sherlock-audit 2024-01-napier-judging issues

sherlock-audit / 2024-01-napier-judging

9 stars 6 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

bareli - underflow checks

#132 sherlock-admin2 closed 7 months ago
0
LTDingZhen - `scale` should be the conversation rate from target to underlying

#131 sherlock-admin closed 7 months ago
0
PASCAL - `NapierRouter.removeLiquidityOnePt()` will be permanently DOS'd once the pool reaches maturity

#130 sherlock-admin2 closed 7 months ago
1
thisvishalsingh - thisvishalsingh - protocol `NapierPool.sol` rely on pool reserves can be an be manipulated, especially using a flashloan.

#129 sherlock-admin closed 7 months ago
1
LTDingZhen - Users will lost their WETH if Lido stake limit is reached because there is no refund mechanism on prefundedDeposit.

#128 sherlock-admin2 closed 7 months ago
1
bareli - No withdraw delay or cooldown period,

#127 sherlock-admin closed 7 months ago
1
Solidity_ATL_Team_1 - Accrued yields not collected from YT for YT holders in tranche `redeem` and tranche `withdraw`.

#126 sherlock-admin2 closed 7 months ago
1
LTDingZhen - ERC4626 Vault Inflation Attack

#125 sherlock-admin closed 7 months ago
1
vvv - Precission loss in NapierRouter.swapUnderlyingForYt

#124 sherlock-admin2 closed 7 months ago
10
Falconhoof - Missing validation and update function in NapierPool.sol risks losing of all pool fees

#123 sherlock-admin closed 7 months ago
1
givn - Lido StEtherAdapter deposits ETH 1-1 instead of buying it for discount

#122 sherlock-admin2 closed 7 months ago
1
thisvishalsingh - thisvishalsingh - protocol rely on `balance` or `balanceOf` instead of internal accounting several times can lead to Donation Attack

#121 sherlock-admin closed 7 months ago
1
Falconhoof - SFrxETHAdapter redemptionQueue waiting period can DOS adapter functions

#120 sherlock-admin2 opened 7 months ago
22
Arabadzhiev - Malicious Rebalancer can prevent Principal Token and Yield Token holders from redeeming their underlying rewards

#119 sherlock-admin closed 7 months ago
0
thisvishalsingh - thisvishalsingh - `NapierPool.sol:: swapPtForUnderlyin,swapUnderlyingForPt, swapUnderlyingForExactBaseLpToken`, and `swapExactBaseLpTokenForUnderlying` functions are suspectible to sandwich attacks due to lack of deadline protection

#118 sherlock-admin2 closed 7 months ago
2
bareli - Direct stETH Transfers

#117 sherlock-admin closed 7 months ago
0
joshuajee - Lack of proper access control means anyone can withdraw funds sent to the NapierRouter

#116 sherlock-admin2 closed 7 months ago
0
dany.armstrong90 - Yield can be distributed when tranche is paused.

#115 sherlock-admin closed 7 months ago
0
MatricksDeCoder - Protocol may not work well with pausable tokens

#114 sherlock-admin2 closed 7 months ago
1
MatricksDeCoder - Protocol may not work well with pausable tokens

#113 sherlock-admin closed 7 months ago
1
Rhaydden - Need for Slippage Protection

#112 sherlock-admin2 closed 7 months ago
1
Arabadzhiev - The pool verification in `NapierRouter` is prone to collision attacks

#111 sherlock-admin opened 7 months ago
31
vvv - Attacker can approve any transfers from TrancheRouter to arbitrary addresses

#110 sherlock-admin2 closed 7 months ago
0
Rhaydden - Precision handling and division by zero in BaseLSTAdapter.sol

#109 sherlock-admin closed 7 months ago
0
xiaoming90 - FRAX admin can adjust fee rate to harm Napier and its users

#108 sherlock-admin2 opened 7 months ago
1
xiaoming90 - Unauthorised or malicious base pool

#107 sherlock-admin closed 7 months ago
1
xiaoming90 - Router can be DOSed by depositing 1 wei

#106 sherlock-admin2 closed 7 months ago
9
xiaoming90 - Unable to deposit to Tranche/Adaptor under certain conditions

#105 sherlock-admin opened 7 months ago
2
Bandit - When `cScale` < `maxScale` Tranche Can Become Insolvent

#104 sherlock-admin2 closed 7 months ago
9
xiaoming90 - Tranche will be DOSed when FRAX stop accepting additional ETH staking

#103 sherlock-admin closed 7 months ago
1
xiaoming90 - Napier AMM and Router will revert if the Curve Pools are paused (killed)

#102 sherlock-admin2 closed 7 months ago
1
xiaoming90 - `swapUnderlyingForYt` revert due to rounding issues

#101 sherlock-admin opened 7 months ago
3
xiaoming90 - AMM will revert if exchange rate is one

#100 sherlock-admin2 closed 6 months ago
9
xiaoming90 - Permissioned rebalancing functions leading to loss of assets

#99 sherlock-admin opened 7 months ago
16
xiaoming90 - Front-running swap TX and update the fee rate

#98 sherlock-admin2 closed 7 months ago
10
xiaoming90 - Users are unable to collect their yield if tranche is paused

#97 sherlock-admin opened 7 months ago
8
xiaoming90 - `withdraw` function does not comply with ERC5095

#96 sherlock-admin2 opened 7 months ago
14
xiaoming90 - Users unable to withdraw their funds due to FRAX admin action

#95 sherlock-admin opened 7 months ago
1
xiaoming90 - Victim's fund can be stolen due to rounding error and exchange rate manipulation

#94 sherlock-admin2 opened 7 months ago
10
xiaoming90 - The final APR of their PT holdings will be lower than expected due to the Tranche's tilt

#93 sherlock-admin closed 7 months ago
1
xiaoming90 - YT holders cannot receive a portion of the principal allocated by the PT holders due to the manipulation

#92 sherlock-admin2 closed 6 months ago
25
xiaoming90 - `TrancheRouter.issue` function does not sweep unused ETH back to the caller

#91 sherlock-admin closed 7 months ago
1
xiaoming90 - LP Tokens always valued at 3 PTs

#90 sherlock-admin2 opened 7 months ago
3
xiaoming90 - Withdrawal can be blocked

#89 sherlock-admin closed 6 months ago
17
xiaoming90 - Faster redeemer gets more assets

#88 sherlock-admin2 closed 7 months ago
2
xiaoming90 - Tranche Router silently pulls WETH from users

#87 sherlock-admin closed 7 months ago
10
xiaoming90 - Unclaimed yield is indirectly being taxed

#86 sherlock-admin2 closed 7 months ago
14
xiaoming90 - `swapUnderlyingForYt` function did not sweep unused ETH back to users

#85 sherlock-admin closed 7 months ago
1
xiaoming90 - Lack of slippage control for `issue` function

#84 sherlock-admin2 opened 7 months ago
3
xiaoming90 - Anyone can convert someone's unclaimed yield to PT + YT

#83 sherlock-admin opened 7 months ago
3