sherlock-audit 2024-03-axis-finance-judging issues

sherlock-audit / 2024-03-axis-finance-judging

1 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

hash - User's will receive less than minAmountOut

#249 sherlock-admin3 closed 5 months ago
1
ydlee - Pre-funded `FPAM` auctions may lead seller to lose funds.

#248 sherlock-admin2 closed 5 months ago
1
Avci - curator can lead to DOS `purchase()` function

#247 sherlock-admin4 closed 5 months ago
0
Honour - Atomic auctions suspicious of blockchain reorg attack

#246 sherlock-admin3 closed 5 months ago
1
dimulski - A malicious actor can manipulate the ordering of bids, resulting in detrimental exploits of the axis-finance protocol

#245 sherlock-admin2 closed 5 months ago
4
aycozynfada - Unsafe Casting May Lead to Overflow in calculateQuoteFees

#244 sherlock-admin4 closed 5 months ago
1
Avci - lack of deadline check in `auction()` will bypass minimum auction duration

#243 sherlock-admin3 closed 5 months ago
1
sl1 - `_revertIfLotConcluded()` incorrectly checks if the lot has concluded.

#242 sherlock-admin2 closed 5 months ago
0
poslednaya - DoS can be implemented via blacklisted ERC

#241 sherlock-admin4 closed 5 months ago
0
dinkras - Sellers can forbid bids to be placed on an active batch auctions

#240 sherlock-admin3 closed 5 months ago
2
ParthMandale - Predictable Symmetric Keys from Salt Duplication - A Threat to Encryption Integrity

#239 sherlock-admin2 closed 5 months ago
1
shaka - `Auctioneer.auction` stores always the `Routing` data for new auctions using `lotId` 0

#238 sherlock-admin4 closed 5 months ago
0
shaka - Settlement of batch auction can exceed the gas limit

#237 sherlock-admin3 opened 6 months ago
4
web3tycoon - A malicious Admin can cancel any auction without refunds. to the `Seller` or `bidder`

#236 sherlock-admin2 closed 5 months ago
1
shaka - DoS for EMPAM `refundBid`

#235 sherlock-admin4 closed 5 months ago
0
shaka - Allocation of fees can be higher than 100%

#234 sherlock-admin3 closed 5 months ago
7
bareli - wrong implement of "version" in unwrapVeecode.

#233 sherlock-admin2 closed 5 months ago
1
w42d3n - Solmate safetransfer and safetransferfrom does not check the code size of the token address, which may lead to funding loss

#232 sherlock-admin4 closed 5 months ago
1
aycozynfada - Missing Declaration of Return Value from module.mint

#231 sherlock-admin3 closed 5 months ago
1
bareli - wrong initialize of "priority queue".

#230 sherlock-admin2 closed 5 months ago
1
Honour - Use of unintiliazed `lotId` to store auction routing data

#229 sherlock-admin4 closed 5 months ago
0
bareli - zero amount can be transferred.

#228 sherlock-admin3 closed 5 months ago
1
sl1 - `curate()` calculates `curatorFeePayout` incorrectly when capacity is in quote tokens.

#227 sherlock-admin2 closed 5 months ago
5
dimulski - Wrong calculation of bid price

#226 sherlock-admin4 closed 5 months ago
4
sl1 - `Auctioneer.auction()` is incorrectly accesing the routing in storage.

#225 sherlock-admin3 closed 5 months ago
0
hash - No setter for minAuctionDuration

#224 sherlock-admin2 closed 5 months ago
10
thisvishalsingh - Inadequate Handling of Lot Cancellation Post-Partial Settlement

#223 sherlock-admin4 closed 5 months ago
0
sl1 - Permanent DoS of `claimBids()` and `settle()` functions for an auction lot with an expired `LinearVesting` derivative.

#222 sherlock-admin3 closed 5 months ago
0
ydlee - Curator can increase fee before accepting auction, leading the seller to pay more curator fees than he expected.

#221 sherlock-admin2 closed 5 months ago
0
thisvishalsingh - Protocol Fee Changes Impacting Auction Settlements

#220 sherlock-admin4 closed 5 months ago
4
yotov721 - BlastAuctionHouse.sol uses the wrong address for USDB and WETH

#219 sherlock-admin3 closed 5 months ago
0
web3tycoon - Wrong Information or no information, may be linked to an auction using the infoHash

#218 sherlock-admin2 closed 5 months ago
1
sl1 - `_isLess()` function of `MaxPriorityQueue` incorrectly determines the ordering of bids.

#217 sherlock-admin4 closed 5 months ago
1
FindEverythingX - Non-blast rebase tokens won’t work with the contract [LinearVesting]

#216 sherlock-admin3 closed 5 months ago
1
FindEverythingX - USDB and WETH rebalances are stuck within the contract

#215 sherlock-admin2 closed 5 months ago
0
FindEverythingX - Incorrect hard coded variables for _WETH and _USDB will prevent deployment

#214 sherlock-admin4 closed 5 months ago
0
FindEverythingX - Griefing Attack: Lack of refund fee can be abused to prevent other users from collecting a refund

#213 sherlock-admin3 closed 5 months ago
0
FindEverythingX - DoS within settle logic due to unbatched loop (possible without intentional griefing, solely during normal business operation)

#212 sherlock-admin2 closed 5 months ago
1
FindEverythingX - Silent overflow within _settle will result in a loss for the auction creator

#211 sherlock-admin4 closed 5 months ago
1
web3tycoon - Natspec Issues

#210 sherlock-admin3 closed 5 months ago
1
FindEverythingX - Silent overflow within _getLotMarginalPrice will falsify auction outcome

#209 sherlock-admin2 closed 5 months ago
1
lemonmon - Wrong comparison operator used inside `AuctionModule._revertIfLotConcluded()` may cause multiple issues

#208 sherlock-admin4 closed 5 months ago
0
FindEverythingX - Auction creator can hold funds hostage when not providing privateKey

#207 sherlock-admin3 closed 5 months ago
0
thisvishalsingh - Callback Contract Failures Disrupting Auction Settlements

#206 sherlock-admin2 closed 5 months ago
1
FindEverythingX - Unsafe casting for capacityInQuote condition can result in overflow for maxPayout

#205 sherlock-admin4 closed 5 months ago
2
FindEverythingX - Unsafe casting within _purchase function can result in overflow

#204 sherlock-admin3 opened 6 months ago
5
FindEverythingX - Concluded auction (FPAM) will result in permanently stuck funds

#203 sherlock-admin2 closed 5 months ago
0
lemonmon - Auction data from previous auctions may be overwritten when a new auction is created with `Auctioneer.auction()`

#202 sherlock-admin4 closed 5 months ago
0
FindEverythingX - onCurate callback can be set such that the curate call reverts, preventing curator from rightfully receiving fees

#201 sherlock-admin3 closed 5 months ago
1
FindEverythingX - Unclaimed bids will never allocate fees to the protocol/referrer

#200 sherlock-admin2 closed 5 months ago
1