issues
search
sherlock-audit
/
2024-05-beefy-cowcentrated-liquidity-manager-judging
5
stars
5
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Precision_Loss
#145
sherlock-admin2
closed
3 months ago
0
beforeAction not surely called
#144
sherlock-admin3
closed
3 months ago
0
maxTickDeviation could be unset
#143
sherlock-admin4
closed
3 months ago
0
Redundant_Constant
#142
sherlock-admin2
closed
3 months ago
0
Gas_Optimization
#141
sherlock-admin3
closed
3 months ago
3
Redundancy_In_Checks
#140
sherlock-admin4
closed
3 months ago
0
Function can be modifier
#139
sherlock-admin2
closed
3 months ago
0
Incorrect usage of Beacon Proxy pattern
#138
sherlock-admin3
closed
3 months ago
0
Misleading comment
#137
sherlock-admin4
closed
3 months ago
0
Incorrect balance calculation
#136
sherlock-admin2
closed
3 months ago
0
`BeefyRewardPool` should inherit from `IRewardPool`
#135
sherlock-admin3
closed
3 months ago
0
John_Femi - Arbitrary User can claim reward fees on harvest
#134
sherlock-admin2
closed
3 months ago
1
sa9933 - Usage of slot0 is extremely easy to manipulate
#133
sherlock-admin4
closed
3 months ago
0
w42d3n - Front-running vulnerability in the function withdraw()
#132
sherlock-admin3
closed
3 months ago
1
John_Femi - positionAlt tick is stale for amount0 == bal1
#131
sherlock-admin2
closed
3 months ago
0
0xAadi - Dangerous Use of Deadline Parameter
#130
sherlock-admin4
closed
3 months ago
1
w42d3n - Unsafe approval of tokens in Beefy Passive Position Manager
#129
sherlock-admin3
closed
3 months ago
1
w42d3n - Uncontrolled actions after transferral of contract ownership
#128
sherlock-admin2
closed
3 months ago
1
Afriaudit - Missing Validation of Active Status in Fee Configuration before Fee Application in the function `_chargeFees`
#127
sherlock-admin4
closed
3 months ago
2
Arabadzhiev - Anyone can harvest the fees generated in the `StrategyPassiveManagerVelodrome` contract
#126
sherlock-admin3
closed
3 months ago
1
John_Femi - Ticks can get out of range during deposit/withdrawal
#125
sherlock-admin2
closed
3 months ago
0
jasonxiale - `StrategyPassiveManagerVelodrome.retireVault` can be DOSed
#124
sherlock-admin4
closed
3 months ago
1
jasonxiale - `VeloSwapUtils.swap` doesn't have slippage protection
#123
sherlock-admin3
closed
3 months ago
1
0xAadi - Failure to Remove ERC20 Allowances on `rewardPool` Update in `StrategyPassiveManagerVelodrome`
#122
sherlock-admin2
closed
3 months ago
0
merlin - A griefer can perform DOS attack on all major functions of the StrategyPassiveManagerVelodrome smart contract
#121
sherlock-admin4
closed
3 months ago
1
0xAadi - Accounting Error in `lpToken0ToNativePrice()` and `lpToken1ToNativePrice()` Functions in `StrategyPassiveManagerVelodrome`
#120
sherlock-admin3
closed
3 months ago
6
befree3x - Old `rewardPool` address keeps having full permission to spend `output` token when new reward pool is set
#119
sherlock-admin2
closed
3 months ago
0
0xShoonya - Usage of `slot0` is extremely easy to manipulate
#118
sherlock-admin4
closed
3 months ago
0
bareli - No check on array length on routeToPath
#117
sherlock-admin3
closed
3 months ago
1
0xShoonya - Using `block.timestamp` for swap deadline offers no protection
#116
sherlock-admin2
closed
3 months ago
0
no - No Protection of Uninitialized Implementation Contracts From Attacker
#115
sherlock-admin4
closed
3 months ago
1
aman - The `unpause` function is not logically correct
#114
sherlock-admin3
closed
3 months ago
1
0xShoonya - Lack of slippage checks on `StrategyPassiveManagerVelodrome::_mintPosition`
#113
sherlock-admin2
closed
3 months ago
1
EgisSecurity - StrategyPassiveManagerVelodrome.sol#setRewardPool() - When changing `rewardPool`, fees accumulated for the current `rewardPool` will go to the new `rewardPooll`
#112
sherlock-admin4
closed
3 months ago
1
0xAadi - Incompatible Return Values Cause `lpToken0ToNativePrice()` and `lpToken1ToNativePrice()` Functions in `StrategyPassiveManagerVelodrome` to Always Revert
#111
sherlock-admin3
closed
3 months ago
6
0xShoonya - twap() unsafe on L2s in event of Sequencer downtime
#110
sherlock-admin2
closed
3 months ago
1
jasonxiale - spot price is used in `StrategyPassiveManagerVelodrome.sqrtPrice`
#109
sherlock-admin4
closed
3 months ago
0
jasonxiale - `StrategyPassiveManagerVelodrome.harvest` will revert after calling `StrategyPassiveManagerVelodrome.setRewardPool`
#108
sherlock-admin3
closed
3 months ago
0
0xShoonya - `twap()` will show incorrect price for negative ticks cause it doesn't round up for negative ticks
#107
sherlock-admin2
closed
3 months ago
1
0xShoonya - Incorrect Solidity version in `FullMath.sol` can cause permanent freezing of assets for arithmetic underflow-induced revert Vulnerability detail
#106
sherlock-admin4
closed
3 months ago
2
merlin - The `_addLiquidity` function utilizes a cached sqrtPrice
#105
sherlock-admin3
closed
3 months ago
2
aman - `positionAlt` ticks will not be updated if `amount0==bal1`
#104
sherlock-admin2
closed
3 months ago
2
den_sosnovskyi - `VeloSwapUtils` contract uses different route types for same `IVeloRouter.execute` function for Uniswap V2 router
#103
sherlock-admin4
closed
3 months ago
1
no - StrategyPassiveManagerVelodrome::withdraw missing the _onlyCalmPeriods check
#102
sherlock-admin3
closed
3 months ago
0
DenTonylifer - StrategyPassiveManagerVelodrome does not take into account unharvested fees
#101
sherlock-admin2
closed
3 months ago
10
petarP1998 - Phishing_Attack
#100
sherlock-admin4
closed
3 months ago
1
BaldHeads - Manipulability of Tick Data in Velodrome Pool Leading to Vulnerabilities in Volatility Check Mechanism
#99
sherlock-admin3
closed
3 months ago
1
BaldHeads - Arbitrary Manipulation of sqrtPriceX96 Compromising Integrity of Liquidity Addition Mechanism
#98
sherlock-admin2
closed
3 months ago
0
no - No slippage parameter on Velodrome `_mintPosition` can be exploited by MEV
#97
sherlock-admin4
closed
3 months ago
1
0xDazai - Usage of `slot0` can be easly manipulated and lead to price manipulation
#96
sherlock-admin3
closed
3 months ago
0
Next