issues
search
sherlock-audit
/
2024-02-leverage-contracts-judging
1
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
turvec - no slippage protection on _increase and _decreaseLiquidity
#49
sherlock-admin
closed
6 months ago
0
bareli - Low Liquidity in Uniswap V3 Pool Can Lead to ETH Lockup in _v3SwapExactInput Contract
#48
sherlock-admin2
closed
6 months ago
1
turvec - Plaform fee should round up
#47
sherlock-admin
closed
6 months ago
1
turvec - Gas griefing on loan owners for their liquidity
#46
sherlock-admin2
closed
6 months ago
1
0xDetermination - Entrance fee contributes to min fee; if the protocol intends for the min fee to be collected on top of the entrance fee, then the min fee may not be collected
#45
sherlock-admin
closed
6 months ago
1
ydlee - `_getMinLiquidityAmt` does not return the minimum liquidity amount.
#44
sherlock-admin2
closed
6 months ago
1
bareli - Withdrawals from _v3SwapExactInput have no slippage protection so can be frontrun, stealing all user funds
#43
sherlock-admin
closed
6 months ago
0
Afriaudit - Wrong conditional statement in `LightQuoterV3:_simulateSwap`
#42
sherlock-admin2
closed
6 months ago
1
0xDetermination - Fees aren't distributed properly for positions with multiple lenders, causing loss of funds for lenders
#41
sherlock-admin
opened
6 months ago
6
0xDetermination - A borrower eligible for liquidation can pay an improperly large amount of fees, and may be unfairly liquidated
#40
sherlock-admin2
opened
6 months ago
29
0xDetermination - Entrance fees are distributed wrongly in loans with multiple lenders
#39
sherlock-admin
opened
6 months ago
28
0xDetermination - `liquidationBonus` may be forever unclaimable if a lender burns their NFT
#38
sherlock-admin2
closed
6 months ago
10
0xDetermination - Minimum loan fee isn't enforced properly for multiple-loan positions
#37
sherlock-admin
closed
6 months ago
1
0xDetermination - Min fee enforcement can cause borrowers to pay too many fees
#36
sherlock-admin2
closed
6 months ago
0
0xDetermination - Protocol will be bricked on zkSync due to `computePoolAddress()` calculation
#35
sherlock-admin
closed
6 months ago
2
kgothatso - ` LiquidityManager ::_decreaseLiquidity `this function can fail because of the deadline in the past
#34
sherlock-admin2
closed
6 months ago
0
bareli - A lack of slippage protection can lead to significant loss of user fund
#33
sherlock-admin
closed
6 months ago
0
kgothatso - Approve batch transaction fails revert
#32
sherlock-admin2
closed
6 months ago
1
kgothatso - check usdt approve to zero
#31
sherlock-admin
closed
6 months ago
1
kgothatso - Incorrect parameters passed to UniV3 may cause funds stuck in the contract
#30
sherlock-admin2
closed
6 months ago
0
kgothatso - UniswapV3 doesn't provide slippage protection and will result in partial swaps
#29
sherlock-admin
closed
6 months ago
0
kgothatso - Low Liquidity in Uniswap V3 Pool Can Lead to ETH Lockup in the contract
#28
sherlock-admin2
closed
6 months ago
0
bareli - use of 'SLOT0' to get sqrtPriceX96 can lead to price manipulation.
#27
sherlock-admin
closed
6 months ago
0
IceBear - Use of slot0 to get sqrtPriceLimitX96 can lead to price manipulation.
#26
sherlock-admin2
closed
6 months ago
1
the-first-elder - Attacker can borrow a larger number of tokens and paying lesser fee when repaying debt
#25
sherlock-admin
closed
6 months ago
12
the-first-elder - Creditors will Loose harvest if a user repays their loan before they can claim harvest
#24
sherlock-admin2
closed
6 months ago
1
the-first-elder - Loans cannot be liquidated by other users by calling repay function
#23
sherlock-admin
closed
6 months ago
1
FastTiger - There is no function to refund the borrower for the remaining position holding cost in the repay function.
#22
sherlock-admin2
closed
6 months ago
1
FastTiger - It can be front-running when the position owner calls the `repay` function to withdraw liquidity in an emergency situation.
#21
sherlock-admin
closed
6 months ago
1
FastTiger - In an emergency state, the owner of the position(Liquidity Provider) cannot withdraw his liquidity in `LiquidityBorrowingManager.sol#repay` function until the moment of the liquidation arrives.
#20
sherlock-admin2
closed
6 months ago
1
FastTiger - In `collectLoansFees` function, the caller has to input the array of tokens manualy because the caller does not obtain the caller's token list in `LiquidityBorrowingManager.sol#harvest` function.
#19
sherlock-admin
closed
6 months ago
1
FastTiger - Out of Gas Scenario in the `_addKeysAndLoansInfo` function due to repeated loop can lead to DOS
#18
sherlock-admin2
closed
6 months ago
1
FastTiger - By using slippage control on saleToken in the `repay` function, the borrower may not be able to repay the borrowed liquidity.
#17
sherlock-admin
closed
6 months ago
1
zraxx - When using the `borrow` function to update the `BorrowingInfo`, the previously accumulated fees were not distributed in time.
#16
sherlock-admin2
closed
6 months ago
4
zraxx - When the creditors of some loan.tokenId is Address(0), part of the fees will be locked in the protocol
#15
sherlock-admin
closed
6 months ago
1
zraxx - The implementation of function _checkEntranceFee means that entryFeeBP can never be 1
#14
sherlock-admin2
closed
6 months ago
5
AuditorPraise - Malicious Borrower can create a scenario where it won't be possible to repay() or harvest() on his borrowingKey
#13
sherlock-admin
closed
6 months ago
0
crypticdefense - Increase Liquidity and Decrease Liquidity have incorrect deadline check and lack slippage control
#12
sherlock-admin2
closed
6 months ago
1
crypticdefense - Spender can front-run `approve`
#11
sherlock-admin
closed
6 months ago
1
crypticdefense - `ApprovePayAndSwap::_maxApproveIfNecessary` does not work with some ERC20 tokens
#10
sherlock-admin2
closed
6 months ago
0
crypticdefense - `ApproveSwapAndPay::_tryApprove` does not approve to zero first
#9
sherlock-admin
closed
6 months ago
1
crypticdefense - ApproveSwapAndPay.sol swap functions lack slippage protection, leading to loss of user funds
#8
sherlock-admin2
closed
6 months ago
1
crypticdefense - Precision loss in liquidation bonus
#7
sherlock-admin
closed
6 months ago
1
crypticdefense - `slot0` can be easily manipulated
#6
sherlock-admin2
closed
6 months ago
1
ptsanev - ApproveSwapAndPay#_tryApprove() - USDT token approval would not work on mainnet
#5
sherlock-admin
closed
6 months ago
1
cheatcode - Rounding Down in Platform Fee Deductions leads to loss of Fees
#4
sherlock-admin2
closed
6 months ago
1
cheatcode - Rounding Errors in Entrance Fee Calculation lead to Precision Loss
#3
sherlock-admin
closed
6 months ago
2
ptsanev - Address deviation will not work on ZKSync
#2
sherlock-admin2
closed
6 months ago
0
ptsanev - Usage of ``slot0`` is extremely volatile
#1
sherlock-admin
closed
6 months ago
1