issues
search
sherlock-audit
/
2024-02-rubicon-finance-judging
5
stars
3
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Dobry - `getFeeOutputs` does not work as intended due to a wrong comparison
#81
sherlock-admin2
closed
7 months ago
1
LouisTsai - Vulnerabilities in gas consumption and native token handling in internal `_fill` function.
#80
sherlock-admin
closed
7 months ago
1
Debych - Griefer maker can cause DOS
#79
sherlock-admin2
closed
7 months ago
1
m4ttm - Base fees are still applied when applyFee is false
#78
sherlock-admin
closed
7 months ago
1
turvec - Swappers and fillers can execute partial trade on orders that has no decay
#77
sherlock-admin2
closed
7 months ago
1
Varun_05 - Fees is not injected properly
#76
sherlock-admin
closed
7 months ago
1
ni8mare - `execute` transactions can be reverted by a malicious user.
#75
sherlock-admin2
closed
7 months ago
2
Dobry - The `_fill` function allows user to steal funds that do not belong to them
#74
sherlock-admin
closed
7 months ago
1
WangAudit - [H] `RubiconFeeController::getFeeOutputs` incorrectly creates feeOutput tokens, thus adding duplicates to the `order.outputs`
#73
sherlock-admin2
closed
7 months ago
2
0xRstStn - Upgradeable contracts should implement ERC-7201 name spacing to reduce the risk of storage collisions
#72
sherlock-admin
closed
7 months ago
1
soliditywala - Fees not set in initialize()
#71
sherlock-admin2
closed
7 months ago
1
Fassi_Security - When an order is exactly matched, a buyer can end up paying more than his max amount due to execlusivityOverrideBps
#70
sherlock-admin
closed
7 months ago
22
LTDingZhen - If an order is partially filled, the user will not receive a refund
#69
sherlock-admin2
closed
7 months ago
1
turvec - The feeController differs from it's specification as setting 'applyFee' to false doesn't disable BOTH Dynamic pair-based and base fee but only Dynamic pair-based fee
#68
sherlock-admin
closed
7 months ago
1
hunter_w3b - `GladiusOrderQuoter::quote()` vulnerable to `frontrunning` attacks
#67
sherlock-admin2
closed
7 months ago
1
taner2344 - setGladiusReactor function has no zero address check.
#66
sherlock-admin
closed
7 months ago
1
hunter_w3b - `BaseGladiusReactor::executeBatch` vulnerable to DOS attack
#65
sherlock-admin2
closed
7 months ago
1
Varun_05 - Fee updated on the memory variable instead on the original result
#64
sherlock-admin
closed
7 months ago
1
itsabinashb - GladiusReactor::`eth` locked permanently in contract
#63
sherlock-admin2
closed
7 months ago
1
taner2344 - setFeeRecipient checks no "zero address" parameter
#62
sherlock-admin
closed
7 months ago
1
hunter_w3b - `BaseGladiusReactor::executeBatch` vulnerable to DOS attack
#61
sherlock-admin2
closed
7 months ago
1
blutorque - No storage gap for upgradeable contracts
#60
sherlock-admin
closed
7 months ago
1
turvec - Protocol will loss all fees due to injected fees not being reflected on trader orders
#59
sherlock-admin2
closed
7 months ago
1
Varun_05 - handleOverride is not done correctly on the resolvedOrder
#58
sherlock-admin
closed
7 months ago
1
taner2344 - GladiusReactor allows no decay on orders.
#57
sherlock-admin2
closed
7 months ago
1
jennifer37 - Trader's order may not be completed finished because of fillThreshold.
#56
sherlock-admin
closed
7 months ago
1
jennifer37 - possible partial execution failure because of permit2 nounce used in the first partial execution
#55
sherlock-admin2
closed
7 months ago
1
bigbick123456789000 - Incomplete Struct Definition in PERMIT2_ORDER_TYPE
#54
sherlock-admin
closed
7 months ago
1
LTDingZhen - Users can grief fillers by set malicious `ValidationContract`.
#53
sherlock-admin2
closed
7 months ago
33
4b - No input validation on the owner address in `RubiconFeeController::initialize()` and `BaseGladiusReactor::initialize()`
#52
sherlock-admin
closed
7 months ago
1
mstpr-brainbot - Pairs with "MAX_FEE" can revert due to rounding inconsistencies
#51
sherlock-admin2
opened
7 months ago
6
almurhasan - Attacker can make DOS function execute(without quantity parameter).
#50
sherlock-admin
closed
7 months ago
1
4b - No storage gap for upgradeable contracts `GladiusReactor` and `RubiconFeeController`
#49
sherlock-admin2
closed
7 months ago
1
DJINN - Ownership change in a single step
#48
sherlock-admin
closed
7 months ago
1
DJINN - Missing address(0) checks for `_owner` in `RubiconFeeController.initialize()` and `BaseGladiusReactor.initialize()`
#47
sherlock-admin2
closed
7 months ago
1
bareli - zero address verification.
#46
sherlock-admin
closed
7 months ago
1
MatricksDeCoder - solmate SafeTransferLib does not check token contract existence
#45
sherlock-admin2
closed
7 months ago
1
MatricksDeCoder - solmate SafeTransferLib does not check token contract existence
#44
sherlock-admin
closed
7 months ago
1
detectiveking - `getFeeOutputs` fees are improperly calculated
#43
sherlock-admin2
closed
7 months ago
1
valentin2304 - No Storage Gap for Upgradeable Contract Might Lead to Storage Slot Collision
#42
sherlock-admin
closed
7 months ago
1
bareli - wrong implementation of "getFeeOutputs"
#41
sherlock-admin2
closed
7 months ago
1
itsabinashb - GladiusOrderQuoter::No limitation on returned bytes
#40
sherlock-admin
closed
7 months ago
2
kgothatso - ``
#39
sherlock-admin2
closed
7 months ago
1
HSP - Attacker can submit malicious order and user may lose funds interacting with it
#38
sherlock-admin
closed
7 months ago
2
DJINN - Missing address validation for `RubiconFeeController.feeRecipient` can lead to fees being misdirected or lost
#37
sherlock-admin2
closed
7 months ago
1
KingNFT - Execution of orders would revert unexpectedly while ````baseFee```` or ````pairBasedFee```` equals to ````MAX_FEE````
#36
sherlock-admin
closed
7 months ago
1
shaflow01 - The "initialize" function is at risk of being front-Running,May result in high risk.
#35
sherlock-admin2
closed
7 months ago
1
skatas192 - The `owner` address has never been set wich will cause the `auth` modifier to revert
#34
sherlock-admin
closed
7 months ago
2
DJINN - Missing address validation for `RubiconFeeController.gladiusReactor` can lead to reverts
#33
sherlock-admin2
closed
7 months ago
1
trauki - Medium - `fillThreshold` can be 0
#32
sherlock-admin
closed
7 months ago
1
Next