sherlock-audit 2024-04-teller-finance-judging issues

sherlock-audit / 2024-04-teller-finance-judging

2 stars 2 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Panic Reverts in `sharesExchangeRateInverse` could break the implementation of `burnSharesToWithdrawEarnings`

#305 sherlock-admin2 closed 1 month ago
0
Edge Case for abs function in LenderCommitmentGroup_Smart

#304 sherlock-admin4 closed 1 month ago
0
An attacker can steal users tokens when adding shares via the classic first depositor bug case

#303 sherlock-admin3 closed 1 month ago
0
Potential Overflow Issue in `_getPriceFromSqrtX96` Function

#302 sherlock-admin2 closed 1 month ago
0
.

#301 sherlock-admin4 closed 1 month ago
0
Bad collateral check in `SmartCommitmentsForwarder`

#300 sherlock-admin3 closed 1 month ago
0
Shadowing State vulnerability

#299 sherlock-admin2 closed 1 month ago
0
bareli - wrong implement of "_repayLoan"

#298 sherlock-admin4 closed 2 months ago
1
0xlucky - Share price in LenderCommitmentGroup_Smart.sol can be inflated

#297 sherlock-admin3 closed 2 months ago
0
kennedy1030 - Invalid check in `LenderCommitmentGroup_Smart.burnSharesToWithdrawEarnings()`.

#296 sherlock-admin2 closed 2 months ago
1
aman - There is No way to get the Loan ownership back

#295 sherlock-admin4 closed 2 months ago
0
samuraii77 - Lender might not be able to set a repayment listener

#294 sherlock-admin3 closed 2 months ago
0
0xDjango - Liquidations in the Lender Commitment Group don't include owed interest

#293 sherlock-admin2 closed 2 months ago
0
w42d3n - The function burnSharesToWithdrawEarnings() is subject to Re-entrancy Vulnerability

#292 sherlock-admin4 closed 2 months ago
0
smbv-1923 - Share Inflation Attack via Internal Accounting

#291 sherlock-admin3 closed 2 months ago
0
aman - After Claiming NFT the lender will not be able to close Loan

#290 sherlock-admin2 closed 2 months ago
0
pkqs90 - Users can bypass auction mechanism for `LenderCommitmentGroup_Smart` liquidation mechanism for loans that are close to end of loan

#289 sherlock-admin4 opened 2 months ago
4
psb01 - Consider using safeTransfer/safeTransferFrom instead of transfer/transferFrom

#288 sherlock-admin3 closed 2 months ago
0
givn - LenderCommitmentGroup_Smart can calculate wrong price because negative ticks math doesn't round down when it should

#287 sherlock-admin2 closed 2 months ago
0
0xDjango - Marketplace Fee for loan can be updated any time after bid until lender accepts

#286 sherlock-admin4 closed 2 months ago
0
CodeWasp - The cycle payment due may span over approx. 2 cycles and block the borrower from paying

#285 sherlock-admin3 opened 2 months ago
6
samuraii77 - Users can mint any amount of loan NFTs for free

#284 sherlock-admin2 closed 2 months ago
1
DenTonylifer - Function getSqrtTwapX96 doesn't round to negative infinity for negative ticks

#283 sherlock-admin4 closed 1 month ago
4
MaslarovK.eth - Wrong accounting in the `LenderCommitmentGroup_Smart::liquidateDefaultedLoanWithIncentive`

#282 sherlock-admin3 closed 2 months ago
1
EgisSecurity - LenderCommitmentGroup_Smart.sol#__valueOfUnderlying() - If rate = 0, then users will receive no shares if they attempt to mint, and burn won't work

#281 sherlock-admin2 closed 1 month ago
1
no - The TWAP price without checking the liquidity and TWAP duration can lead to price manipulation in `LenderCommitmentGroup_Smart`

#280 sherlock-admin4 closed 2 months ago
0
0xrobsol - Potential Risk in Collateral Withdrawal During Loan Repayment

#279 sherlock-admin3 closed 2 months ago
1
psb01 - Implementation of addPrincipalToCommitmentGroup() does not support Fee On Transfer tokens.

#278 sherlock-admin2 closed 2 months ago
0
0xrobsol - Incomplete Handling of Metadata URIs in getMetadataURI Function

#277 sherlock-admin4 closed 2 months ago
1
samuraii77 - Borrower can give more collateral than he should and get it locked as well as possible lose it

#276 sherlock-admin3 closed 2 months ago
1
pkqs90 - `FlashRolloverLoan_G5#rolloverLoanWithFlash` does not support fee-on-transfer tokens

#275 sherlock-admin2 closed 2 months ago
0
pkqs90 - `LenderCommitmentGroup_Smart` is susceptible to donation attack

#274 sherlock-admin4 closed 2 months ago
0
pkqs90 - `LenderCommitmentGroup_Smart.sol#sharesExchangeRateInverse()` may divide by zero

#273 sherlock-admin3 closed 2 months ago
0
pkqs90 - `LenderCommitmentGroup_Smart#getSqrtTwapX96` may revert due to not enough cardinality in UniswapV3 pool

#272 sherlock-admin2 closed 2 months ago
1
pkqs90 - `LenderCommitmentGroup_Smart.sol#_getPriceFromSqrtX96` may overflow

#271 sherlock-admin4 closed 2 months ago
0
pkqs90 - `liquidateDefaultedLoanWithIncentive` cannot be called with 0 tokens even if 96400 seconds has passed for ERC20 tokens that doesn't support zero-transfer

#270 sherlock-admin3 closed 2 months ago
1
pkqs90 - `LenderCommitmentGroup_Smart.sol` cannot deploy pools with non-string symbol() ERC20s.

#269 sherlock-admin2 opened 2 months ago
3
pkqs90 - Borrowers may receive less tokens than they expect due to fee change after submitting a bid.

#268 sherlock-admin4 closed 2 months ago
0
w42d3n - TellerV2.sol :: _repayLoan() is subject to Re-entrancy

#267 sherlock-admin3 closed 2 months ago
0
givn - Flashloan rollover doesn't work with USDT

#266 sherlock-admin2 closed 2 months ago
0
pkqs90 - Protocol fails to work with ERC20s that does NOT revert on failure during transfer.

#265 sherlock-admin4 closed 2 months ago
0
pkqs90 - `LenderCommitmentGroup_Smart.sol#liquidateDefaultedLoanWithIncentive` does NOT send collateral to caller, but to the `LenderCommitmentGroup_Smart` pool

#264 sherlock-admin3 closed 2 months ago
0
pkqs90 - In `LenderCommitmentGroup_Smart.sol#burnSharesToWithdrawEarnings()`, shares are burned before `principalTokenValueToWithdraw` is calculated, causing users to withdraw more tokens than expected.

#263 sherlock-admin2 closed 2 months ago
0
MaslarovK.eth - Did not approve to zero first.

#262 sherlock-admin4 closed 2 months ago
0
pkqs90 - `STANDARD_EXPANSION_FACTOR` is not needed - required collateral amount is 1e18 times smaller than it should be.

#261 sherlock-admin3 closed 2 months ago
0
pkqs90 - `_getCollateralTokensAmountEquivalentToPrincipalTokens` uses incorrect min/max for token oracle prices, allowing attackers to use sandwich attacks to borrow a loan with very little collateral.

#260 sherlock-admin2 closed 2 months ago
0
pkqs90 - Lender of the loan cannot perform `lenderCloseLoan()`/`setRepaymentListenerForBid()` after calling `claimLoanNFT()`

#259 sherlock-admin4 closed 2 months ago
0
FastTiger - Failure to Reset Allowance to Zero Before Changing it

#258 sherlock-admin3 closed 2 months ago
1
0xadrii - Substracting repaymentAmount instead of _flashAmount when computing the funds remaining in executeOperation will make the call fail for payments where the flash borrowed amount was higher than the loan repayment amount

#257 sherlock-admin2 closed 1 month ago
4
FastTiger - Locking Collateral in the Contract

#256 sherlock-admin4 closed 2 months ago
0