issues
search
sherlock-audit
/
2024-05-beefy-cowcentrated-liquidity-manager-judging
5
stars
5
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
merlin - The `isCalm()` function incorrectly checks whether the current price is within a certain deviation
#95
sherlock-admin2
closed
2 months ago
2
air_0x - The share allocation mechanism is vulnerable to front-running leading to an excessive share issuance for minimal initial contribution of 1wei
#94
sherlock-admin4
closed
2 months ago
1
darkart - Logical Error in Pausing Mechanism
#93
sherlock-admin3
closed
2 months ago
1
BaldHeads - Paused Strategy Contracts can be Frozen When Trying to Unlock Them in Non Calm Periods
#92
sherlock-admin2
closed
2 months ago
1
BaldHeads - Withdraw Functionality Redeploys Liquidity In Non Calm Times Leading to Possible Financial Losses
#91
sherlock-admin4
closed
2 months ago
0
ydlee - Incorrect amounts checking causes liquidity to be added to the wrong position.
#90
sherlock-admin3
closed
2 months ago
1
EgisSecurity - No slippage check on position minting
#89
sherlock-admin2
closed
2 months ago
1
no - `chargeFees()` only affects the output token, not fee0 and fee1
#88
sherlock-admin4
closed
2 months ago
1
no - Missing reinvesting trading fees in `harvest()`
#87
sherlock-admin3
closed
2 months ago
1
EgisSecurity - StrategyPassiveManagerVelodrome.sol#setRewardPool() - When changing `rewardPool` allowances are kept and aren't give to the new `rewardPool`
#86
sherlock-admin2
closed
2 months ago
0
Kalyan-Singh - Impermanent Loss & Arbitrage due to incorrect twap rounding
#85
sherlock-admin4
closed
2 months ago
1
Dots - Withdraw function is missing onlyCalmPeriods modifier
#84
sherlock-admin3
closed
2 months ago
1
EgisSecurity - `maxDevation` for some pools can be at most 3, which may be easily weaponized
#83
sherlock-admin2
closed
2 months ago
0
0xboriskataa - Deposit function doesn't check if strategy is paused
#82
sherlock-admin4
closed
2 months ago
1
nirohgo - _getTokensRequired calculation is wrong when the current price tick is out of the current position range, causing loss of potential earnings
#81
sherlock-admin3
closed
2 months ago
7
Dots - Paused state is not checked in deposit function
#80
sherlock-admin2
closed
2 months ago
1
0xboriskataa - Missing `onlyCalmPeriods` modifier on important functions
#79
sherlock-admin4
closed
2 months ago
1
bareli - wrong allowance of setRewardPool
#78
sherlock-admin3
closed
2 months ago
0
Dliteofficial - Use of CLPools where LPToken0 == output || LPToken1 == output would result in loss of LP rewards for LPs and temporary inability to harvest fees
#77
sherlock-admin2
closed
2 months ago
4
bareli - Usage of slot0 is extremely easy to manipulate
#76
sherlock-admin4
closed
2 months ago
0
no - The balancesOfPool() function has an internal calculation error.
#75
sherlock-admin3
closed
2 months ago
1
Dliteofficial - Accumulation of Out Of Range Impermanent Loss by LPs because `StrategyPassiveManagerVelodrome::withdraw()` allows the deposit of liquidity in uncalm period
#74
sherlock-admin2
closed
2 months ago
2
no - Liquidity providers cannot receive the trading fee rewards they are entitled to
#73
sherlock-admin4
closed
2 months ago
1
no - Frontrun `harvest()` to get more rewards
#72
sherlock-admin3
closed
2 months ago
1
bughuntoor - Accounting will be broken if `output` token is one of the `lpTokens`
#71
sherlock-admin2
opened
2 months ago
16
Naresh - AddLiquidity and RemoveLiquidity missing slippage protection
#70
sherlock-admin4
closed
2 months ago
1
EgisSecurity - StrategyPassiveManagerVelodrome.sol - `_addLiquidity` can be DoS'ed constantly
#69
sherlock-admin3
closed
2 months ago
58
EgisSecurity - StrategyPassiveManagerVelodrome.sol#_removeLiquidity() - The function has no slippage/deadline protection
#68
sherlock-admin2
closed
2 months ago
1
d17vv - No slippage protection in the `_mintPosition`
#67
sherlock-admin4
closed
2 months ago
1
Naresh - Dangerous use of deadline parameter
#66
sherlock-admin3
closed
2 months ago
0
bughuntoor - Changing `positionWidth` while protocol is paused will lose most of the contract's funds
#65
sherlock-admin2
closed
2 months ago
1
Niser - A wrong setting of the BeefyFeeConfig can block StrategyPassiveManagerVelodrome.harvest() functionality
#64
sherlock-admin4
closed
2 months ago
1
BiasedMerc - StrategyPassiveManagerVelodrome::withdraw does not call _setTicks before re-adding liqudity, which can lead to reduced LP fees
#63
sherlock-admin3
closed
2 months ago
1
Rhaydden - The `getAmountsForLiquidity` function in LiquidityAmounts.sol is not implemented correctly
#62
sherlock-admin2
closed
2 months ago
2
bughuntoor - If keeper pauses the strategy and `owner` is renounced, it will result in permanent lock of the strategy
#61
sherlock-admin4
closed
2 months ago
7
air_0x - Ineffective slippage check due to Incorrect order of operation in the panic() function .
#60
sherlock-admin3
closed
2 months ago
1
hunter_w3b - Incorrect Assignment in `StrategyPassiveManagerVelodrome::_setAltTick` Function
#59
sherlock-admin2
closed
2 months ago
1
bughuntoor - `maxDeviation` is unusable for low fee percentage pools.
#58
sherlock-admin4
closed
2 months ago
0
bughuntoor - No way to claim rewards in emergency mode if output token is not native
#57
sherlock-admin3
closed
2 months ago
2
Rhaydden - Inconsistency Between Comments and Implementation in balances() Function
#56
sherlock-admin2
closed
2 months ago
0
d17vv - Missing deadline check on swaps
#55
sherlock-admin4
closed
2 months ago
1
no - StrategyPassiveManagerVelodrome doesn't give ERC20 token allowances to new rewardPool when rewardPool is updated
#54
sherlock-admin3
closed
2 months ago
0
no - Lost Fund in `StrategyPassiveManagerVelodrome::retireVault()`
#53
sherlock-admin2
closed
2 months ago
17
d17vv - No slippage protection on swaps
#52
sherlock-admin4
closed
2 months ago
0
Rhaydden - Incorrect Condition in `setDeviation` Function Causes Unnecessary Reverts When Setting Maximum Tick Deviation
#51
sherlock-admin3
closed
2 months ago
0
mgf15 - token like UNI, COMP will not work with this protocol
#50
sherlock-admin2
closed
2 months ago
1
y4y - It's possible that the strategy will never be retired
#49
sherlock-admin4
closed
2 months ago
0
hunter_w3b - `StrategyPassiveManagerVelodrome::setRewardPool` Does Not Remove ERC20 Token Allowances When rewardPool is Updated
#48
sherlock-admin3
closed
2 months ago
0
mgf15 - `_removeAllowances` will revert on zero Value approvals
#47
sherlock-admin2
closed
2 months ago
1
y4y - No slippage protection when adding or removing liquidity
#46
sherlock-admin4
closed
2 months ago
4
Previous
Next