issues
search
sherlock-audit
/
2024-04-teller-finance-judging
2
stars
2
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Panic Reverts in `sharesExchangeRateInverse` could break the implementation of `burnSharesToWithdrawEarnings`
#305
sherlock-admin2
closed
1 month ago
0
Edge Case for abs function in LenderCommitmentGroup_Smart
#304
sherlock-admin4
closed
1 month ago
0
An attacker can steal users tokens when adding shares via the classic first depositor bug case
#303
sherlock-admin3
closed
1 month ago
0
Potential Overflow Issue in `_getPriceFromSqrtX96` Function
#302
sherlock-admin2
closed
1 month ago
0
.
#301
sherlock-admin4
closed
1 month ago
0
Bad collateral check in `SmartCommitmentsForwarder`
#300
sherlock-admin3
closed
1 month ago
0
Shadowing State vulnerability
#299
sherlock-admin2
closed
1 month ago
0
bareli - wrong implement of "_repayLoan"
#298
sherlock-admin4
closed
2 months ago
1
0xlucky - Share price in LenderCommitmentGroup_Smart.sol can be inflated
#297
sherlock-admin3
closed
2 months ago
0
kennedy1030 - Invalid check in `LenderCommitmentGroup_Smart.burnSharesToWithdrawEarnings()`.
#296
sherlock-admin2
closed
2 months ago
1
aman - There is No way to get the Loan ownership back
#295
sherlock-admin4
closed
2 months ago
0
samuraii77 - Lender might not be able to set a repayment listener
#294
sherlock-admin3
closed
2 months ago
0
0xDjango - Liquidations in the Lender Commitment Group don't include owed interest
#293
sherlock-admin2
closed
2 months ago
0
w42d3n - The function burnSharesToWithdrawEarnings() is subject to Re-entrancy Vulnerability
#292
sherlock-admin4
closed
2 months ago
0
smbv-1923 - Share Inflation Attack via Internal Accounting
#291
sherlock-admin3
closed
2 months ago
0
aman - After Claiming NFT the lender will not be able to close Loan
#290
sherlock-admin2
closed
2 months ago
0
pkqs90 - Users can bypass auction mechanism for `LenderCommitmentGroup_Smart` liquidation mechanism for loans that are close to end of loan
#289
sherlock-admin4
opened
2 months ago
4
psb01 - Consider using safeTransfer/safeTransferFrom instead of transfer/transferFrom
#288
sherlock-admin3
closed
2 months ago
0
givn - LenderCommitmentGroup_Smart can calculate wrong price because negative ticks math doesn't round down when it should
#287
sherlock-admin2
closed
2 months ago
0
0xDjango - Marketplace Fee for loan can be updated any time after bid until lender accepts
#286
sherlock-admin4
closed
2 months ago
0
CodeWasp - The cycle payment due may span over approx. 2 cycles and block the borrower from paying
#285
sherlock-admin3
opened
2 months ago
6
samuraii77 - Users can mint any amount of loan NFTs for free
#284
sherlock-admin2
closed
2 months ago
1
DenTonylifer - Function getSqrtTwapX96 doesn't round to negative infinity for negative ticks
#283
sherlock-admin4
closed
1 month ago
4
MaslarovK.eth - Wrong accounting in the `LenderCommitmentGroup_Smart::liquidateDefaultedLoanWithIncentive`
#282
sherlock-admin3
closed
2 months ago
1
EgisSecurity - LenderCommitmentGroup_Smart.sol#__valueOfUnderlying() - If rate = 0, then users will receive no shares if they attempt to mint, and burn won't work
#281
sherlock-admin2
closed
1 month ago
1
no - The TWAP price without checking the liquidity and TWAP duration can lead to price manipulation in `LenderCommitmentGroup_Smart`
#280
sherlock-admin4
closed
2 months ago
0
0xrobsol - Potential Risk in Collateral Withdrawal During Loan Repayment
#279
sherlock-admin3
closed
2 months ago
1
psb01 - Implementation of addPrincipalToCommitmentGroup() does not support Fee On Transfer tokens.
#278
sherlock-admin2
closed
2 months ago
0
0xrobsol - Incomplete Handling of Metadata URIs in getMetadataURI Function
#277
sherlock-admin4
closed
2 months ago
1
samuraii77 - Borrower can give more collateral than he should and get it locked as well as possible lose it
#276
sherlock-admin3
closed
2 months ago
1
pkqs90 - `FlashRolloverLoan_G5#rolloverLoanWithFlash` does not support fee-on-transfer tokens
#275
sherlock-admin2
closed
2 months ago
0
pkqs90 - `LenderCommitmentGroup_Smart` is susceptible to donation attack
#274
sherlock-admin4
closed
2 months ago
0
pkqs90 - `LenderCommitmentGroup_Smart.sol#sharesExchangeRateInverse()` may divide by zero
#273
sherlock-admin3
closed
2 months ago
0
pkqs90 - `LenderCommitmentGroup_Smart#getSqrtTwapX96` may revert due to not enough cardinality in UniswapV3 pool
#272
sherlock-admin2
closed
2 months ago
1
pkqs90 - `LenderCommitmentGroup_Smart.sol#_getPriceFromSqrtX96` may overflow
#271
sherlock-admin4
closed
2 months ago
0
pkqs90 - `liquidateDefaultedLoanWithIncentive` cannot be called with 0 tokens even if 96400 seconds has passed for ERC20 tokens that doesn't support zero-transfer
#270
sherlock-admin3
closed
2 months ago
1
pkqs90 - `LenderCommitmentGroup_Smart.sol` cannot deploy pools with non-string symbol() ERC20s.
#269
sherlock-admin2
opened
2 months ago
3
pkqs90 - Borrowers may receive less tokens than they expect due to fee change after submitting a bid.
#268
sherlock-admin4
closed
2 months ago
0
w42d3n - TellerV2.sol :: _repayLoan() is subject to Re-entrancy
#267
sherlock-admin3
closed
2 months ago
0
givn - Flashloan rollover doesn't work with USDT
#266
sherlock-admin2
closed
2 months ago
0
pkqs90 - Protocol fails to work with ERC20s that does NOT revert on failure during transfer.
#265
sherlock-admin4
closed
2 months ago
0
pkqs90 - `LenderCommitmentGroup_Smart.sol#liquidateDefaultedLoanWithIncentive` does NOT send collateral to caller, but to the `LenderCommitmentGroup_Smart` pool
#264
sherlock-admin3
closed
2 months ago
0
pkqs90 - In `LenderCommitmentGroup_Smart.sol#burnSharesToWithdrawEarnings()`, shares are burned before `principalTokenValueToWithdraw` is calculated, causing users to withdraw more tokens than expected.
#263
sherlock-admin2
closed
2 months ago
0
MaslarovK.eth - Did not approve to zero first.
#262
sherlock-admin4
closed
2 months ago
0
pkqs90 - `STANDARD_EXPANSION_FACTOR` is not needed - required collateral amount is 1e18 times smaller than it should be.
#261
sherlock-admin3
closed
2 months ago
0
pkqs90 - `_getCollateralTokensAmountEquivalentToPrincipalTokens` uses incorrect min/max for token oracle prices, allowing attackers to use sandwich attacks to borrow a loan with very little collateral.
#260
sherlock-admin2
closed
2 months ago
0
pkqs90 - Lender of the loan cannot perform `lenderCloseLoan()`/`setRepaymentListenerForBid()` after calling `claimLoanNFT()`
#259
sherlock-admin4
closed
2 months ago
0
FastTiger - Failure to Reset Allowance to Zero Before Changing it
#258
sherlock-admin3
closed
2 months ago
1
0xadrii - Substracting repaymentAmount instead of _flashAmount when computing the funds remaining in executeOperation will make the call fail for payments where the flash borrowed amount was higher than the loan repayment amount
#257
sherlock-admin2
closed
1 month ago
4
FastTiger - Locking Collateral in the Contract
#256
sherlock-admin4
closed
2 months ago
0
Next