sherlock-audit 2024-02-perpetual-judging issues

sherlock-audit / 2024-02-perpetual-judging

1 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Avci - the `deposit()` won't work after the first call in `OracleMaker.sol`

#152 sherlock-admin3 closed 1 month ago
1
Avci - Nonces are not used in the signature checks

#151 sherlock-admin4 closed 1 month ago
1
bareli - amountOutMinimum in filllorder shouldnot be 0.

#150 sherlock-admin2 closed 1 month ago
0
ge6a - The protocol uses prices in usd instead of usdt/usdc

#149 sherlock-admin3 closed 1 month ago
26
bareli - use 'safeapprove' insted of 'approve'

#148 sherlock-admin4 closed 1 month ago
1
ihavebigmuscle - Increasing the Exposure of SpotHedgeMaker and OracleMaker

#147 sherlock-admin2 closed 1 month ago
0
Kose - Traders Continue to Pay Fees When a Market or The System is Suspended

#146 sherlock-admin3 closed 1 month ago
1
Avci - Malicious users can manipulate the price to their advantage

#145 sherlock-admin4 closed 1 month ago
4
ihavebigmuscle - Opening a Delta Neutral Position Enables OracleMaker LP to Profit from SpotHedgeMaker LP

#144 sherlock-admin2 closed 1 month ago
1
Avci - anyone can drain `PythOracleAdapter.sol` by `updatePrice()`

#143 sherlock-admin3 closed 1 month ago
1
Avci - There are no checks to ensure ecrecover() does not return 0.

#142 sherlock-admin4 closed 1 month ago
1
ihavebigmuscle - Whitelisted LPs in OracleMaker Can Manipulate the Funding Rate through Deposit/Withdraw Operations

#141 sherlock-admin2 closed 1 month ago
7
ge6a - Loss of funds for trader because whitelisted maker can't be liquidated

#140 sherlock-admin3 opened 2 months ago
15
Kose - Unfair Liquidation After System Suspension Lift Because of Lack of Grace Period for Traders

#139 sherlock-admin4 closed 1 month ago
1
Avci - lack of slippage parameteres in `fillOrder` function.

#138 sherlock-admin2 closed 1 month ago
0
jokr - Incorrect premium calculation in OracleMaker

#137 sherlock-admin3 opened 2 months ago
4
nirohgo - Price difference between pyth oracle and uniswap can be exploited for immediate gain by takers

#136 sherlock-admin4 closed 1 month ago
2
jasonxiale - tiny positions might not be liquidated entirely

#135 sherlock-admin2 closed 1 month ago
2
jokr - Instant arbitrage oppurtunity in OracleMaker

#134 sherlock-admin3 closed 1 month ago
0
nirohgo - Funding Fee Rate is calculated based only on the Oracle Maker's skew but applied across the entire market, which enables an attacker to generate an extreme funding rate for a low cost and leverage that to their benefit

#133 sherlock-admin4 opened 2 months ago
83
ihavebigmuscle - Triggering Custom Error Allows Quoter to Return Incorrect Prices

#132 sherlock-admin3 closed 1 month ago
7
ge6a - Update price 2 times in the same block

#131 sherlock-admin2 closed 1 month ago
24
Kose - Unfair LP Fund Losses in SpotHedgeBaseMaker Due to CircuitBreaker Rate-Limiting

#130 sherlock-admin4 closed 1 month ago
8
IllIllI - Signature validation callbacks can be used to make margin withdrawal calculations invalid

#129 sherlock-admin3 closed 1 month ago
11
IllIllI - Oracle updates can be front-run in order to bypass price band caps

#128 sherlock-admin2 closed 1 month ago
8
IllIllI - Whale LPs can make the admin's risk control parameters ineffective

#127 sherlock-admin4 closed 3 weeks ago
23
IllIllI - Borrow fees can be arbitrarily increased without the maker providing any value

#126 sherlock-admin3 opened 2 months ago
42
ge6a - Draining maker through funding fee

#125 sherlock-admin2 closed 1 month ago
12
IllIllI - Reservation price does not take into account the size of the order

#124 sherlock-admin4 closed 1 month ago
1
IllIllI - Two Pyth prices can be used in the same transaction to attack the LP pools

#123 sherlock-admin3 opened 2 months ago
2
jokr - Incorrect slippage check for taker in `ClearingHouse`

#122 sherlock-admin2 closed 1 month ago
2
IllIllI - No slippage control on maker LP `deposit()`/`withdraw()`

#121 sherlock-admin4 opened 2 months ago
10
AgileJune - Attacker can drain all ethers on PythOracleAdapter contract via updatePrice() function

#120 sherlock-admin2 closed 1 month ago
1
IllIllI - Attackers can sandwich their own trades up to the price bands

#119 sherlock-admin4 opened 2 months ago
26
IllIllI - SpotHedgeBaseMaker LPs will be able to extract value during a USDT/USDC de-peg

#118 sherlock-admin3 opened 2 months ago
1
IllIllI - Withdrawal caps can be bypassed by opening positions against the SpotHedgeBaseMaker

#117 sherlock-admin3 opened 2 months ago
2
IllIllI - Price band caps apply to decreasing orders, but not to liquidations

#116 sherlock-admin2 opened 2 months ago
30
IllIllI - Attackers can create positions that have no incentive to be liquidated

#115 sherlock-admin2 opened 2 months ago
13
IllIllI - SpotHedgeBaseMaker uses the wrong oracle for non-evm/non-erc20 markets

#114 sherlock-admin4 closed 1 month ago
3
PUSH0 - OracleMaker LPs are unnecessarily forced-exposed to risk when CircuitBreaker's rate limit is close to triggering

#113 sherlock-admin4 closed 1 month ago
2
neon2835 - Users can avoid the possibility of liquidation

#112 sherlock-admin3 closed 1 week ago
78
jokr - Liquidators can prevent users from making their positions healthy during an unpause

#111 sherlock-admin2 closed 1 month ago
1
ihavebigmuscle - Relay Fee is Collected All at Once, Allowing Relayers to Earn Relay Fees by Only Partially Filling Orders

#110 sherlock-admin2 closed 1 month ago
2
ihavebigmuscle - The Order Key Does Not Include Complete Order Data

#109 sherlock-admin4 closed 1 month ago
2
Ragnark_323 - Potential Precision loss Due to Division before multiplication in Shares calculation

#108 sherlock-admin4 closed 1 month ago
2
ni8mare - `deposit` function in `SpotHedgeBaseMaker` and `OracleMaker` is prone to slippage

#107 sherlock-admin3 closed 1 month ago
1
PUSH0 - Bad debt liquidation leaves liquidated user with negative margin, which can cause bank run and loss of funds for the last users to withdraw

#106 sherlock-admin3 closed 1 month ago
9
neon2835 - setAuthorization functions should not be hard coded

#105 sherlock-admin2 closed 1 month ago
1
unsafesol - Wrong Implementation of Borrowing Fee Mechanism causes lose of Funds for Whitelisted Makers

#104 sherlock-admin2 closed 1 month ago
2
qpzm - OracleMaker._getBasePriceWithSpread returns unfavorable price for itself.

#103 sherlock-admin4 closed 1 month ago
5