sherlock-audit 2024-02-perennial-v2-3-judging issues

sherlock-audit / 2024-02-perennial-v2-3-judging

6 stars 5 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Gas Optimization

#37 Emmanuel-hub321 closed 2 months ago
0
w42d3n - Uncontrolled Registry in MarketFactory.sol

#36 sherlock-admin3 closed 3 months ago
2
w42d3n - Reentrancies in oracle.sol

#35 sherlock-admin2 closed 3 months ago
2
w42d3n - Use call instead of transfer on payable addresses

#34 sherlock-admin4 closed 3 months ago
1
bareli - uncheck output of "transfer"

#33 sherlock-admin3 closed 3 months ago
2
bin2chen - ChainlinkFactory will pay non-requested versions keeper fees

#32 sherlock-admin2 opened 3 months ago
3
bareli - No check on "ethTokenOracleFeed().latestRoundData()"

#31 sherlock-admin4 closed 3 months ago
2
bin2chen - after update v2.1.1 may not be able to settle properly

#30 sherlock-admin3 closed 3 months ago
8
bin2chen - ChainlinkFactory no convert decimals

#29 sherlock-admin2 closed 3 months ago
9
4b - In `MultiInvoker.sol::invoke` transfer will not be compatible with some wallets

#28 sherlock-admin4 closed 3 months ago
1
thisvishalsingh - Restrictive Oracle-Market Mapping in `MarketFactory` Leading to Limited Market Creation and Impaired Revenue Potential

#27 sherlock-admin3 closed 3 months ago
2
panprog - Vault global shares and assets change will mismatch local shares and assets change during settlement due to incorrect `_withoutSettlementFeeGlobal` formula

#26 sherlock-admin2 opened 3 months ago
2
panprog - Vault checkpoints slightly incorrect conversion from assets to shares leads to slow loss of funds for long-time vault depositors

#25 sherlock-admin4 opened 3 months ago
3
4b - In `MultiInvoker.sol::_withdraw` Blacklisted USDC addresses can lead to DOS

#24 sherlock-admin3 closed 3 months ago
2
panprog - Vault and oracle keepers DoS in some situations due to `market.update(account,max,max,max,0,false)`

#23 sherlock-admin2 opened 3 months ago
2
bin2chen - Liquidator can set up referrals for other users

#22 sherlock-admin4 opened 3 months ago
12
bin2chen - Liquidator/referrer is himself, rewards will be lost

#21 sherlock-admin3 closed 3 months ago
3
bin2chen - MultiInvoker is not backward compatible

#20 sherlock-admin2 closed 3 months ago
1
bin2chen - OracleVersion will not be invalid

#19 sherlock-admin4 closed 3 months ago
3
4b - In `Vault.sol::update` USDC blacklists can lead to locked up funds

#18 sherlock-admin3 closed 3 months ago
2
bin2chen - _loadContext() uses the wrong pendingGlobal.

#17 sherlock-admin2 opened 3 months ago
3
panprog - If referral or liquidator is the same address as the account, then liquidation/referral fees will be lost due to local storage being overwritten after the `claimable` amount is credited to liquidator or referral

#16 sherlock-admin4 opened 3 months ago
3
4b - Vault Rounding Issue in `Vault.sol::_update`

#15 sherlock-admin3 closed 3 months ago
2
krkba - Missing check for array limit in `invoke` function.

#14 sherlock-admin2 closed 3 months ago
2
KingNFT - ````Pyth```` oracle is paying ````30%```` more than intended keep fee

#13 sherlock-admin4 closed 3 months ago
28
panprog - MultiInvoker's stored TriggerOrders are not migrated to new format, potentially causing huge interface fees charged to users.

#12 sherlock-admin3 closed 3 months ago
8
panprog - All transactions to claim assets from the vault will revert in some situations due to double subtraction of the claimed assets in market position allocations calculation.

#11 sherlock-admin2 opened 3 months ago
2
KingNFT - Orders on Optimism chains can not be settled due to revert of ````keep()````

#10 sherlock-admin4 opened 3 months ago
2
panprog - Makers can lose funds from price movement even when no long and short positions are opened, due to incorrect distribution of adiabatic fees exposure between makers

#9 sherlock-admin3 opened 3 months ago
2
panprog - When vault's market weight is set to 0 to remove the market from the vault, vault's leverage in this market is immediately set to max leverage risking position liquidation

#8 sherlock-admin2 opened 3 months ago
6
bigbick123456789000 - Use of `call()` Instead of `transfer()` in `MultiInvoker` 's `invoke` Function

#7 sherlock-admin4 closed 3 months ago
3
panprog - Requested oracle versions, which have expired, must return this oracle version as invalid, but they return it as a normal version with previous version's price instead

#6 sherlock-admin3 opened 3 months ago
4
panprog - Empty orders do not request from oracle and during settlement they use an invalid oracle version with `price=0` which messes up a lot of fees and funding accounting leading to loss of funds for the makers

#5 sherlock-admin2 opened 3 months ago
5
bigbick123456789000 - Exploitable Flaw in `transferOwnership` Function

#4 sherlock-admin4 closed 3 months ago
2
bigbick123456789000 - Lack of Handling Non-Standard ERC20 Behavior in `approve` Function

#3 sherlock-admin3 closed 3 months ago
2
bigbick123456789000 - Division by Zero Vulnerability in `MetaQuantsFactory` Contract

#2 sherlock-admin2 closed 3 months ago
2
bigbick123456789000 - Lack of Sequencer Uptime Feed Consultation in Arbitrum Chainlink Oracle

#1 sherlock-admin4 closed 3 months ago
2