issues
search
sherlock-audit
/
2024-02-tapioca-judging
3
stars
2
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
bin2chen - buyCollateral() does not work properly
#100
sherlock-admin4
opened
4 months ago
2
bin2chen - _internalTransferWithAllowance() users can use multi-signature wallets that do not belong to them under different chains.
#99
sherlock-admin3
closed
4 months ago
2
John_Femi - Fees is deducted twice during native token wrapping
#98
sherlock-admin2
closed
4 months ago
1
ctf_sec - Share computing for reward distribution is incorrect
#97
sherlock-admin4
closed
3 months ago
10
bin2chen - SGL.borrow() the value of assets borrowed greater than the value of debts recorded
#96
sherlock-admin3
closed
4 months ago
4
John_Femi - Griefing Attack on TOFT and mTOFT contract deployment
#95
sherlock-admin2
closed
4 months ago
2
bin2chen - Balancer using safeApprove may lead to revert.
#94
sherlock-admin4
opened
4 months ago
3
bin2chen - leverageUpReceiver() Missing Security Check for msg_.marketHelper
#93
sherlock-admin3
closed
4 months ago
0
bin2chen - TOFT.exerciseOptionsReceiver may unable to Retrieve TapToken
#92
sherlock-admin2
closed
4 months ago
1
hyh - Unpausing with accrue timestamp reset can remove the accrual between last recorded accrue time and pausing time
#91
sherlock-admin4
opened
4 months ago
1
hyh - Malicious MarketHelper contract can be used in TOFTMarketReceiverModule's leverageUpReceiver and marketRemoveCollateralReceiver functions
#90
sherlock-admin3
opened
4 months ago
3
hyh - Balancer rebalance operation is permanently blocked whenever owner assigns `rebalancer` role to some other address
#89
sherlock-admin2
opened
4 months ago
4
duc - `SGLLiquidation._extractLiquidationFees()` function transfers fee shares directly to Penrose, resulting in these fees being stuck
#88
sherlock-admin4
closed
4 months ago
0
hyh - TOFTOptionsReceiverModule miss cross-chain transformation for deposit and lock amounts
#87
sherlock-admin3
opened
4 months ago
3
duc - Handling the case where `msg_.unwrap` == false is missed in the `TOFTGenericReceiverModule.receiveWithParamsReceiver` function
#86
sherlock-admin2
closed
4 months ago
2
duc - Liquidation's caller in the market can avoid fees
#85
sherlock-admin4
closed
4 months ago
0
duc - `getCollateral` and `getAsset` functions of the AssetTotsDaiLeverageExecutor contract decode data incorrectly
#84
sherlock-admin3
opened
4 months ago
4
bareli - wrong implement of "permit"
#83
sherlock-admin2
closed
4 months ago
2
ctf_sec - Fully exercise option to receive fully eligible amount via TOFTOptionsReceiverModule may result in loss of fund
#82
sherlock-admin4
closed
4 months ago
0
ctf_sec - Access control is missing in TOFTGenericReceiverModule.sol
#81
sherlock-admin3
closed
4 months ago
1
GiuseppeDeLaZara - Airdopped tokens can be stolen by anyone
#80
sherlock-admin2
closed
4 months ago
1
hyh - Leverage borrowing with stale rate can atomically create bad debt with no prior positions and no investment
#79
sherlock-admin4
opened
4 months ago
1
GiuseppeDeLaZara - `LeverageExecutor` is not working inside `BBLeverage` and `SGLeverage`
#78
sherlock-admin3
closed
4 months ago
1
bareli - Wrong value of flashMintFee in USDOFlashloanHelper.sol
#77
sherlock-admin2
closed
4 months ago
2
bareli - missing return in '_toftCustomComposeReceiver'
#76
sherlock-admin4
closed
4 months ago
1
ctf_sec - lack of market helper address validation allows theft of fund
#75
sherlock-admin3
closed
4 months ago
2
ctf_sec - Owner check logical should use && instead of || when rebalancing
#74
sherlock-admin2
closed
4 months ago
2
duc - The borrowing approval of the market is risky for users, as the spender can steal unlimited funds of user with a small allowance
#73
sherlock-admin4
closed
3 months ago
3
GiuseppeDeLaZara - Gas parameters for Stargate swap are hardcoded leading to stuck messages
#72
sherlock-admin3
opened
4 months ago
15
GiuseppeDeLaZara - Stargate Pools conversion rate leads to token accumulation inside the Balancer contract
#71
sherlock-admin2
opened
4 months ago
3
GiuseppeDeLaZara - `mTOFT` can be forced to receive the wrong ERC20 leading to token lockup
#70
sherlock-admin4
opened
4 months ago
13
GiuseppeDeLaZara - All ETH can be stolen during rebalancing for `mTOFTs` that hold native
#69
sherlock-admin3
opened
4 months ago
5
GiuseppeDeLaZara - StargateRouter cannot send payloads and rebalancing of ERC20s is broken
#68
sherlock-admin2
opened
4 months ago
6
GiuseppeDeLaZara - Composing approval with other messages is subject to DoS
#67
sherlock-admin4
opened
4 months ago
0
GiuseppeDeLaZara - Pausable is not implemented
#66
sherlock-admin3
closed
4 months ago
2
bin2chen - mTOFT when erc20==address(0) need to pay fees twice
#65
sherlock-admin2
closed
4 months ago
2
bin2chen - Multiple contracts cannot be paused
#64
sherlock-admin4
opened
4 months ago
2
bin2chen - mTOFTReceiver MSG_XCHAIN_LEND_XCHAIN_LOCK unable to execute
#63
sherlock-admin3
opened
4 months ago
1
duc - The mismatch between leverage executor contracts and the utilized interface in market
#62
sherlock-admin2
closed
4 months ago
1
duc - `leverageAmount` is incorrect in `SGLLeverage.sellCollateral` function due to calculation based on the new states of YieldBox after withdrawal
#61
sherlock-admin4
opened
4 months ago
2
duc - `SGLLeverage.sellCollateral` calls `_repay` with the skim parameter set to false.
#60
sherlock-admin3
closed
4 months ago
6
duc - The repaying action in `BBLeverage.sellCollateral` function pulls YieldBox shares of asset from wrong address
#59
sherlock-admin2
opened
4 months ago
18
duc - Depositing incorrect tokens in the `BBLeverage.sellCollateral` function
#58
sherlock-admin4
closed
4 months ago
2
duc - `buyCollateral` function pass a `false` value of skim param for adding collateral
#57
sherlock-admin3
closed
4 months ago
0
duc - Using wrong token for the approve action in the `buyCollateral` function
#56
sherlock-admin2
closed
4 months ago
7
duc - Liquidation without bad debt doesn't update totalBorrow of market
#55
sherlock-admin4
closed
4 months ago
0
bin2chen - ERC4494.sol is not compatible with ERC-4494
#54
sherlock-admin3
closed
4 months ago
4
duc - `_computeClosingFactor` function will return incorrect values, lower than needed, because it uses `collateralizationRate` to calculate the denominator
#53
sherlock-admin2
opened
4 months ago
2
bin2chen - rebalance() Permission Control Error
#52
sherlock-admin4
closed
4 months ago
1
bin2chen - SGL Liquidation Fees be Locked in Penrose
#51
sherlock-admin3
closed
4 months ago
0
Previous
Next