issues
search
sherlock-audit
/
2024-04-interest-rate-model-judging
9
stars
5
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
User can still withdrawAtMaturity or repayAtMaturity 0 positionAssets by inputting positive positionAssets if his position balance is 0.
#263
sherlock-admin3
closed
4 months ago
0
In `Market.borrow` function the `receiver` can be `address(0)` thus losing funds
#262
sherlock-admin2
closed
4 months ago
0
`Markets` can not be deployed with ERC20 tokens which do not implement the `decimals` function
#261
sherlock-admin4
closed
4 months ago
0
ETH balance from Swapper contract can be stolen
#260
sherlock-admin3
closed
4 months ago
0
TestIssue
#259
sherlock-admin2
closed
4 months ago
0
0x73696d616f - If a maturity expires before an account handles borrow of the RewardsController, it will not have it's share, leading to lost rewards
#258
sherlock-admin4
closed
4 months ago
7
Ward - Not possible to borrow from the router because no allowance was given
#257
sherlock-admin3
closed
4 months ago
1
0xhacksmithh - Not Compling with ERC4626
#256
sherlock-admin2
closed
4 months ago
1
Bigsam - ```RewardController.accountBalanceOperations()``` returns an incorrect value in balance, causing a user to get more borrow reward than usual.
#255
sherlock-admin4
closed
4 months ago
1
BoRonGod - Deviation in oracle price could lead to arbitrage
#254
sherlock-admin3
closed
4 months ago
0
0x77 - solmate SafeTransferLib.sol function does not check contract size
#253
sherlock-admin2
closed
4 months ago
1
Bigsam - Lack of Administrative Ability to Clear Bad Debt and Liquidate Positions
#252
sherlock-admin4
closed
4 months ago
1
burhan_khaja - Markets funds can be stolen by clearing bad debt for free by directly calling handleBadDebt(address) in auditor contract
#251
sherlock-admin3
closed
4 months ago
1
BowTiedOriole - No slippage checks for deposit/mint/withdraw/redeem
#250
sherlock-admin2
closed
4 months ago
1
0xhacksmithh - Protocol lossing some part of `fee` due to wrong rounding direction
#249
sherlock-admin4
closed
4 months ago
12
Ward - Vault Inflation Attack is present in `Market`
#248
sherlock-admin3
closed
4 months ago
0
karanctf - Insufficient check in MarketETHRouter::refund() locks eth
#247
sherlock-admin2
closed
4 months ago
1
.-..---.....-. - Should spend allowance from msg.sender rather than from borrower.
#246
sherlock-admin4
closed
4 months ago
1
0x73696d616f - `rewardData.releaseRate` is incorrectly calculated on `RewardsController::config()` when `block.timestamp > start` and `rewardData.lastConfig != rewardData.start`
#245
sherlock-admin3
opened
5 months ago
2
stonejiajia - A user attempting to repay too much should error gracefully.
#244
sherlock-admin2
closed
4 months ago
1
Bigsam - Failure to Call afterDeposit Function Upon Depositatmaturity
#243
sherlock-admin4
closed
4 months ago
1
BowTiedOriole - Vesting with a permit in `EscrowedEXA` can be frontrun and DOS'd
#242
sherlock-admin3
closed
4 months ago
1
karanctf - Using deprecated Chainlink function latestAnswer
#241
sherlock-admin2
closed
4 months ago
0
bareli - cancel function in EscrowedEXA.sol will always revert.
#240
sherlock-admin4
closed
4 months ago
1
BowTiedOriole - Unassigned earnings in matured pools will not be included in `totalAssets()` calculation
#239
sherlock-admin3
closed
4 months ago
0
karanctf - collateralization ratio of 1:1 will cause insolvency during Auditor::exitMarket()
#238
sherlock-admin2
closed
4 months ago
1
Shield - Race condition between 2 different markets in bad debt situation
#237
sherlock-admin4
closed
4 months ago
1
Ward - Lack of slippage control in the functions of the `Market` contract
#236
sherlock-admin3
closed
4 months ago
1
Audinarey - Future upgrades to chainlink API can brick the protocol
#235
sherlock-admin2
closed
4 months ago
13
Shield - Undercollateralized positions can be liquidated when the contract is frozen
#234
sherlock-admin4
closed
4 months ago
1
sakshamguruji - Discontinuity in liquidate() function's actualRepay calculation
#233
sherlock-admin3
closed
4 months ago
1
BoRonGod - ERC4626 inflate attack
#232
sherlock-admin2
closed
4 months ago
0
Emmanuel - User can setup and steal from liquidator, by making him seize far less collateral than the debt he is repaying.
#231
sherlock-admin4
closed
4 months ago
0
DenTonylifer - Loss of precision while calculating releaseRate
#230
sherlock-admin3
closed
4 months ago
20
KupiaSec - Anyone can allow others' assets to be used as collateral without approval of the asset owner because the `Market.borrow` function doesn't check if `assets > 0`
#229
sherlock-admin2
closed
4 months ago
0
KupiaSec - The function `updateFloatingDebt` must be called before every update of the `floatingAssets`, `floatingDebt` and `floatingBackupBorrowed` variables.
#228
sherlock-admin4
closed
4 months ago
0
Shield - Attacker can force a user to enter a market
#227
sherlock-admin3
closed
4 months ago
0
Shield - `account.fixedDeposit` and `account.fixedBorrows` states can be broken if the `maturity` variable overflows
#226
sherlock-admin2
closed
4 months ago
1
Dliteofficial - Cross Market Liquidation will be impossible when the debt market != repay market
#225
sherlock-admin4
closed
4 months ago
36
BoRonGod - floatingAssetsAverage is updated only on deposit and withdraw
#224
sherlock-admin3
closed
4 months ago
9
Shield - `Market.previewDebt` function rounds down during the debt calculation
#223
sherlock-admin2
closed
4 months ago
1
0xmuxyz - Lack of the implementation of the Market#`deposit()` in the Market contract, which lead to that the TX of the MarketETHRouter#`deposit()` would **always** be reverted
#222
sherlock-admin4
closed
4 months ago
1
Nyx - Reward indexes can be wrong
#221
sherlock-admin3
closed
4 months ago
1
sakshamguruji - Inconsistent Role Check for Token Transfer in EscrowedEXA Contract
#220
sherlock-admin2
closed
4 months ago
1
sakshamguruji - Double Accounting Of EXA Reserves While Canceling a Vest
#219
sherlock-admin4
closed
4 months ago
1
DenTonylifer - Price feed's latest value can be easily manipulated
#218
sherlock-admin3
closed
4 months ago
1
Emmanuel - Vault depositors are getting incentivized whether of not a `borrowAtMaturity` call utilized funds from floating pool.
#217
sherlock-admin2
closed
4 months ago
1
0xGreyWolf - Liquidations does not consider the overall health of the protocol
#216
sherlock-admin4
closed
4 months ago
4
elhaj - Precision Loss in `repayAtMaturity` can lead to system insolvency and loss of funds
#215
sherlock-admin3
closed
4 months ago
6
Emmanuel - During a market pause, unhealthy users are treated differently depending on the amount of collateral they have in other markets.
#214
sherlock-admin2
closed
4 months ago
1
Next