sherlock-audit 2024-05-beefy-cowcentrated-liquidity-manager-judging issues

sherlock-audit / 2024-05-beefy-cowcentrated-liquidity-manager-judging

5 stars 5 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

merlin - The `isCalm()` function incorrectly checks whether the current price is within a certain deviation

#95 sherlock-admin2 closed 2 months ago
2
air_0x - The share allocation mechanism is vulnerable to front-running leading to an excessive share issuance for minimal initial contribution of 1wei

#94 sherlock-admin4 closed 2 months ago
1
darkart - Logical Error in Pausing Mechanism

#93 sherlock-admin3 closed 2 months ago
1
BaldHeads - Paused Strategy Contracts can be Frozen When Trying to Unlock Them in Non Calm Periods

#92 sherlock-admin2 closed 2 months ago
1
BaldHeads - Withdraw Functionality Redeploys Liquidity In Non Calm Times Leading to Possible Financial Losses

#91 sherlock-admin4 closed 2 months ago
0
ydlee - Incorrect amounts checking causes liquidity to be added to the wrong position.

#90 sherlock-admin3 closed 2 months ago
1
EgisSecurity - No slippage check on position minting

#89 sherlock-admin2 closed 2 months ago
1
no - `chargeFees()` only affects the output token, not fee0 and fee1

#88 sherlock-admin4 closed 2 months ago
1
no - Missing reinvesting trading fees in `harvest()`

#87 sherlock-admin3 closed 2 months ago
1
EgisSecurity - StrategyPassiveManagerVelodrome.sol#setRewardPool() - When changing `rewardPool` allowances are kept and aren't give to the new `rewardPool`

#86 sherlock-admin2 closed 2 months ago
0
Kalyan-Singh - Impermanent Loss & Arbitrage due to incorrect twap rounding

#85 sherlock-admin4 closed 2 months ago
1
Dots - Withdraw function is missing onlyCalmPeriods modifier

#84 sherlock-admin3 closed 2 months ago
1
EgisSecurity - `maxDevation` for some pools can be at most 3, which may be easily weaponized

#83 sherlock-admin2 closed 2 months ago
0
0xboriskataa - Deposit function doesn't check if strategy is paused

#82 sherlock-admin4 closed 2 months ago
1
nirohgo - _getTokensRequired calculation is wrong when the current price tick is out of the current position range, causing loss of potential earnings

#81 sherlock-admin3 closed 2 months ago
7
Dots - Paused state is not checked in deposit function

#80 sherlock-admin2 closed 2 months ago
1
0xboriskataa - Missing `onlyCalmPeriods` modifier on important functions

#79 sherlock-admin4 closed 2 months ago
1
bareli - wrong allowance of setRewardPool

#78 sherlock-admin3 closed 2 months ago
0
Dliteofficial - Use of CLPools where LPToken0 == output || LPToken1 == output would result in loss of LP rewards for LPs and temporary inability to harvest fees

#77 sherlock-admin2 closed 2 months ago
4
bareli - Usage of slot0 is extremely easy to manipulate

#76 sherlock-admin4 closed 2 months ago
0
no - The balancesOfPool() function has an internal calculation error.

#75 sherlock-admin3 closed 2 months ago
1
Dliteofficial - Accumulation of Out Of Range Impermanent Loss by LPs because `StrategyPassiveManagerVelodrome::withdraw()` allows the deposit of liquidity in uncalm period

#74 sherlock-admin2 closed 2 months ago
2
no - Liquidity providers cannot receive the trading fee rewards they are entitled to

#73 sherlock-admin4 closed 2 months ago
1
no - Frontrun `harvest()` to get more rewards

#72 sherlock-admin3 closed 2 months ago
1
bughuntoor - Accounting will be broken if `output` token is one of the `lpTokens`

#71 sherlock-admin2 opened 2 months ago
16
Naresh - AddLiquidity and RemoveLiquidity missing slippage protection

#70 sherlock-admin4 closed 2 months ago
1
EgisSecurity - StrategyPassiveManagerVelodrome.sol - `_addLiquidity` can be DoS'ed constantly

#69 sherlock-admin3 closed 2 months ago
58
EgisSecurity - StrategyPassiveManagerVelodrome.sol#_removeLiquidity() - The function has no slippage/deadline protection

#68 sherlock-admin2 closed 2 months ago
1
d17vv - No slippage protection in the `_mintPosition`

#67 sherlock-admin4 closed 2 months ago
1
Naresh - Dangerous use of deadline parameter

#66 sherlock-admin3 closed 2 months ago
0
bughuntoor - Changing `positionWidth` while protocol is paused will lose most of the contract's funds

#65 sherlock-admin2 closed 2 months ago
1
Niser - A wrong setting of the BeefyFeeConfig can block StrategyPassiveManagerVelodrome.harvest() functionality

#64 sherlock-admin4 closed 2 months ago
1
BiasedMerc - StrategyPassiveManagerVelodrome::withdraw does not call _setTicks before re-adding liqudity, which can lead to reduced LP fees

#63 sherlock-admin3 closed 2 months ago
1
Rhaydden - The `getAmountsForLiquidity` function in LiquidityAmounts.sol is not implemented correctly

#62 sherlock-admin2 closed 2 months ago
2
bughuntoor - If keeper pauses the strategy and `owner` is renounced, it will result in permanent lock of the strategy

#61 sherlock-admin4 closed 2 months ago
7
air_0x - Ineffective slippage check due to Incorrect order of operation in the panic() function .

#60 sherlock-admin3 closed 2 months ago
1
hunter_w3b - Incorrect Assignment in `StrategyPassiveManagerVelodrome::_setAltTick` Function

#59 sherlock-admin2 closed 2 months ago
1
bughuntoor - `maxDeviation` is unusable for low fee percentage pools.

#58 sherlock-admin4 closed 2 months ago
0
bughuntoor - No way to claim rewards in emergency mode if output token is not native

#57 sherlock-admin3 closed 2 months ago
2
Rhaydden - Inconsistency Between Comments and Implementation in balances() Function

#56 sherlock-admin2 closed 2 months ago
0
d17vv - Missing deadline check on swaps

#55 sherlock-admin4 closed 2 months ago
1
no - StrategyPassiveManagerVelodrome doesn't give ERC20 token allowances to new rewardPool when rewardPool is updated

#54 sherlock-admin3 closed 2 months ago
0
no - Lost Fund in `StrategyPassiveManagerVelodrome::retireVault()`

#53 sherlock-admin2 closed 2 months ago
17
d17vv - No slippage protection on swaps

#52 sherlock-admin4 closed 2 months ago
0
Rhaydden - Incorrect Condition in `setDeviation` Function Causes Unnecessary Reverts When Setting Maximum Tick Deviation

#51 sherlock-admin3 closed 2 months ago
0
mgf15 - token like UNI, COMP will not work with this protocol

#50 sherlock-admin2 closed 2 months ago
1
y4y - It's possible that the strategy will never be retired

#49 sherlock-admin4 closed 2 months ago
0
hunter_w3b - `StrategyPassiveManagerVelodrome::setRewardPool` Does Not Remove ERC20 Token Allowances When rewardPool is Updated

#48 sherlock-admin3 closed 2 months ago
0
mgf15 - `_removeAllowances` will revert on zero Value approvals

#47 sherlock-admin2 closed 2 months ago
1
y4y - No slippage protection when adding or removing liquidity

#46 sherlock-admin4 closed 2 months ago
4

Previous Next