issues
search
sherlock-audit
/
2024-04-interest-rate-model-judging
9
stars
5
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
emiridbest - [M-2] Frontrunning the initialize function can prevent upgrades due to insufficient access control
#213
sherlock-admin4
closed
4 months ago
1
BoRonGod - Pool state is not checked in totalAssets()
#212
sherlock-admin3
closed
4 months ago
1
Emmanuel - Absence of minAssets slippage protection can cause liquidators to be maliciously pushed to make unprofitable liquidations
#211
sherlock-admin2
closed
4 months ago
0
Nyx - The liquidator may not liquidate the borrower if the bad debt is more than earningsAccumulator
#210
sherlock-admin4
closed
4 months ago
1
bareli - Wrong pricefeeed can be setup in setPriceFeed
#209
sherlock-admin3
closed
4 months ago
1
Trumpero - As time passes, the decrease in the value of `previewRepay(fixedDebt)` due to the floating interest results in borrowers being unable to claim their full rewards
#208
sherlock-admin2
closed
4 months ago
0
Emmanuel - Market#totalAssets: unassignedEarnings from earlier maturities might have not been accrued, allowing attacker to steal the unaccrued earnings.
#207
sherlock-admin4
closed
4 months ago
0
Emmanuel - Protocol only incentivizes backrunning of borrowAtMaturity with a depositAtMaturity call.
#206
sherlock-admin3
closed
4 months ago
1
bareli - no ckeck for market listed for "setPriceFeed"
#205
sherlock-admin2
closed
4 months ago
1
Emmanuel - When protocol is paused, users can't repay, but debt keeps accruing.
#204
sherlock-admin4
closed
4 months ago
1
Trumpero - Inconsistency in `floatingAssets` updates in the Market contract
#203
sherlock-admin3
closed
4 months ago
15
Emmanuel - User can open borrow positions that would cause liquidators to be disincentivized from liquidating it due to gas fees
#202
sherlock-admin2
closed
4 months ago
34
Emmanuel - FixedLib#setMaturity: After 18 years, maturity encoding will overflow
#201
sherlock-admin4
closed
4 months ago
7
AuditorPraise - staticcall to wrapper isn't checked to ensure it succeeds
#200
sherlock-admin3
closed
4 months ago
1
BoRonGod - Attackers can siphon off the yield generated by the protocol through flash loans
#199
sherlock-admin2
closed
4 months ago
1
AMOW - `refund` lacks slippage
#198
sherlock-admin4
closed
4 months ago
1
Shield - `updateFloatingDebt()` isn't called during `withdrawAtMaturity()`, leading to incorrect accounting of floating interest
#197
sherlock-admin3
closed
4 months ago
0
elhaj - `TotalAssets` miscalculation Leads to Distorted Share Values and Unfair MEV Opportunities
#196
sherlock-admin2
closed
4 months ago
0
alix40 - Bad Debt Socialization could be blocked by depositing dust amounts on behalf of unhealthy account
#195
sherlock-admin4
closed
4 months ago
1
Sentinels - Market.sol is not ERC4626 compliant leading to potential calculation problems and issues with future integrations
#194
sherlock-admin3
closed
4 months ago
1
bareli - wrong implementation of market in MarketETHRouter.sol
#193
sherlock-admin2
closed
4 months ago
1
tvdung94 - Treasury will receive less money (in shares) than expected
#192
sherlock-admin4
closed
4 months ago
1
AMOW - Using deprecated Chainlink method
#191
sherlock-admin3
closed
4 months ago
1
burhan_khaja - The Auditor, Market, and EXA contracts are lacking upgrade functionality due to an issue with the implementation process.
#190
sherlock-admin2
closed
4 months ago
1
tvdung94 - Unable to clear bad debts in some certain cases
#189
sherlock-admin4
closed
4 months ago
1
rbserver - `RewardsController.permitSender` modifier is not compliant to EIP-712 standard
#188
sherlock-admin3
closed
4 months ago
1
alix40 - Auditor.sol support spot price oracles, which could expose protocol to risk of price manipulation attacks
#187
sherlock-admin2
closed
4 months ago
1
rbserver - Slippage controls for `deposit`, `mint`, `withdraw`, and `redeem` functions of `Market` contract are missing
#186
sherlock-admin4
closed
4 months ago
1
tvdung94 - More earning is allocated than needed to clear bad debts
#185
sherlock-admin3
closed
4 months ago
1
rbserver - Former recipient loses part of deposited reserve that is proportional to her or his vested time after withdrawing from corresponding vesting stream and transferring it to another recipient before it's fully vested
#184
sherlock-admin2
closed
4 months ago
1
rbserver - Recipient of vesting stream can withdraw all of deposited reserve EXA tokens much earlier than corresponding vesting stream is fully vested and withdrawn
#183
sherlock-admin4
closed
4 months ago
1
rbserver - EscrowedEXA token can still be transferable even though protocol's design and intention are intended to make EscrowedEXA token untransferable
#182
sherlock-admin3
closed
4 months ago
0
0xSwahili - Protocol users who deposit and/or withdraw assets in the same block stand to lose reward benefits
#181
sherlock-admin2
closed
4 months ago
2
0xmuxyz - Lack of invoking the RewardsController#`handleDeposit()` inside the Market#`depositAtMaturity()`
#180
sherlock-admin4
closed
4 months ago
1
tvdung94 - The amount of debt users can actually borrow will be much less than expected
#179
sherlock-admin3
closed
4 months ago
1
0xmuxyz - Lack of calling the Market#`afterDeposit()` inside the Market#`depositAtMaturity()`
#178
sherlock-admin2
closed
4 months ago
1
y4y - In a rare scenario, a loan can be repaid/refunded with less assets than needed in `MarketETHRouter`
#177
sherlock-admin4
closed
4 months ago
1
Trumpero - Some rewards will be lost if no floating deposits exist in the market
#176
sherlock-admin3
closed
4 months ago
16
0xmuxyz - The Market#`spendAllowance()` does not work properly when the Market#`borrow()` would be called via the MarketETHRouter#`borrow()` - due to lack of validation
#175
sherlock-admin2
closed
4 months ago
1
almurhasan - Liquidation will not work for users for a scenario
#174
sherlock-admin4
closed
4 months ago
1
0x73696d616f - `ERC777` tokens may be used to create bad debt for the protocol or steal unsigned earnings
#173
sherlock-admin3
closed
4 months ago
1
0x73696d616f - `RewardsController` is not EIP712 compliant
#172
sherlock-admin2
closed
4 months ago
1
emiridbest - [M-01] Denial-of-Service (DoS)
#171
sherlock-admin4
closed
4 months ago
0
ether_sky - Incorrect totalAssets function.
#170
sherlock-admin3
closed
4 months ago
1
ether_sky - Don't update accumulatedEarnings when update maxFuturePools.
#169
sherlock-admin2
closed
4 months ago
1
ether_sky - Missing nonce in the permitSender modifier.
#168
sherlock-admin4
closed
4 months ago
1
Trumpero - An attacker can borrow 0 in many markets, allowing any user to increase the number of the user's markets in Auditor, which may lead to a DOS attack
#167
sherlock-admin3
closed
4 months ago
0
elhaj - Users Without `TRANSFERRER_ROLE` Still Can Transfer `esEXA` Tokens
#166
sherlock-admin2
closed
4 months ago
0
petro1912 - `accountRewards` is calculated by incorrect way, so it will be result in unfair accrued rewards.
#165
sherlock-admin4
closed
4 months ago
1
elhaj - Bad Debt Can Be Prevented from being Cleared Leading to Protocol Insolvency
#164
sherlock-admin3
closed
4 months ago
1
Previous
Next