sherlock-audit 2024-03-arrakis-judging issues

sherlock-audit / 2024-03-arrakis-judging

2 stars 2 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

abi.encodePacked may break with some initManagement signatures

#99 sherlock-admin3 closed 5 months ago
0
ArrakisMetaVault::mint Insufficient MINIMUM_LIQUIDITY Won’t Protect Against Vault Inflation Attack (Grieving)

#98 sherlock-admin4 closed 5 months ago
0
ValantisModulePublic::deposit Lack of slippage controls

#97 sherlock-admin2 closed 5 months ago
0
ValantisModule::setPriceBounds Missing whenNotPaused modifier

#96 sherlock-admin3 closed 5 months ago
0
No check if the Arbitrum Sequencer is down in `HOTOracle.sol:_getOraclePriceUSD()` and not verifying if `answeredInRound` value with the `roundID`

#95 sherlock-admin4 closed 5 months ago
0
Incorrect Use of `symbol()` Instead of `name()` in `getTokenName`

#94 sherlock-admin2 closed 5 months ago
0
Missing checks for `address(0)`

#93 sherlock-admin4 closed 5 months ago
0
Inefficient Input Validation in `mint` and `burn` Functions

#92 sherlock-admin3 closed 5 months ago
0
0xAadi - Initial depositor has to spend additional amount to mint MINIMUM_LIQUIDITY and it canot be withdrawn

#91 sherlock-admin2 closed 5 months ago
1
NoOne - use `safeMint` instead `mint`

#90 sherlock-admin4 closed 5 months ago
0
Angry_Mustache_Man - Loss of funds caused by edge case in Deposit & Withdraw functions of Private & Public Vaults

#89 sherlock-admin4 closed 5 months ago
10
bareli - no check on cooldownPeriod in ArrakisStandardManager.

#88 sherlock-admin3 closed 5 months ago
1
RadCet - Users lost their private vault

#87 sherlock-admin3 closed 5 months ago
0
Ocean_Sky - Private vault ownership nft can be subject for honeypot attack

#86 sherlock-admin2 closed 5 months ago
0
0xrobsol - Caller Verification in removeLiquidity Function

#85 sherlock-admin4 closed 5 months ago
1
0xrobsol - Missing Check for Manager Fee Limit in _updateParamsChecks Function

#84 sherlock-admin4 closed 5 months ago
1
0xrobsol - Cooldown Period Management in _updateParamsChecks Function

#83 sherlock-admin3 closed 5 months ago
1
0xrobsol - Indexing Behavior in initializedVaults Function

#82 sherlock-admin3 closed 5 months ago
0
0xrobsol - Inadequate Role Management for Contract Executors

#81 sherlock-admin2 closed 5 months ago
0
cergyk - ArrakisMetaVaultPrivate::fund No slippage control on private vault deposit can cause unlimited loss to owner

#80 sherlock-admin2 opened 5 months ago
7
cergyk - HOT::setPriceBounds Malicious executor can brick vault withdrawals for at least 2 days

#79 sherlock-admin4 closed 5 months ago
11
mgf15 - Use safeMint instead of mint for ERC721

#78 sherlock-admin4 closed 5 months ago
0
0xrobsol - Inadequate Liquidity Management During Discounted HOT Swaps

#77 sherlock-admin3 closed 5 months ago
0
cergyk - ArrakisStandardManager::rebalance Malicious executor can bypass slippage check and steal funds from a public vault

#76 sherlock-admin2 closed 5 months ago
17
mgf15 - MISSING STALENESS CHECKS

#75 sherlock-admin2 closed 5 months ago
0
mgf15 - missing check to see if the L2 sequencer is down

#74 sherlock-admin4 closed 5 months ago
0
cergyk - ValantisModule::setALMAndManagerFees Public vault owner can use upgradeable oracle to rug funds

#73 sherlock-admin4 closed 5 months ago
0
cergyk - HOTOracle::getSqrtOraclePriceX96 Missing checks on values returned by Chainlink aggregators

#72 sherlock-admin3 closed 5 months ago
0
0xrobsol - Potential Fee Calculation Exploit in AMM Due to Infrequent Timestamp Updates

#71 sherlock-admin3 closed 5 months ago
0
0xrobsol - Need for Buffer in Spot Price Validation During AMM Swaps

#70 sherlock-admin2 closed 5 months ago
0
kfx - Insufficient swap price validation means that solvers can their use signed quotes as free options, causing losses to the LP

#69 sherlock-admin4 closed 5 months ago
12
kfx - Liquidity calculation overflows can be weaponized for DoS attacks via token donations

#68 sherlock-admin4 closed 5 months ago
3
cergyk - ValantisModule::initializePosition Unlimited slippage can be incurred on initialization of position

#67 sherlock-admin3 closed 5 months ago
8
0xrobsol - Inconsistent Liquidity Updates in AMM Swap Function

#66 sherlock-admin3 closed 5 months ago
0
cergyk - Private vault NFT sale can be front-run to withdraw the funds

#65 sherlock-admin2 closed 5 months ago
0
0xlookman - 0xlookman:- ArrakisMetaVaultFactory.sol::getTokenName returns token symbol instead of Token name.

#64 sherlock-admin4 closed 5 months ago
0
0xlookman - 0xlookman - `ArrakisPublicVaultRouter.sol::wrapAndSwapAndAddLiquidity` most likely to revert hence denying users this service.

#63 sherlock-admin4 closed 5 months ago
1
0xlookman - 0xlookman - `ArrakisPublicVaultRouter.sol::swapAndAddLiquidity` can be used to steal `eth`\ native token funds from this contract

#62 sherlock-admin3 closed 5 months ago
0
bareli - Chainlink’s latestRoundData might return stale or incorrect results

#61 sherlock-admin3 closed 5 months ago
0
0xrobsol - L2 Sequencer Reliability and Oracle Data Freshness

#60 sherlock-admin4 closed 5 months ago
4
whitehair0330 - A malicious rebalancing process can `significantly` alter the ratio between the amounts of `token0` and `token1` held in the pool.

#59 sherlock-admin3 closed 5 months ago
12
kennedy1030 - Modifying the `_managerFeePIPS` variable within the `ValantisHOTModule` is not possible until the `ValantisHOTModule` has been designated as the `poolManager` of the SovereignPool.

#58 sherlock-admin2 closed 5 months ago
0
Angry_Mustache_Man - No setter function available for ValantisHOTModule.sol.maxSlippage()

#57 sherlock-admin3 closed 5 months ago
5
kennedy1030 - A malicious rebalance executor can illegally siphon off assets through the rebalancing process.

#56 sherlock-admin3 closed 5 months ago
7
KupiaSec - The rebalance executor can take large amounts of vault shares even without any underlying assets

#55 sherlock-admin3 closed 5 months ago
9
KupiaSec - Adding liquidity can be `DoS`ed due to calculation mismatches

#54 sherlock-admin3 opened 5 months ago
21
Angry_Mustache_Man - rebalancing functionality can be used by executor to drain funds

#53 sherlock-admin3 closed 5 months ago
12
Angry_Mustache_Man - Arithmetic Overflow is caused while calculating Liquidity Quote during a Hot Swap

#52 sherlock-admin4 closed 5 months ago
1
AgileJune - _hotSwap() will be reverted for some tokens pair due to overflow

#51 sherlock-admin4 closed 5 months ago
0
cergyk - ArrakisMetaVault::setModule Malicious executor can drain the vault by calling withdraw after initializePosition

#50 sherlock-admin3 opened 5 months ago
8