issues
search
sherlock-audit
/
2023-12-flatmoney-judging
11
stars
9
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
nobody2018 - LeverageModule.executeOpen doesn't apply Check-Effect-Interaction pattern
#140
sherlock-admin2
closed
8 months ago
1
nobody2018 - LimitOrder.cancelLimitOrder can be used to unlock position with LeverageClose order
#139
sherlock-admin
closed
8 months ago
1
nobody2018 - The owner of any position can close the position with the minimum tradeFee regardless of the additionalSize of the position
#138
sherlock-admin2
closed
8 months ago
2
0xMAKEOUTHILL - User can create NON-liquidable and unclosable leverage positions leading to protocol insolvency
#137
sherlock-admin
closed
8 months ago
1
nobody2018 - The updatePythPrice modifier should add an empty array check
#136
sherlock-admin2
closed
8 months ago
1
nobody2018 - LiquidationModule.liquidate updates global position data with stale price
#135
sherlock-admin
closed
8 months ago
2
0xepley - Chainlink Oracle will return the wrong price for asset if underlying aggregator hits minAnswer
#134
sherlock-admin2
closed
8 months ago
2
0xepley - No Storage Gap for Upgradeable Contract Might Lead to Storage Slot Collision
#133
sherlock-admin
closed
8 months ago
2
santipu_ - Elevated Keeper Fees Result in Forced Liquidations for Traders
#132
sherlock-admin2
closed
8 months ago
2
santipu_ - Users can avoid paying trade fees on limit orders
#131
sherlock-admin
closed
8 months ago
2
santipu_ - Attacker can steal funds due to settling PnL with wrong price on a liquidation
#130
sherlock-admin2
closed
8 months ago
2
santipu_ - Users Can Exceed Maximum Skew Due to Unsettled PnL
#129
sherlock-admin
closed
8 months ago
1
santipu_ - First Depositor of Stable Collateral will cause a System-Wide Denial of Service
#128
sherlock-admin2
closed
8 months ago
1
santipu_ - Permanent lock of all funds when the funding fees are bigger than total margin
#127
sherlock-admin
closed
8 months ago
1
imkapadia - Approved Operator can not call several functions
#126
sherlock-admin2
closed
8 months ago
3
vesla0xfa - Pending deposits will always revert due to exceeded collateral capacity leading to a potential DoS
#125
sherlock-admin
closed
8 months ago
4
dany.armstrong90 - Attacker can sell a position which is pending to close.
#124
sherlock-admin2
closed
8 months ago
1
Psyduck - A user can get liquidated immediately after a pause
#123
sherlock-admin
closed
8 months ago
1
qmdddd - Before executeAdjust, protocol should first transfer the fee to the vault
#122
sherlock-admin2
closed
8 months ago
2
poslednaya - Incorrect calculation of `pnl` lead to wrong `GlobalPositionData`. Division by `0`
#121
sherlock-admin
closed
8 months ago
2
trauki - High - UNIT LPs can have tokens drained by leverage traders
#120
sherlock-admin2
closed
8 months ago
4
novaman33 - Users can mint as many `Flat.money Points` as they want
#119
sherlock-admin
closed
8 months ago
1
LTDingZhen - Trade fee is miscalculated in `LimitOrder`
#118
sherlock-admin2
closed
8 months ago
2
ubl4nk - OracleModule could get a stale price
#117
sherlock-admin
closed
8 months ago
1
DJINN - Liquidate other user's positions without intent or permissions
#116
sherlock-admin2
closed
8 months ago
2
eta - 1. Chainlink aggregators may provide inaccurate prices if they fall below the minAnswer threshold; 2. Potential Data Access Issue in `DelayedOrder: _executeStableWithdraw Function`
#115
sherlock-admin
closed
8 months ago
1
the-first-elder - Keepers can select transactions based on keeper fee
#114
sherlock-admin2
closed
8 months ago
2
the-first-elder - latestRoundData()` has no check for round completeness
#113
sherlock-admin
closed
8 months ago
1
petro1912 - In the worst case, the `settleFundingFees` function may not set `marginDepositedTotal` correctly, causing all functionality to break.
#112
sherlock-admin2
closed
8 months ago
1
0xrobsol - Addressing Potential Manipulation in Withdrawal Execution Timing
#111
sherlock-admin
closed
8 months ago
2
0xrobsol - Critical Validation for Liquidation Fee Bounds Setting
#110
sherlock-admin2
closed
8 months ago
2
0xrobsol - Ensuring Logical Order of Executability Age in Trade Execution Timers
#109
sherlock-admin
closed
8 months ago
2
0xrobsol - Addressing Potential Inequity in Margin Reset Logic Due to Funding Fee Calculations
#108
sherlock-admin2
closed
8 months ago
1
jennifer37 - Need timely update stableCollateralTotal before checkSkewMax()
#107
sherlock-admin
closed
8 months ago
2
jennifer37 - improper priceDiff usage when offchain price is invalid
#106
sherlock-admin2
closed
8 months ago
2
jennifer37 - Missing skew check in announceLeverageAdjust
#105
sherlock-admin
closed
8 months ago
2
jennifer37 - Improper handling in function _setMaxDiffPercent()
#104
sherlock-admin2
closed
8 months ago
2
jennifer37 - repeat deposit/withdraw to earn lot of FMP
#103
sherlock-admin
closed
8 months ago
1
jennifer37 - Traders may lose funds because of pause.
#102
sherlock-admin2
closed
8 months ago
1
jennifer37 - Wrong order expired timestamp calculation
#101
sherlock-admin
closed
8 months ago
1
jennifer37 - improper profitLoss in PerpMath::_profitLoss()
#100
sherlock-admin2
closed
8 months ago
1
cheatcode - Fixed Funding Rate Parameters Vulnerability in FlatcoinVault
#99
sherlock-admin
closed
8 months ago
2
jennifer37 - Leverage position can be unlocked in one limit order.
#98
sherlock-admin2
closed
8 months ago
1
cheatcode - Manipulated Prices Distort Critical Funding Rate Adjustments
#97
sherlock-admin
closed
8 months ago
2
cheatcode - Unverified External Prices in Critical Global State Update Function Leads to Cascading Issues
#96
sherlock-admin2
closed
8 months ago
2
jennifer37 - Trader can pay less trader fee by limit order
#95
sherlock-admin
closed
8 months ago
2
0x_Sanzcy - Non refundable Fees sent to pay the Pyth off-chain oracle will be locked in the contract
#94
sherlock-admin2
closed
8 months ago
2
HSP - Owner may make leverage total skew fraction larger than skewFractionMax unintentionally
#93
sherlock-admin
closed
8 months ago
8
HSP - Fees are ignored when checks skew max in Stable Withdrawal / Leverage Open / Leverage Adjust
#92
sherlock-admin2
opened
8 months ago
15
AuditorPraise - `totalFee`(keeperFee + tradeFee) is not deducted from a user's `marginAdjustment` when the margin is being reduced but instead it is added
#91
sherlock-admin
closed
8 months ago
2
Previous
Next