issues
search
sherlock-audit
/
2024-01-napier-judging
9
stars
6
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Hajime - Zero Slippage Required
#32
sherlock-admin2
closed
7 months ago
1
cheatcode - Missing Validation of Issued Tokens Against Collected Fees leads to protocol insolvency
#31
sherlock-admin
closed
7 months ago
1
cheatcode - Rounding Errors During Fee Deduction leads to less fees being collected
#30
sherlock-admin2
closed
7 months ago
1
thisvishalsingh - Use `ERC721::_safeMint()` regularly instead of `_mint()` can be dangerous
#29
sherlock-admin
closed
7 months ago
1
KingNFT - All yield could be drained if users set any ````> 0```` allowance to others
#28
sherlock-admin2
opened
7 months ago
3
crypticdefense - Sandwich attacks possible due to lack of slippage protection in napier pool swaps for underlying
#27
sherlock-admin
closed
7 months ago
1
thisvishalsingh - thisvishalsingh - Centralisation risk: admin role of `BaseLSTAdapter::setRebalancer` can rug pull all Eth from the adapter.
#26
sherlock-admin2
closed
7 months ago
1
aman - `RETHAdapter:prefundedRedeem` allows user to withdraw donated ETH
#25
sherlock-admin
closed
7 months ago
1
aman - `SFrxETHAdapter:requestWithdrawal` and `SFrxETHAdapter:requestWithdrawalAll` return wrong requestId, would result in DOS
#24
sherlock-admin2
closed
7 months ago
2
thisvishalsingh - thisvishalsingh - `Tranche::issue` Unbound `underlyingAmount` can cause Denial of Service attack
#23
sherlock-admin
closed
7 months ago
1
ZanyBonzy - Anyone can steal excess ETH from users
#22
sherlock-admin2
closed
7 months ago
1
ZanyBonzy - Restricted admin privileges
#21
sherlock-admin
closed
7 months ago
1
thisvishalsingh - thisvishalsingh - Arbitrary from passed to YieldToken::transferFrom lead to loss of funds.
#20
sherlock-admin2
closed
7 months ago
1
0xepley - Mistakenly sent ETH will be Stuck
#19
sherlock-admin
closed
7 months ago
1
Hajime - incorrect address transfer to the `adapter.prefundedRedeem` function from the collect function
#18
sherlock-admin2
closed
7 months ago
0
IvanFitro - Tranche.sol :: recoverERC20() If the target token is a Multiple Token Addresses all the fees can be stolen in form of target tokens.
#17
sherlock-admin
closed
7 months ago
1
KingNFT - The last user can't quit ````Tranche```` and loss fund permanently
#16
sherlock-admin2
closed
6 months ago
19
xMxAxMx - decreasing scale lead to loss of PT token value and creates an arbitrage opportunity
#15
sherlock-admin
closed
7 months ago
17
xMxAxMx - Attacker can drain metapool by manipualting Pt price
#14
sherlock-admin2
closed
7 months ago
0
xAlismx - ERC4626 like inflation attack on BaseLSTAdapter
#13
sherlock-admin
closed
7 months ago
1
cawfree - Concrete implementations of `BaseLPTAdapter` are susceptible to vault inflation attacks.
#12
sherlock-admin2
closed
7 months ago
1
cawfree - The `rebalancer` role can `requestWithdrawalAll()` before token maturity.
#11
sherlock-admin
closed
7 months ago
2
Atharv - deploy() does not revert if contract deployment failed
#10
sherlock-admin2
closed
7 months ago
0
Atharv - Improper Validation of Create2 Return Value
#9
sherlock-admin
closed
7 months ago
0
KingNFT - Users would almost get no reward while investing ````CETH```` Tranche
#8
sherlock-admin2
closed
7 months ago
1
Hama - Denial of Service through Uncontrolled RefundETH Function
#7
sherlock-admin
closed
7 months ago
1
AuditorPraise - According to EIP-5095 Tranche.sol should have a view maturity function method but it doesn't
#6
sherlock-admin2
closed
7 months ago
7
cawfree - An attacker can steal `unclaimedYield` from any account in the `Tranche`.
#5
sherlock-admin
closed
7 months ago
3
AuditorPraise - `stakeAmount` being 0 in BaseLSTAdapter.prefundedDeposits will cause reverts
#4
sherlock-admin2
closed
7 months ago
2
0xVolodya - Users are not receiving full yield when collect on sunny days.
#3
sherlock-admin
closed
7 months ago
1
0xVolodya - tranche is not eip-5095 complaint
#2
sherlock-admin2
closed
7 months ago
3
0xVolodya - users will receive not appropriate target tokens for their input - underlyingAmount
#1
sherlock-admin
closed
7 months ago
1
Previous