sherlock-audit 2024-02-leverage-contracts-judging issues

sherlock-audit / 2024-02-leverage-contracts-judging

1 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

turvec - no slippage protection on _increase and _decreaseLiquidity

#49 sherlock-admin closed 6 months ago
0
bareli - Low Liquidity in Uniswap V3 Pool Can Lead to ETH Lockup in _v3SwapExactInput Contract

#48 sherlock-admin2 closed 6 months ago
1
turvec - Plaform fee should round up

#47 sherlock-admin closed 6 months ago
1
turvec - Gas griefing on loan owners for their liquidity

#46 sherlock-admin2 closed 6 months ago
1
0xDetermination - Entrance fee contributes to min fee; if the protocol intends for the min fee to be collected on top of the entrance fee, then the min fee may not be collected

#45 sherlock-admin closed 6 months ago
1
ydlee - `_getMinLiquidityAmt` does not return the minimum liquidity amount.

#44 sherlock-admin2 closed 6 months ago
1
bareli - Withdrawals from _v3SwapExactInput have no slippage protection so can be frontrun, stealing all user funds

#43 sherlock-admin closed 6 months ago
0
Afriaudit - Wrong conditional statement in `LightQuoterV3:_simulateSwap`

#42 sherlock-admin2 closed 6 months ago
1
0xDetermination - Fees aren't distributed properly for positions with multiple lenders, causing loss of funds for lenders

#41 sherlock-admin opened 6 months ago
6
0xDetermination - A borrower eligible for liquidation can pay an improperly large amount of fees, and may be unfairly liquidated

#40 sherlock-admin2 opened 6 months ago
29
0xDetermination - Entrance fees are distributed wrongly in loans with multiple lenders

#39 sherlock-admin opened 6 months ago
28
0xDetermination - `liquidationBonus` may be forever unclaimable if a lender burns their NFT

#38 sherlock-admin2 closed 6 months ago
10
0xDetermination - Minimum loan fee isn't enforced properly for multiple-loan positions

#37 sherlock-admin closed 6 months ago
1
0xDetermination - Min fee enforcement can cause borrowers to pay too many fees

#36 sherlock-admin2 closed 6 months ago
0
0xDetermination - Protocol will be bricked on zkSync due to `computePoolAddress()` calculation

#35 sherlock-admin closed 6 months ago
2
kgothatso - ` LiquidityManager ::_decreaseLiquidity `this function can fail because of the deadline in the past

#34 sherlock-admin2 closed 6 months ago
0
bareli - A lack of slippage protection can lead to significant loss of user fund

#33 sherlock-admin closed 6 months ago
0
kgothatso - Approve batch transaction fails revert

#32 sherlock-admin2 closed 6 months ago
1
kgothatso - check usdt approve to zero

#31 sherlock-admin closed 6 months ago
1
kgothatso - Incorrect parameters passed to UniV3 may cause funds stuck in the contract

#30 sherlock-admin2 closed 6 months ago
0
kgothatso - UniswapV3 doesn't provide slippage protection and will result in partial swaps

#29 sherlock-admin closed 6 months ago
0
kgothatso - Low Liquidity in Uniswap V3 Pool Can Lead to ETH Lockup in the contract

#28 sherlock-admin2 closed 6 months ago
0
bareli - use of 'SLOT0' to get sqrtPriceX96 can lead to price manipulation.

#27 sherlock-admin closed 6 months ago
0
IceBear - Use of slot0 to get sqrtPriceLimitX96 can lead to price manipulation.

#26 sherlock-admin2 closed 6 months ago
1
the-first-elder - Attacker can borrow a larger number of tokens and paying lesser fee when repaying debt

#25 sherlock-admin closed 6 months ago
12
the-first-elder - Creditors will Loose harvest if a user repays their loan before they can claim harvest

#24 sherlock-admin2 closed 6 months ago
1
the-first-elder - Loans cannot be liquidated by other users by calling repay function

#23 sherlock-admin closed 6 months ago
1
FastTiger - There is no function to refund the borrower for the remaining position holding cost in the repay function.

#22 sherlock-admin2 closed 6 months ago
1
FastTiger - It can be front-running when the position owner calls the `repay` function to withdraw liquidity in an emergency situation.

#21 sherlock-admin closed 6 months ago
1
FastTiger - In an emergency state, the owner of the position(Liquidity Provider) cannot withdraw his liquidity in `LiquidityBorrowingManager.sol#repay` function until the moment of the liquidation arrives.

#20 sherlock-admin2 closed 6 months ago
1
FastTiger - In `collectLoansFees` function, the caller has to input the array of tokens manualy because the caller does not obtain the caller's token list in `LiquidityBorrowingManager.sol#harvest` function.

#19 sherlock-admin closed 6 months ago
1
FastTiger - Out of Gas Scenario in the `_addKeysAndLoansInfo` function due to repeated loop can lead to DOS

#18 sherlock-admin2 closed 6 months ago
1
FastTiger - By using slippage control on saleToken in the `repay` function, the borrower may not be able to repay the borrowed liquidity.

#17 sherlock-admin closed 6 months ago
1
zraxx - When using the `borrow` function to update the `BorrowingInfo`, the previously accumulated fees were not distributed in time.

#16 sherlock-admin2 closed 6 months ago
4
zraxx - When the creditors of some loan.tokenId is Address(0), part of the fees will be locked in the protocol

#15 sherlock-admin closed 6 months ago
1
zraxx - The implementation of function _checkEntranceFee means that entryFeeBP can never be 1

#14 sherlock-admin2 closed 6 months ago
5
AuditorPraise - Malicious Borrower can create a scenario where it won't be possible to repay() or harvest() on his borrowingKey

#13 sherlock-admin closed 6 months ago
0
crypticdefense - Increase Liquidity and Decrease Liquidity have incorrect deadline check and lack slippage control

#12 sherlock-admin2 closed 6 months ago
1
crypticdefense - Spender can front-run `approve`

#11 sherlock-admin closed 6 months ago
1
crypticdefense - `ApprovePayAndSwap::_maxApproveIfNecessary` does not work with some ERC20 tokens

#10 sherlock-admin2 closed 6 months ago
0
crypticdefense - `ApproveSwapAndPay::_tryApprove` does not approve to zero first

#9 sherlock-admin closed 6 months ago
1
crypticdefense - ApproveSwapAndPay.sol swap functions lack slippage protection, leading to loss of user funds

#8 sherlock-admin2 closed 6 months ago
1
crypticdefense - Precision loss in liquidation bonus

#7 sherlock-admin closed 6 months ago
1
crypticdefense - `slot0` can be easily manipulated

#6 sherlock-admin2 closed 6 months ago
1
ptsanev - ApproveSwapAndPay#_tryApprove() - USDT token approval would not work on mainnet

#5 sherlock-admin closed 6 months ago
1
cheatcode - Rounding Down in Platform Fee Deductions leads to loss of Fees

#4 sherlock-admin2 closed 6 months ago
1
cheatcode - Rounding Errors in Entrance Fee Calculation lead to Precision Loss

#3 sherlock-admin closed 6 months ago
2
ptsanev - Address deviation will not work on ZKSync

#2 sherlock-admin2 closed 6 months ago
0
ptsanev - Usage of ``slot0`` is extremely volatile

#1 sherlock-admin closed 6 months ago
1