sherlock-audit 2023-12-flatmoney-judging issues

sherlock-audit / 2023-12-flatmoney-judging

11 stars 9 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

nobody2018 - LeverageModule.executeOpen doesn't apply Check-Effect-Interaction pattern

#140 sherlock-admin2 closed 8 months ago
1
nobody2018 - LimitOrder.cancelLimitOrder can be used to unlock position with LeverageClose order

#139 sherlock-admin closed 8 months ago
1
nobody2018 - The owner of any position can close the position with the minimum tradeFee regardless of the additionalSize of the position

#138 sherlock-admin2 closed 8 months ago
2
0xMAKEOUTHILL - User can create NON-liquidable and unclosable leverage positions leading to protocol insolvency

#137 sherlock-admin closed 8 months ago
1
nobody2018 - The updatePythPrice modifier should add an empty array check

#136 sherlock-admin2 closed 8 months ago
1
nobody2018 - LiquidationModule.liquidate updates global position data with stale price

#135 sherlock-admin closed 8 months ago
2
0xepley - Chainlink Oracle will return the wrong price for asset if underlying aggregator hits minAnswer

#134 sherlock-admin2 closed 8 months ago
2
0xepley - No Storage Gap for Upgradeable Contract Might Lead to Storage Slot Collision

#133 sherlock-admin closed 8 months ago
2
santipu_ - Elevated Keeper Fees Result in Forced Liquidations for Traders

#132 sherlock-admin2 closed 8 months ago
2
santipu_ - Users can avoid paying trade fees on limit orders

#131 sherlock-admin closed 8 months ago
2
santipu_ - Attacker can steal funds due to settling PnL with wrong price on a liquidation

#130 sherlock-admin2 closed 8 months ago
2
santipu_ - Users Can Exceed Maximum Skew Due to Unsettled PnL

#129 sherlock-admin closed 8 months ago
1
santipu_ - First Depositor of Stable Collateral will cause a System-Wide Denial of Service

#128 sherlock-admin2 closed 8 months ago
1
santipu_ - Permanent lock of all funds when the funding fees are bigger than total margin

#127 sherlock-admin closed 8 months ago
1
imkapadia - Approved Operator can not call several functions

#126 sherlock-admin2 closed 8 months ago
3
vesla0xfa - Pending deposits will always revert due to exceeded collateral capacity leading to a potential DoS

#125 sherlock-admin closed 8 months ago
4
dany.armstrong90 - Attacker can sell a position which is pending to close.

#124 sherlock-admin2 closed 8 months ago
1
Psyduck - A user can get liquidated immediately after a pause

#123 sherlock-admin closed 8 months ago
1
qmdddd - Before executeAdjust, protocol should first transfer the fee to the vault

#122 sherlock-admin2 closed 8 months ago
2
poslednaya - Incorrect calculation of `pnl` lead to wrong `GlobalPositionData`. Division by `0`

#121 sherlock-admin closed 8 months ago
2
trauki - High - UNIT LPs can have tokens drained by leverage traders

#120 sherlock-admin2 closed 8 months ago
4
novaman33 - Users can mint as many `Flat.money Points` as they want

#119 sherlock-admin closed 8 months ago
1
LTDingZhen - Trade fee is miscalculated in `LimitOrder`

#118 sherlock-admin2 closed 8 months ago
2
ubl4nk - OracleModule could get a stale price

#117 sherlock-admin closed 8 months ago
1
DJINN - Liquidate other user's positions without intent or permissions

#116 sherlock-admin2 closed 8 months ago
2
eta - 1. Chainlink aggregators may provide inaccurate prices if they fall below the minAnswer threshold; 2. Potential Data Access Issue in `DelayedOrder: _executeStableWithdraw Function`

#115 sherlock-admin closed 8 months ago
1
the-first-elder - Keepers can select transactions based on keeper fee

#114 sherlock-admin2 closed 8 months ago
2
the-first-elder - latestRoundData()` has no check for round completeness

#113 sherlock-admin closed 8 months ago
1
petro1912 - In the worst case, the `settleFundingFees` function may not set `marginDepositedTotal` correctly, causing all functionality to break.

#112 sherlock-admin2 closed 8 months ago
1
0xrobsol - Addressing Potential Manipulation in Withdrawal Execution Timing

#111 sherlock-admin closed 8 months ago
2
0xrobsol - Critical Validation for Liquidation Fee Bounds Setting

#110 sherlock-admin2 closed 8 months ago
2
0xrobsol - Ensuring Logical Order of Executability Age in Trade Execution Timers

#109 sherlock-admin closed 8 months ago
2
0xrobsol - Addressing Potential Inequity in Margin Reset Logic Due to Funding Fee Calculations

#108 sherlock-admin2 closed 8 months ago
1
jennifer37 - Need timely update stableCollateralTotal before checkSkewMax()

#107 sherlock-admin closed 8 months ago
2
jennifer37 - improper priceDiff usage when offchain price is invalid

#106 sherlock-admin2 closed 8 months ago
2
jennifer37 - Missing skew check in announceLeverageAdjust

#105 sherlock-admin closed 8 months ago
2
jennifer37 - Improper handling in function _setMaxDiffPercent()

#104 sherlock-admin2 closed 8 months ago
2
jennifer37 - repeat deposit/withdraw to earn lot of FMP

#103 sherlock-admin closed 8 months ago
1
jennifer37 - Traders may lose funds because of pause.

#102 sherlock-admin2 closed 8 months ago
1
jennifer37 - Wrong order expired timestamp calculation

#101 sherlock-admin closed 8 months ago
1
jennifer37 - improper profitLoss in PerpMath::_profitLoss()

#100 sherlock-admin2 closed 8 months ago
1
cheatcode - Fixed Funding Rate Parameters Vulnerability in FlatcoinVault

#99 sherlock-admin closed 8 months ago
2
jennifer37 - Leverage position can be unlocked in one limit order.

#98 sherlock-admin2 closed 8 months ago
1
cheatcode - Manipulated Prices Distort Critical Funding Rate Adjustments

#97 sherlock-admin closed 8 months ago
2
cheatcode - Unverified External Prices in Critical Global State Update Function Leads to Cascading Issues

#96 sherlock-admin2 closed 8 months ago
2
jennifer37 - Trader can pay less trader fee by limit order

#95 sherlock-admin closed 8 months ago
2
0x_Sanzcy - Non refundable Fees sent to pay the Pyth off-chain oracle will be locked in the contract

#94 sherlock-admin2 closed 8 months ago
2
HSP - Owner may make leverage total skew fraction larger than skewFractionMax unintentionally

#93 sherlock-admin closed 8 months ago
8
HSP - Fees are ignored when checks skew max in Stable Withdrawal / Leverage Open / Leverage Adjust

#92 sherlock-admin2 opened 8 months ago
15
AuditorPraise - `totalFee`(keeperFee + tradeFee) is not deducted from a user's `marginAdjustment` when the margin is being reduced but instead it is added

#91 sherlock-admin closed 8 months ago
2

Previous Next