sherlock-audit 2024-02-rio-network-core-protocol-judging issues

sherlock-audit / 2024-02-rio-network-core-protocol-judging

4 stars 4 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

MatricksDeCoder - Hardcoded gas

#390 sherlock-admin2 closed 8 months ago
0
hash - Withdrawals may run out of gas

#389 sherlock-admin closed 8 months ago
2
Avci - `RioLRTassetregistery.sol` initialize function will revert.

#388 sherlock-admin4 closed 8 months ago
1
pontifex - Inflation attack by assets donation

#387 sherlock-admin3 closed 8 months ago
0
ComposableSecurity - The current idea of creating reETH and accepting several different assets in it exposes RIO users to losses

#386 sherlock-admin2 opened 8 months ago
1
Avci - attacker can DOS `removeAsset()` by frontrun

#385 sherlock-admin closed 8 months ago
0
psb01 - No check to ensure maximum number of active operators does not exceed allowed limit

#384 sherlock-admin4 closed 8 months ago
0
0xhacksmithh - Decimal used in Normalization lead to unexpected result

#383 sherlock-admin3 closed 8 months ago
1
thisvishalsingh - thisvishalsingh - Uninitialized state variable `epochWithdrawalsByAsset`

#382 sherlock-admin2 closed 8 months ago
1
hash - Operators can cause verification of other operators to fail by verifying a validator that was added outside Rio

#381 sherlock-admin closed 8 months ago
0
ComposableSecurity - DoS and locked funds caused by lack of epoch increment during EigenLayer settlement

#380 sherlock-admin4 closed 8 months ago
0
ComposableSecurity - Front-running with a reduced number of validators to deallocate from another operator

#379 sherlock-admin3 closed 8 months ago
1
Aymen0909 - `queueOperatorStrategyExit` doesn't decrease the operator shares allocation

#378 sherlock-admin2 closed 8 months ago
3
klaus - Can verify with an external validator that is not registered in the Rio system. Prevent other operators from verifying

#377 sherlock-admin closed 8 months ago
0
Audinarey - overstated TVL value breaks share accounting when asset are queued for withdrawal form `EigenLayer`

#376 sherlock-admin4 closed 8 months ago
0
cheatcode - Donation Attack Possible in RioLRTDepositPool Contract

#375 sherlock-admin3 closed 8 months ago
1
Avci - the `removeAsset` function logic has problem in deleting assets

#374 sherlock-admin2 closed 8 months ago
1
monrel - LRT holders share of rewards are not counted in TVL

#373 sherlock-admin closed 8 months ago
13
pontifex - Reward distribution can be frontrun or sandwich attacked

#372 sherlock-admin4 closed 8 months ago
0
cheatcode - Potential Disruption in Epoch Lifecycle Management

#371 sherlock-admin3 closed 8 months ago
1
monrel - ETH withdrawers do not earn yield while waiting for a withdrawal

#370 sherlock-admin2 opened 8 months ago
24
psb01 - Share's Precision not reduced to nearest GWEI if asset is ETH

#369 sherlock-admin closed 8 months ago
0
cheatcode - Unauthorized Withdrawal Claims in RioLRTWithdrawalQueue::claimWithdrawalsForEpoch function

#368 sherlock-admin4 closed 8 months ago
1
peanuts - Leak of value when waiting for assets to be withdrawn after requesting withdrawal

#367 sherlock-admin3 closed 8 months ago
0
monrel - Incorrect calculation of available shares lead to locked funds

#366 sherlock-admin2 closed 8 months ago
0
monrel - Validator count can not be predictably reduce for an operator

#365 sherlock-admin closed 8 months ago
1
Aymen0909 - Users might receive less funds from the queued withdrawals

#364 sherlock-admin4 closed 8 months ago
0
monrel - Slashing penalty is unfairly paid by a subset of users if a deficit is accumulated.

#363 sherlock-admin3 opened 8 months ago
21
monrel - Users can circumvent slashing penalties by front-running EigenLayer updates

#362 sherlock-admin2 closed 8 months ago
0
Aymen0909 - `requestWithdrawal` doesn't estimate accurately the available shares for withdrawals

#361 sherlock-admin opened 8 months ago
4
monrel - Epoch is not incremented when withdrawing from EigenLayer

#360 sherlock-admin4 closed 8 months ago
0
deth - RioLRTWithdrawalQueue.sol - If a withrawal is queued to EigenLayer it can then be settled normally, forcing the Deposit Pool to pay again for the sharesOwed, while some were already payed the first time

#359 sherlock-admin3 closed 8 months ago
0
fugazzi - Intrinsic arbitrage due to price feed discrepancies could lead to loss of value for the protocol

#358 sherlock-admin2 closed 8 months ago
0
neumo - Wrong accounting of ethBalanceInUnverifiedValidators when validating withdraw credentials

#357 sherlock-admin closed 8 months ago
0
hash - Adding multiple validators within security review period will increase the confirmation timestamp for all

#356 sherlock-admin4 closed 8 months ago
0
MatricksDeCoder - Lack of storage gap for upgradeable contracts

#355 sherlock-admin3 closed 8 months ago
0
cats - Minting formula does not subtract pending withdrawals

#354 sherlock-admin2 closed 8 months ago
1
Aymen0909 - Unable to Claim EigenLayer Withdrawals through `settleEpochFromEigenLayer`

#353 sherlock-admin closed 8 months ago
0
0xShoonya - PriceOracle will use the wrong price if the Chainlink registry returns price outside the minimum and maximum range

#352 sherlock-admin4 closed 8 months ago
0
Aymen0909 - Potential Revert in `allocateStrategyShares` Function would prevent EigenLayer deposits

#351 sherlock-admin3 closed 8 months ago
4
FastTiger - Relying solely on the ChainLink oracle for asset prices may not always provide accurate prices.

#350 sherlock-admin2 closed 8 months ago
1
MatricksDeCoder - There is lack of fallback for price feeds Oracles

#349 sherlock-admin closed 8 months ago
1
Aymen0909 - Withdrawals will be impossible after `queueCurrentEpochSettlement` and `settleEpochFromEigenLayer` are called

#348 sherlock-admin4 closed 8 months ago
0
FastTiger - The amount of time an asset price is considered stale is fixed.

#347 sherlock-admin3 closed 8 months ago
1
0xhashiman - Missing __gap in upgradeable contract

#346 sherlock-admin2 closed 8 months ago
1
mstpr-brainbot - Mismatch in `QueuedWithdrawalParams` and `Withdrawal` structs between EigenLayer and Rio

#345 sherlock-admin closed 8 months ago
2
kgothatso - Malicious users can steal tokens from Oracles by crafting and submitting specific requests.

#344 sherlock-admin4 closed 8 months ago
1
MatricksDeCoder - Chainlink oracle will return the wrong price if the aggregator hits minAnswer or maxAnswer

#343 sherlock-admin3 closed 8 months ago
0
merlin - No slippage protection is implemented for the deposit and depositETH functions in the RioLRTCoordinator

#342 sherlock-admin2 closed 8 months ago
0
hash - Removing an asset doesn't clear its associated utilization heap

#341 sherlock-admin closed 8 months ago
0