sherlock-audit 2024-05-elfi-protocol-judging issues

sherlock-audit / 2024-05-elfi-protocol-judging

11 stars 7 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Zero Storage Slot Usage for `AppStorage` leads to potentially vulnerable storage mechanism

#294 sherlock-admin3 closed 4 months ago
2
Malicious user can steal money because of improper function visibility

#293 sherlock-admin4 closed 4 months ago
0
Unnecessary check in decrease position

#292 sherlock-admin2 closed 4 months ago
0
ZeroTrust - Precision loss in `_executeMintStakeUsd()`

#291 sherlock-admin4 closed 4 months ago
1
0xPwnd - Incorrect Conversion Functions Leading to Inaccurate Token and USD Calculations

#290 sherlock-admin3 closed 4 months ago
2
tedox - Users may not be able to close their position due to lack of liquidity in the pool

#289 sherlock-admin2 closed 4 months ago
3
link - Wrong gas fee calculation

#288 sherlock-admin4 closed 4 months ago
0
pwning_dev - Potential DoS Attack via Integer Overflow

#287 sherlock-admin3 closed 4 months ago
1
0xPwnd - Order Creation with Zero Margin Due to Incorrect Execution Fee Validation

#286 sherlock-admin2 closed 4 months ago
6
newt - Reentrancy Vulnerability

#285 sherlock-admin4 closed 4 months ago
3
link - The `OrderFacet.cancelOrder` function run by ROLE_KEEPER may run into malicious external contracts

#284 sherlock-admin3 closed 4 months ago
2
ZeroTrust - ElfiToken and ElfiUSD Token do not require users to transfer or authorize; they can be directly burned

#283 sherlock-admin2 closed 4 months ago
2
0xPwnd - Incorrect Margin Calculation in createOrderRequest Function Leading to Potential Inaccurate Margin Holdings

#282 sherlock-admin4 closed 4 months ago
2
1337 - batchUpdateAccountToken can set token balance arbitrarily

#281 sherlock-admin3 closed 4 months ago
0
0xPwnd - Insufficient Collateral Cap Check Allowing Collateral Overflow

#280 sherlock-admin2 closed 4 months ago
0
jah - missing authorization and not forcing the user to transfer funds lead to loss of funds

#279 sherlock-admin4 closed 4 months ago
0
0xPwnd - Unrestricted Access to batchUpdateAccountToken Allows Unauthorized Token Balance Modification

#278 sherlock-admin3 closed 4 months ago
0
jah - collateralUserCap is not properly checked when depositing

#277 sherlock-admin2 closed 4 months ago
0
brakeless - When actual executionFee is greater than expected executionFee, lossFee is calculated incorrectly and keepers are not fairly compensated

#276 sherlock-admin4 closed 4 months ago
0
ZeroTrust - Fee on transfer and rebase tokens will break the internal accounting of the protocol.

#275 sherlock-admin3 closed 4 months ago
0
mstpr-brainbot - The redeem process updates the rewards in the wrong order

#274 sherlock-admin2 opened 4 months ago
2
ZeroTrust - In Cross Margin mode, the user’s profit calculation is incorrect.

#273 sherlock-admin4 opened 4 months ago
15
ZeroTrust - In Cross Margin mode, the calculation for users borrowing from the pool is incorrect

#272 sherlock-admin3 closed 4 months ago
25
mstpr-brainbot - ERC20 transfers for stakeToken's is not updating the rewards process

#271 sherlock-admin2 closed 4 months ago
0
everyanykey - Frontrunning executeWithdraw call by keeper

#270 sherlock-admin4 closed 4 months ago
0
everyanykey - Frontrunning executeWithdraw call by keeper

#269 sherlock-admin3 closed 4 months ago
2
engineer - `Public` access control functions such as `grantRole`, `revokeRole` and `renounceRole` will fail as `ADMIN_ROLE` role is not it's own admin

#268 sherlock-admin2 closed 4 months ago
0
engineer - Lack of Access Control in `AppStorage` functions

#267 sherlock-admin4 closed 4 months ago
1
qpzm - The OI ratio limit rather prevents from enhancing OI ratio.

#266 sherlock-admin3 closed 4 months ago
3
link - The same deposited tokens can be used as margins for multiple positions

#265 sherlock-admin2 closed 4 months ago
0
Salem - Unchecked External Calls

#264 sherlock-admin4 closed 4 months ago
0
Salem - Lack of Access Control in executeWithdraw and cancelWithdraw

#263 sherlock-admin3 closed 4 months ago
1
Salem - User Collateral Cap Check Issue

#262 sherlock-admin2 opened 4 months ago
4
mstpr-brainbot - Users profit in short cross will leave the fees in UsdPool instead of LpPool

#261 sherlock-admin4 opened 4 months ago
3
newt - No Limit For Minting

#260 sherlock-admin3 closed 4 months ago
1
aman - `cache.isLiquidation` will always be false , will create DoS to Liquidate Position

#259 sherlock-admin2 closed 4 months ago
3
mstpr-brainbot - Mismatching funding fees can result in the protocol incurring a deficit or insolvency risk

#258 sherlock-admin4 opened 4 months ago
2
aman - `_executeDecreaseOrder` pass `isCrossMargin=false` is not correct crossMargin value

#257 sherlock-admin3 closed 4 months ago
6
aman - While Calculating the value for availableLiquidity we need to subtract the holdAmount as it is not part of Liquidity yet.

#256 sherlock-admin2 closed 4 months ago
1
aman - `isHoldAmountAllowed` and `isSubAmountAllowed` wrong subtraction will result in DoS

#255 sherlock-admin4 opened 4 months ago
2
aman - `LpPool:unHoldStableToken` will always revert due to wrong require statement

#254 sherlock-admin3 closed 4 months ago
3
aman - Loss Fee does not get added due to wrong calculation

#253 sherlock-admin2 closed 4 months ago
0
aman - User will loss the Rewards for stacking if he redeem without claiming the reward

#252 sherlock-admin4 closed 4 months ago
0
aman - The USer will receive less amount than user expected

#251 sherlock-admin3 opened 4 months ago
0
pwning_dev - Improper Handling of Array Length

#250 sherlock-admin2 closed 4 months ago
1
mstpr-brainbot - Users can have positions with a margin lower than the allowed minimum margin

#249 sherlock-admin4 opened 4 months ago
1
0xAadi - `deposit()` function in `AssetsProcess` contract fails to restrict a user from depositing amounts greater than `collateralUserCap`

#248 sherlock-admin3 closed 4 months ago
0
blackhole - The `minRedeemAmount` validation check does not consider the actual redeem amount

#247 sherlock-admin2 closed 4 months ago
2
blackhole - The `redeemFee` is not properly deducted in `_executeRedeemStakeToken` Function

#246 sherlock-admin4 closed 4 months ago
0
blackhole - Keepers can steal additional execution fee from users in `processExecutionFee` function

#245 sherlock-admin3 closed 4 months ago
0