sherlock-audit 2024-04-interest-rate-model-judging issues

sherlock-audit / 2024-04-interest-rate-model-judging

9 stars 5 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

User can still withdrawAtMaturity or repayAtMaturity 0 positionAssets by inputting positive positionAssets if his position balance is 0.

#263 sherlock-admin3 closed 4 months ago
0
In `Market.borrow` function the `receiver` can be `address(0)` thus losing funds

#262 sherlock-admin2 closed 4 months ago
0
`Markets` can not be deployed with ERC20 tokens which do not implement the `decimals` function

#261 sherlock-admin4 closed 4 months ago
0
ETH balance from Swapper contract can be stolen

#260 sherlock-admin3 closed 4 months ago
0
TestIssue

#259 sherlock-admin2 closed 4 months ago
0
0x73696d616f - If a maturity expires before an account handles borrow of the RewardsController, it will not have it's share, leading to lost rewards

#258 sherlock-admin4 closed 4 months ago
7
Ward - Not possible to borrow from the router because no allowance was given

#257 sherlock-admin3 closed 4 months ago
1
0xhacksmithh - Not Compling with ERC4626

#256 sherlock-admin2 closed 4 months ago
1
Bigsam - ```RewardController.accountBalanceOperations()``` returns an incorrect value in balance, causing a user to get more borrow reward than usual.

#255 sherlock-admin4 closed 4 months ago
1
BoRonGod - Deviation in oracle price could lead to arbitrage

#254 sherlock-admin3 closed 4 months ago
0
0x77 - solmate SafeTransferLib.sol function does not check contract size

#253 sherlock-admin2 closed 4 months ago
1
Bigsam - Lack of Administrative Ability to Clear Bad Debt and Liquidate Positions

#252 sherlock-admin4 closed 4 months ago
1
burhan_khaja - Markets funds can be stolen by clearing bad debt for free by directly calling handleBadDebt(address) in auditor contract

#251 sherlock-admin3 closed 4 months ago
1
BowTiedOriole - No slippage checks for deposit/mint/withdraw/redeem

#250 sherlock-admin2 closed 4 months ago
1
0xhacksmithh - Protocol lossing some part of `fee` due to wrong rounding direction

#249 sherlock-admin4 closed 4 months ago
12
Ward - Vault Inflation Attack is present in `Market`

#248 sherlock-admin3 closed 4 months ago
0
karanctf - Insufficient check in MarketETHRouter::refund() locks eth

#247 sherlock-admin2 closed 4 months ago
1
.-..---.....-. - Should spend allowance from msg.sender rather than from borrower.

#246 sherlock-admin4 closed 4 months ago
1
0x73696d616f - `rewardData.releaseRate` is incorrectly calculated on `RewardsController::config()` when `block.timestamp > start` and `rewardData.lastConfig != rewardData.start`

#245 sherlock-admin3 opened 5 months ago
2
stonejiajia - A user attempting to repay too much should error gracefully.

#244 sherlock-admin2 closed 4 months ago
1
Bigsam - Failure to Call afterDeposit Function Upon Depositatmaturity

#243 sherlock-admin4 closed 4 months ago
1
BowTiedOriole - Vesting with a permit in `EscrowedEXA` can be frontrun and DOS'd

#242 sherlock-admin3 closed 4 months ago
1
karanctf - Using deprecated Chainlink function latestAnswer

#241 sherlock-admin2 closed 4 months ago
0
bareli - cancel function in EscrowedEXA.sol will always revert.

#240 sherlock-admin4 closed 4 months ago
1
BowTiedOriole - Unassigned earnings in matured pools will not be included in `totalAssets()` calculation

#239 sherlock-admin3 closed 4 months ago
0
karanctf - collateralization ratio of 1:1 will cause insolvency during Auditor::exitMarket()

#238 sherlock-admin2 closed 4 months ago
1
Shield - Race condition between 2 different markets in bad debt situation

#237 sherlock-admin4 closed 4 months ago
1
Ward - Lack of slippage control in the functions of the `Market` contract

#236 sherlock-admin3 closed 4 months ago
1
Audinarey - Future upgrades to chainlink API can brick the protocol

#235 sherlock-admin2 closed 4 months ago
13
Shield - Undercollateralized positions can be liquidated when the contract is frozen

#234 sherlock-admin4 closed 4 months ago
1
sakshamguruji - Discontinuity in liquidate() function's actualRepay calculation

#233 sherlock-admin3 closed 4 months ago
1
BoRonGod - ERC4626 inflate attack

#232 sherlock-admin2 closed 4 months ago
0
Emmanuel - User can setup and steal from liquidator, by making him seize far less collateral than the debt he is repaying.

#231 sherlock-admin4 closed 4 months ago
0
DenTonylifer - Loss of precision while calculating releaseRate

#230 sherlock-admin3 closed 4 months ago
20
KupiaSec - Anyone can allow others' assets to be used as collateral without approval of the asset owner because the `Market.borrow` function doesn't check if `assets > 0`

#229 sherlock-admin2 closed 4 months ago
0
KupiaSec - The function `updateFloatingDebt` must be called before every update of the `floatingAssets`, `floatingDebt` and `floatingBackupBorrowed` variables.

#228 sherlock-admin4 closed 4 months ago
0
Shield - Attacker can force a user to enter a market

#227 sherlock-admin3 closed 4 months ago
0
Shield - `account.fixedDeposit` and `account.fixedBorrows` states can be broken if the `maturity` variable overflows

#226 sherlock-admin2 closed 4 months ago
1
Dliteofficial - Cross Market Liquidation will be impossible when the debt market != repay market

#225 sherlock-admin4 closed 4 months ago
36
BoRonGod - floatingAssetsAverage is updated only on deposit and withdraw

#224 sherlock-admin3 closed 4 months ago
9
Shield - `Market.previewDebt` function rounds down during the debt calculation

#223 sherlock-admin2 closed 4 months ago
1
0xmuxyz - Lack of the implementation of the Market#`deposit()` in the Market contract, which lead to that the TX of the MarketETHRouter#`deposit()` would **always** be reverted

#222 sherlock-admin4 closed 4 months ago
1
Nyx - Reward indexes can be wrong

#221 sherlock-admin3 closed 4 months ago
1
sakshamguruji - Inconsistent Role Check for Token Transfer in EscrowedEXA Contract

#220 sherlock-admin2 closed 4 months ago
1
sakshamguruji - Double Accounting Of EXA Reserves While Canceling a Vest

#219 sherlock-admin4 closed 4 months ago
1
DenTonylifer - Price feed's latest value can be easily manipulated

#218 sherlock-admin3 closed 4 months ago
1
Emmanuel - Vault depositors are getting incentivized whether of not a `borrowAtMaturity` call utilized funds from floating pool.

#217 sherlock-admin2 closed 4 months ago
1
0xGreyWolf - Liquidations does not consider the overall health of the protocol

#216 sherlock-admin4 closed 4 months ago
4
elhaj - Precision Loss in `repayAtMaturity` can lead to system insolvency and loss of funds

#215 sherlock-admin3 closed 4 months ago
6
Emmanuel - During a market pause, unhealthy users are treated differently depending on the amount of collateral they have in other markets.

#214 sherlock-admin2 closed 4 months ago
1