issues
search
sherlock-audit
/
2024-03-axis-finance-judging
1
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
hash - User's will receive less than minAmountOut
#249
sherlock-admin3
closed
5 months ago
1
ydlee - Pre-funded `FPAM` auctions may lead seller to lose funds.
#248
sherlock-admin2
closed
5 months ago
1
Avci - curator can lead to DOS `purchase()` function
#247
sherlock-admin4
closed
5 months ago
0
Honour - Atomic auctions suspicious of blockchain reorg attack
#246
sherlock-admin3
closed
5 months ago
1
dimulski - A malicious actor can manipulate the ordering of bids, resulting in detrimental exploits of the axis-finance protocol
#245
sherlock-admin2
closed
5 months ago
4
aycozynfada - Unsafe Casting May Lead to Overflow in calculateQuoteFees
#244
sherlock-admin4
closed
5 months ago
1
Avci - lack of deadline check in `auction()` will bypass minimum auction duration
#243
sherlock-admin3
closed
5 months ago
1
sl1 - `_revertIfLotConcluded()` incorrectly checks if the lot has concluded.
#242
sherlock-admin2
closed
5 months ago
0
poslednaya - DoS can be implemented via blacklisted ERC
#241
sherlock-admin4
closed
5 months ago
0
dinkras - Sellers can forbid bids to be placed on an active batch auctions
#240
sherlock-admin3
closed
5 months ago
2
ParthMandale - Predictable Symmetric Keys from Salt Duplication - A Threat to Encryption Integrity
#239
sherlock-admin2
closed
5 months ago
1
shaka - `Auctioneer.auction` stores always the `Routing` data for new auctions using `lotId` 0
#238
sherlock-admin4
closed
5 months ago
0
shaka - Settlement of batch auction can exceed the gas limit
#237
sherlock-admin3
opened
6 months ago
4
web3tycoon - A malicious Admin can cancel any auction without refunds. to the `Seller` or `bidder`
#236
sherlock-admin2
closed
5 months ago
1
shaka - DoS for EMPAM `refundBid`
#235
sherlock-admin4
closed
5 months ago
0
shaka - Allocation of fees can be higher than 100%
#234
sherlock-admin3
closed
5 months ago
7
bareli - wrong implement of "version" in unwrapVeecode.
#233
sherlock-admin2
closed
5 months ago
1
w42d3n - Solmate safetransfer and safetransferfrom does not check the code size of the token address, which may lead to funding loss
#232
sherlock-admin4
closed
5 months ago
1
aycozynfada - Missing Declaration of Return Value from module.mint
#231
sherlock-admin3
closed
5 months ago
1
bareli - wrong initialize of "priority queue".
#230
sherlock-admin2
closed
5 months ago
1
Honour - Use of unintiliazed `lotId` to store auction routing data
#229
sherlock-admin4
closed
5 months ago
0
bareli - zero amount can be transferred.
#228
sherlock-admin3
closed
5 months ago
1
sl1 - `curate()` calculates `curatorFeePayout` incorrectly when capacity is in quote tokens.
#227
sherlock-admin2
closed
5 months ago
5
dimulski - Wrong calculation of bid price
#226
sherlock-admin4
closed
5 months ago
4
sl1 - `Auctioneer.auction()` is incorrectly accesing the routing in storage.
#225
sherlock-admin3
closed
5 months ago
0
hash - No setter for minAuctionDuration
#224
sherlock-admin2
closed
5 months ago
10
thisvishalsingh - Inadequate Handling of Lot Cancellation Post-Partial Settlement
#223
sherlock-admin4
closed
5 months ago
0
sl1 - Permanent DoS of `claimBids()` and `settle()` functions for an auction lot with an expired `LinearVesting` derivative.
#222
sherlock-admin3
closed
5 months ago
0
ydlee - Curator can increase fee before accepting auction, leading the seller to pay more curator fees than he expected.
#221
sherlock-admin2
closed
5 months ago
0
thisvishalsingh - Protocol Fee Changes Impacting Auction Settlements
#220
sherlock-admin4
closed
5 months ago
4
yotov721 - BlastAuctionHouse.sol uses the wrong address for USDB and WETH
#219
sherlock-admin3
closed
5 months ago
0
web3tycoon - Wrong Information or no information, may be linked to an auction using the infoHash
#218
sherlock-admin2
closed
5 months ago
1
sl1 - `_isLess()` function of `MaxPriorityQueue` incorrectly determines the ordering of bids.
#217
sherlock-admin4
closed
5 months ago
1
FindEverythingX - Non-blast rebase tokens won’t work with the contract [LinearVesting]
#216
sherlock-admin3
closed
5 months ago
1
FindEverythingX - USDB and WETH rebalances are stuck within the contract
#215
sherlock-admin2
closed
5 months ago
0
FindEverythingX - Incorrect hard coded variables for _WETH and _USDB will prevent deployment
#214
sherlock-admin4
closed
5 months ago
0
FindEverythingX - Griefing Attack: Lack of refund fee can be abused to prevent other users from collecting a refund
#213
sherlock-admin3
closed
5 months ago
0
FindEverythingX - DoS within settle logic due to unbatched loop (possible without intentional griefing, solely during normal business operation)
#212
sherlock-admin2
closed
5 months ago
1
FindEverythingX - Silent overflow within _settle will result in a loss for the auction creator
#211
sherlock-admin4
closed
5 months ago
1
web3tycoon - Natspec Issues
#210
sherlock-admin3
closed
5 months ago
1
FindEverythingX - Silent overflow within _getLotMarginalPrice will falsify auction outcome
#209
sherlock-admin2
closed
5 months ago
1
lemonmon - Wrong comparison operator used inside `AuctionModule._revertIfLotConcluded()` may cause multiple issues
#208
sherlock-admin4
closed
5 months ago
0
FindEverythingX - Auction creator can hold funds hostage when not providing privateKey
#207
sherlock-admin3
closed
5 months ago
0
thisvishalsingh - Callback Contract Failures Disrupting Auction Settlements
#206
sherlock-admin2
closed
5 months ago
1
FindEverythingX - Unsafe casting for capacityInQuote condition can result in overflow for maxPayout
#205
sherlock-admin4
closed
5 months ago
2
FindEverythingX - Unsafe casting within _purchase function can result in overflow
#204
sherlock-admin3
opened
6 months ago
5
FindEverythingX - Concluded auction (FPAM) will result in permanently stuck funds
#203
sherlock-admin2
closed
5 months ago
0
lemonmon - Auction data from previous auctions may be overwritten when a new auction is created with `Auctioneer.auction()`
#202
sherlock-admin4
closed
5 months ago
0
FindEverythingX - onCurate callback can be set such that the curate call reverts, preventing curator from rightfully receiving fees
#201
sherlock-admin3
closed
5 months ago
1
FindEverythingX - Unclaimed bids will never allocate fees to the protocol/referrer
#200
sherlock-admin2
closed
5 months ago
1
Next