issues
search
sherlock-audit
/
2023-12-flatmoney-judging
11
stars
9
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
HSP - Protocol won't be able to get rETH/USD price from OracleModule
#90
sherlock-admin2
closed
7 months ago
30
HSP - User can unlock announce-locked NFT token by cancelling limit order
#89
sherlock-admin
closed
8 months ago
1
HSP - Leverage trader can front-run liquidation to close position by placing limit order in advance
#88
sherlock-admin2
closed
8 months ago
29
trauki - Medium - price difference is calculated using the on-chain price only
#87
sherlock-admin
closed
8 months ago
2
Bauer - If the NFT owner changes and there are still positions that have not been executed, it will result in financial losses for the user
#86
sherlock-admin2
closed
8 months ago
1
alexbabits - User can burn their NFT causing incorrect global position data
#85
sherlock-admin
closed
8 months ago
2
the-first-elder - Users can continually update their orders to get a free look into prices in future blocks
#84
sherlock-admin2
closed
8 months ago
2
cheatcode - Improper Validation in DelayedOrder's announceStableDeposit can Corrupt State via Calldata Padding
#83
sherlock-admin
closed
8 months ago
2
chaduke - PerpMath._profitLoss() caluclates the profit/loss wrongly.
#82
sherlock-admin2
closed
8 months ago
7
chaduke - LimitOrder._closePosition() Revert for the case of within-range, leading to failure in normal casess.
#81
sherlock-admin
closed
8 months ago
2
the-first-elder - Leverage opened Order cannot be closed if protocol is paused
#80
sherlock-admin2
closed
8 months ago
2
chaduke - settleFundingFees() might underflow and lead to incorrect huge value for marginDepositedTotal.
#79
sherlock-admin
closed
8 months ago
1
juan - Incorrect underflow-prevention logic when updating `marginDepositedTotal` which can lead to underflow and brick the system
#78
sherlock-admin2
closed
8 months ago
1
juan - A user can bypass the locking of tokens in announced orders, by unlocking it in the LimitOrder contract
#77
sherlock-admin
closed
8 months ago
1
juan - During liquidation, global position data is updated with the wrong price
#76
sherlock-admin2
closed
8 months ago
2
juan - A malicious user can bypass limit order trading fees via cross-function re-entrancy
#75
sherlock-admin
opened
8 months ago
17
the-first-elder - collateralPerShare can maniuplated to become very expensive even lead to a dos attack.
#74
sherlock-admin2
closed
8 months ago
2
dany.armstrong90 - FlatcoinVault.sol#checkSkewMax function is called with error.
#73
sherlock-admin
closed
8 months ago
2
GoSlang - Funding fees accumulate when contracts are paused can lead to protocol insolvency
#72
sherlock-admin2
closed
8 months ago
2
the-first-elder - Risk of token loss due to unchecked minAmoutOut vulnerability
#71
sherlock-admin
closed
8 months ago
2
novaman33 - ERC721 locking mechanism does not work
#70
sherlock-admin2
closed
8 months ago
1
the-first-elder - liquidation function cannot be closed if protocol is paused
#69
sherlock-admin
closed
8 months ago
1
Rhaydden - Potential misuse of `assert` statement
#68
sherlock-admin2
closed
8 months ago
2
web3_r - _getMaxAge() can underflow or overflow
#67
sherlock-admin
closed
8 months ago
2
ravikiran.web3 - OracleModule::updatePythPrice() as external function, offchain oracle price can be manipulated by delayed Order owners to derive benefit
#66
sherlock-admin2
closed
8 months ago
1
Bauer - Users can pay a small fee with a token to mint a large amount of points
#65
sherlock-admin
closed
8 months ago
1
Bauer - Malicious users can honeypot other users by adjusting their position right before the sale
#64
sherlock-admin2
closed
8 months ago
2
Bauer - Slippage protection is missing when executing limit orders
#63
sherlock-admin
closed
8 months ago
2
GoSlang - Profits are calculated incorrectly when a user is in profit.
#62
sherlock-admin2
closed
8 months ago
1
GoSlang - Malicious users gas grief keepers with limit orders
#61
sherlock-admin
closed
8 months ago
2
GoSlang - _setMintUnlockTime is unfair for users using the protocol
#60
sherlock-admin2
closed
8 months ago
1
GoSlang - Pricefeed update can be bypassed
#59
sherlock-admin
closed
8 months ago
2
GoSlang - User not allowed to close orders their own order due to keeper fee
#58
sherlock-admin2
closed
8 months ago
2
Psyduck - Discrepancy between keeper and oracle module staleness periods can result in unexpected reverts and unfair liquidations
#57
sherlock-admin
closed
8 months ago
2
Psyduck - Protocol uses the wrong parameters for the onchain and offchain oracles
#56
sherlock-admin2
closed
8 months ago
2
GoSlang - Points system is flawed
#55
sherlock-admin
closed
8 months ago
1
r0ck3tz - The limit orders trade fee can be bypassed through reentrancy
#54
sherlock-admin2
closed
8 months ago
1
ravikiran.web3 - StableModule::executeDeposit() can face Denial of Services preventing deposits temporarily and at unpredictable instances of time
#53
sherlock-admin
closed
8 months ago
1
gqrp - Fallback to onchain oracle wrongly implemented
#52
sherlock-admin2
closed
8 months ago
2
Stryder - [M-1] `OracleModule::_getPrice()` will revert if either one of the oracles fails, causing DOS
#51
sherlock-admin
closed
8 months ago
2
0xNoodle - Overflow Vulnerability in FlatcoinVault.sol#L367/371 addAuthorizedModules() method. Affecting isAuthorizedModule
#50
sherlock-admin2
closed
8 months ago
2
r0ck3tz - The execution of limit order can be front-runned
#49
sherlock-admin
closed
8 months ago
3
r0ck3tz - The transfer lock for leveraged position orders can be bypassed
#48
sherlock-admin2
opened
8 months ago
27
itsabinashb - FlatcoinVault::wrong accounting of net PnL
#47
sherlock-admin
closed
8 months ago
1
almurhasan - user/MEV can frontrun and backrun the oracle update of an rETH price and steal funds from the protocol(Possible arbitrage from oracle price discrepancy )
#46
sherlock-admin2
closed
8 months ago
2
joicygiore - `StableModule::executeDeposit()`incorrectly uses`totalSupply()`for validation
#45
sherlock-admin
closed
8 months ago
2
joicygiore - Infinite Minting `PointsModule::FMP`
#44
sherlock-admin2
closed
8 months ago
1
CL001 - User can abuse of settleFundingFees method to prevent being liquidated
#43
sherlock-admin
closed
8 months ago
1
Psyduck - No check on L2 sequencer can result in unfair liquidations
#42
sherlock-admin2
closed
8 months ago
1
CL001 - Unexpected revert during announce and execute delayed orders
#41
sherlock-admin
closed
8 months ago
1
Previous
Next