issues
search
sherlock-audit
/
2024-02-tapioca-judging
2
stars
2
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
bin2chen - Unrestricted srcChainSender in USDO.executeModule()
#50
sherlock-admin2
closed
5 months ago
1
bin2chen - Unupdated totalBorrow After BigBang Liquidation
#49
sherlock-admin4
opened
5 months ago
3
cergyk - UsdoMarketReceiverModule::removeAssetReceiver msg_.externalData.marketHelper is unchecked enabling arbitrary market actions from magnetar
#48
sherlock-admin3
closed
5 months ago
2
cergyk - TOFTMarketReceiverModule::leverageUpReceiver Incorrect approval handling
#47
sherlock-admin2
closed
5 months ago
1
cergyk - BaseLeverageExecutor::_swapAndTransferToSender will return wrong amount if TOFT wrapping has fees
#46
sherlock-admin4
closed
5 months ago
1
cccz - For some cross-chain calls, the _toeComposeReceiver of BaseTOFTReceiver and USDOReceiver should check _srcChainSender == data.user
#45
sherlock-admin3
closed
5 months ago
0
cergyk - BBLeverage::sellCollateral relies on outdated interface for leverageExecutor
#44
sherlock-admin2
closed
5 months ago
1
cergyk - Penrose::_depositFeesToTwTap can unexpectedly revert due to amount rounded down
#43
sherlock-admin4
opened
5 months ago
4
cergyk - BBLeverage::sellCollateral is unusable due to wrong asset deposit attempt in YieldBox
#42
sherlock-admin3
opened
5 months ago
3
cergyk - BBCommon::_accrue wrong value is used to prevent overflow
#41
sherlock-admin2
opened
5 months ago
2
cergyk - Singularity::setSingularityConfig Wrong liquidationCollateralizationRate is set
#40
sherlock-admin4
closed
5 months ago
4
cergyk - Singularity::removeAsset share can become zero due to rounding down, and any user can be extracted some amount of asset
#39
sherlock-admin3
opened
5 months ago
7
cergyk - Origins.sol no function to add allowedParticipants
#38
sherlock-admin2
closed
5 months ago
4
cergyk - BaseTOFTReceiver::_toeComposeReceiver some compose calls are not authenticated
#37
sherlock-admin4
closed
5 months ago
0
cergyk - BBLeverage/SGLLeverage::sellCollateral excess asset stays in contract
#36
sherlock-admin3
closed
5 months ago
1
cergyk - Market::_computeClosingFactor wrong collateralization calculation can cause liquidatee solvency to become worse
#35
sherlock-admin2
closed
5 months ago
0
cergyk - BigBang/Singularity::_updateBorrowAndCollateralShare totalBorrow variable is never updated and breaks a few core mechanics
#34
sherlock-admin4
closed
5 months ago
1
cergyk - BBLiquidation::_liquidateUser liquidator can bypass protocol fee on liquidation by returning returnedShare == borrowShare
#33
sherlock-admin3
opened
5 months ago
15
cergyk - BBLiquidation/SGLLiquidation::_updateBorrowAndCollateralShare liquidator can bypass bad debt handling to ensure whole liquidation reward
#32
sherlock-admin2
opened
5 months ago
8
cergyk - BBLeverage::buyCollateral Malicious operator can abuse _allowedBorrow approval on Big bang market
#31
sherlock-admin4
closed
5 months ago
1
Tendency - Unfair Liquidation Risk Due to Unvalidated Exchange Rate
#30
sherlock-admin3
closed
5 months ago
8
Tendency - Underflow Vulnerability in `Market::_allowedBorrow` Function: Oversight with Pearlmit Allowance Handling
#29
sherlock-admin2
opened
5 months ago
3
AuditorPraise - Fees accumulated in `singularity` that is stored on penrose's account may be stuck in certain scenarios
#28
sherlock-admin4
closed
5 months ago
3
Tendency - Flawed Initialization in `BigBang` Contract: `minMintFeeStart` Exceeds `maxMintFeeStart`
#27
sherlock-admin3
closed
5 months ago
22
Tendency - Flawed `_isSolvent` Check Permits Users to Borrow Without Any Prior Borrowings or Collateral, Essentially Allowing Them to Borrow Any Amount for Free.
#26
sherlock-admin2
closed
5 months ago
1
Tendency - Insufficient Solvency Checks During Borrow & Collateral Removal Actions
#25
sherlock-admin4
closed
5 months ago
1
Tendency - MIssing Admin Setters for `_pause()` and `_unpause()`
#24
sherlock-admin3
closed
5 months ago
2
Tendency - `mTOFT::wrap` Function, Doesn't Work Rightly When Wrapping Native Tokens
#23
sherlock-admin2
closed
5 months ago
1
Tendency - Stuck Ether Can Easily Be Stolen
#22
sherlock-admin4
closed
5 months ago
4
Tendency - Wrapping is Still Possible When MintCap is Zero
#21
sherlock-admin3
closed
5 months ago
2
Tendency - Legitimate Wrap Transactions Could Erroneously Be Reverted
#20
sherlock-admin2
closed
5 months ago
2
Tendency - Any Oft Token Holder Can be Forcefully Unwrapped
#19
sherlock-admin4
closed
5 months ago
4
Tendency - Incorrect `tapOft` Amounts Will Be Sent to Desired Chains on Certain Conditions
#18
sherlock-admin3
opened
5 months ago
2
Tendency - Flaw in Cross-Chain Approval System Raises Risk of Unauthorized Token Transfers
#17
sherlock-admin2
closed
5 months ago
1
AuditorPraise - BBLeverage.buyCollateral() and BBLendingCommon._repay() will have issues withdrawing from yieldBox for `from`
#16
sherlock-admin4
closed
5 months ago
2
Tendency - Exercising Options In a destination Chain for Some msg Type is Impossible
#15
sherlock-admin3
closed
5 months ago
1
ComposableSecurity - Unverified `_srcChainSender` parameter allows to impersonate the sender
#14
sherlock-admin2
opened
5 months ago
3
AuditorPraise - Malicious user can borrow and leave protocol in bad debt in SGLBorrow.sol
#13
sherlock-admin4
closed
5 months ago
2
AuditorPraise - WETH was never set in baseLeverageExecutor.sol
#12
sherlock-admin3
opened
5 months ago
4
AuditorPraise - `BBLiquidation.liquidteBadDebt()`, `BBLiquidation.liquidate()`, `SGLLiquidation.liquidateBadDebt()`, `SGLLiquidation.liquidate()` might use stale exchangeRate for liquidations if oracle reverts for any reason.
#11
sherlock-admin2
closed
5 months ago
9
Hajime - lack of expiration timestamp in `IZeroXSwapper.swap()`
#10
sherlock-admin4
closed
5 months ago
3
Hajime - unchecked loop increments no valid in solidity v0.8.22
#9
sherlock-admin3
closed
5 months ago
3
0xkaden - decodeArrayOfYieldBoxPermitAssetMsg returns corrupted data
#8
sherlock-admin2
closed
5 months ago
2
Anubis - Potential Insolvency due to Insufficient Balance Update after Transfer in _addCollateral Function
#7
sherlock-admin4
closed
5 months ago
3
Anubis - Potential Precision Error Leads to Inflated Collateral Value and Erroneous Solvency Determination
#6
sherlock-admin3
closed
5 months ago
5
Anubis - Accrued Interest Precision Issue Leading to Zero Interest for Small Decimal Tokens
#5
sherlock-admin2
closed
5 months ago
3
Anubis - Liquidation Imbalance and Collateral Discrepancy in Smart Contract
#4
sherlock-admin4
closed
5 months ago
2
Anubis - Insufficient Authorization Check Leading to Unauthorized Collateral Addition
#3
sherlock-admin3
closed
5 months ago
3
tiger322 - tapioca
#2
sherlock-admin2
closed
5 months ago
2
aervin - Critical `_checkWhitelistStatus` Bypasses with Zero Address
#1
sherlock-admin4
closed
5 months ago
2
Previous
Next