly
#156
sherlock-admin2
closed
5 months ago
2
evmboi32 - Incorrect KeeperFee
#155
sherlock-admin
closed
5 months ago
9
evmboi32 - _globalPositions.marginDepositedTotal can underflow
#154
sherlock-admin2
closed
5 months ago
1
evmboi32 - Incorrect accounting of marginDepositedTotal
#153
sherlock-admin
closed
5 months ago
1
Bjorn_Bug - OracleModule#updatePythPrice() is inefficient and can lead to Unnecessary losses of funds for keepers
#152
sherlock-admin2
closed
5 months ago
2
evmboi32 - Users could gain a lot of points by wash trading.
#151
sherlock-admin
closed
5 months ago
1
evmboi32 - Leverage NFT position token can be unlocked while having a pending leverageAdjust or leverageClose order.
#150
sherlock-admin2
closed
5 months ago
1
Dliteofficial - A leverage Trader can use additionalSize to exploit the Flat Money Points for more Flat Money Point Tokens in LeverageModule::executeOpen() or LeverageModule::executeAdjust()
#149
sherlock-admin
closed
5 months ago
1
Dliteofficial - Missing check in `FlatcoinVault::setExecutabilityAge()` makes the time between executableAtTime and the maxExecutabilityAge short, resulting in more expired orders
#148
sherlock-admin2
closed
5 months ago
2
Dliteofficial - `_maxAge()` might cause transactions to revert due to staleness check in `OracleModule`
#147
sherlock-admin
closed
5 months ago
7
Dliteofficial - Underflow in `FlatcoinVault::settleFundingFees()` if the absolute value of funding fees is higher than marginDepositedTotal.
#146
sherlock-admin2
closed
5 months ago
1
LTDingZhen - `OracleModule` is broken because there is no `RETH/USD` Chainlink oracle on Base chain
#145
sherlock-admin
closed
5 months ago
1
LTDingZhen - User can reenter `executeOpen` to avoid trade fee on a limit order
#144
sherlock-admin2
closed
5 months ago
1
nobody2018 - In LeverageModule.executeOpen/executeAdjust, vault.checkSkewMax should be called after updating the global position data
#143
sherlock-admin
opened
5 months ago
4
nobody2018 - StableModule.stableCollateralPerShare may return 0 in edge case
#142
sherlock-admin2
closed
5 months ago
9
nobody2018 - Malicious users can obtain large amounts of FMP at a small cost
#141
sherlock-admin
closed
5 months ago
1
Previous
Next