sherlock-audit 2024-04-teller-finance-judging issues

sherlock-audit / 2024-04-teller-finance-judging

6 stars 6 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

blockchain555 - Did Not Approve To Zero First

#255 sherlock-admin3 closed 2 months ago
1
merlin - LenderCommitmentGroup_Smart uses the incorrect getSqrtRatioAtTick function from TickMath.sol

#254 sherlock-admin2 closed 2 months ago
0
0xadrii - Escrowed repayments belonging to the lender commitment contract can’t be retrieved from the escrow vault

#253 sherlock-admin4 closed 2 months ago
0
blockchain555 - The owner of the `LenderGroup_Smart` contract can maliciously deploy a non-lending pool or set an unfair interest rate.

#252 sherlock-admin3 closed 2 months ago
4
BoRonGod - ALL liquidation operations can be sandwiched to extract value from the protocol

#251 sherlock-admin2 closed 2 months ago
0
0xadrii - `rolloverLoanWithFlash` does not allow adding collateral when accepting commitments

#250 sherlock-admin4 closed 2 months ago
0
blockchain555 - Some collateral will be locked in the contract

#249 sherlock-admin3 closed 2 months ago
0
0xrobsol - Inconsistency in Tracking Total Principal Tokens Lent and Repaid

#248 sherlock-admin2 closed 2 months ago
1
blockchain555 - Invalid implementation of function `LenderCommitmentGroup_Smart.sol#liquidateDefaultedLoanWithIncentive()`

#247 sherlock-admin4 closed 2 months ago
1
0xadrii - Using wrong selector will dos FlashRolloverLoan's accept commitment

#246 sherlock-admin3 closed 2 months ago
0
blockchain555 - Collateral assets are locked without being transferred to the liquidator in the `LenderCommitmentGroup_Smart.sol#liquidateDefaultedLoanWithIncentive()` function.

#245 sherlock-admin2 closed 2 months ago
0
Afriaudit - Missing Initialization of OwnableUpgradeable in `LenderCommitmentGroup_Smart` Contract

#244 sherlock-admin4 closed 2 months ago
0
0xadrii - Performing a direct multiplication in `_getPriceFromSqrtX96` will overflow for some uniswap pools

#243 sherlock-admin3 opened 2 months ago
10
MaslarovK.eth - Some functions lack `whenNotPaused` modifier.

#242 sherlock-admin2 closed 2 months ago
1
0xadrii - Lender commitment group smart contract won't work properly with fee-on-transfer tokens

#241 sherlock-admin4 closed 2 months ago
0
0xrobsol - Inconsistency in Application of UNISWAP_EXPANSION_FACTOR in Token Conversion Functions

#240 sherlock-admin3 closed 2 months ago
1
KupiaSec - The `LenderCommitmentGroup_Smart` contract cannot use USDT as its principal token, because `USDT.transfer()` does not return a boolean value.

#239 sherlock-admin2 closed 2 months ago
4
0xadrii - Multiplying the collateral amount by the `STANDARD_EXPANSION_FACTOR` when checking the required collateral is incorrect and allows borrowers to get undercollateralized loans

#238 sherlock-admin4 closed 2 months ago
0
KupiaSec - A user can borrow liquidity, even though `getPrincipalAmountAvailableToBorrow() < 0`.

#237 sherlock-admin3 closed 2 months ago
0
KupiaSec - `FlashRolloverLoan_G5` cannot work well with some LenderCommitForwarders including the `SmartCommitmentForwarder` contract.

#236 sherlock-admin2 closed 2 months ago
0
0xadrii - Using slot0 to compute position price can be easily manipulated

#235 sherlock-admin4 closed 2 months ago
0
MaslarovK.eth - No storage gap left for upgradeable contracts

#234 sherlock-admin3 closed 2 months ago
1
KupiaSec - A malicious user can borrow at a much lower interest rate from `LenderCommitmentGroup_Smart`.

#233 sherlock-admin2 closed 2 months ago
0
0xadrii - Not considering `liquidityThresholdPercent` will make pool utilization ratio be wrongly computed

#232 sherlock-admin4 closed 2 months ago
0
BoRonGod - Deviation in oracle price could lead to arbitrage in high LTV markets

#231 sherlock-admin3 closed 2 months ago
4
KupiaSec - The newly added contracts will not work well on fee-on-transfer tokens, because there is no consideration for fee on transfer.

#230 sherlock-admin2 closed 2 months ago
0
KupiaSec - The collateral tokens withdrawn `by liquidateDefaultedLoanWithIncentive()` will be frozen in the `LenderCommitmentGroup_Smart` contract.

#229 sherlock-admin4 closed 2 months ago
0
psb01 - Borrower could be paying more amount than owed.

#228 sherlock-admin3 closed 2 months ago
8
0xadrii - Using transferFrom won’t work with some tokens

#227 sherlock-admin2 closed 2 months ago
0
0xrobsol - Interest Calculation Exclusion in Defaulted Loan Liquidation Process

#226 sherlock-admin4 closed 2 months ago
0
0xadrii - Malicious lenders can set the lender commitment contract as the repayment listener for their regular loans, leading to several issues

#225 sherlock-admin3 closed 2 months ago
0
KupiaSec - Incorrect calculation of the required collateral amount for borrowing. `baseAmount.percent(collateralRatio)`

#224 sherlock-admin2 closed 2 months ago
0
KupiaSec - The interest rate model should be improved in the `LenderCommitmentGroup_Smart`.

#223 sherlock-admin4 closed 2 months ago
0
0xadrii - Burning shares prior to computing value to withdraw will make earnings remain locked forever in the contract

#222 sherlock-admin3 closed 2 months ago
0
bareli - use safetransfer instead of transfer

#221 sherlock-admin2 closed 2 months ago
0
0xadrii - Claiming loan NFT prevents lenders from closing loan and retrieving collateral

#220 sherlock-admin4 closed 2 months ago
0
0xadrii - Not transferring collateral when submitting bids allows malicious users to create honeypot-style attacks

#219 sherlock-admin3 opened 2 months ago
9
KupiaSec - `_collateralAmount` is multiplied by `STANDARD_EXPANSION_FACTOR` unreasonably in the collateral check of the `LenderCommitmentGroup_Smart.acceptFundsForAcceptBid()` function.

#218 sherlock-admin2 closed 2 months ago
0
KupiaSec - A sandwich attack can potentially take most of the interest earned within the `LenderCommitmentGroup_Smart` contract

#217 sherlock-admin4 closed 2 months ago
0
samuraii77 - A market owner can put borrowers in a very unfavorable position and steal money out of lenders

#216 sherlock-admin3 closed 2 months ago
1
0xrobsol - Inadequate Minimum TWAP Interval Configuration Leads to Potential Price Volatility

#215 sherlock-admin2 closed 2 months ago
0
0xrobsol - Uniqueness Violation in Market ID Assignment During Contract Initialization

#214 sherlock-admin4 closed 2 months ago
1
0xLogos - Tokens that return false on failed transfer is not supported

#213 sherlock-admin3 closed 2 months ago
0
BoRonGod - No sllippage protection in addPrincipalToCommitmentGroup and burnSharesToWithdrawEarnings

#212 sherlock-admin2 closed 2 months ago
0
DenTonylifer - Protocol may not work with USDT

#211 sherlock-admin4 closed 2 months ago
0
merlin - DOS vulnerability in the rolloverLoanWithFlash function in FlashRolloverLoan_G5.sol

#210 sherlock-admin3 closed 2 months ago
0
0xLogos - LenderCommitmentGroup_Smart can be tricked to account for not owned loans payments

#209 sherlock-admin2 closed 2 months ago
0
samuraii77 - Lenders might not be able to close their loans and get their collateral back in the case of default

#208 sherlock-admin4 closed 2 months ago
0
bareli - Not all imported contracts are upgradable.

#207 sherlock-admin3 closed 2 months ago
1
merlin - Fee on transfer tokens isn't compatible with LenderCommitmentGroup_Smart.sol

#206 sherlock-admin2 closed 2 months ago
0

Previous Next