issues
search
sherlock-audit
/
2024-05-elfi-protocol-judging
11
stars
7
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
blackhole - Unauthorized access to `batchUpdateAccountToken` function allows arbitrary token updates in AccountFacet
#244
sherlock-admin2
closed
3 months ago
0
ZeroTrust - In the PositionMarginProcess.updateAllPositionFromBalanceMargin function, requestId might conflict due to having the same value.
#243
sherlock-admin4
closed
3 months ago
1
ZeroTrust - Liquidity providers are unreasonably restricted by pool.getPoolAvailableLiquidity() when redeeming Stake Tokens
#242
sherlock-admin3
closed
3 months ago
1
ZeroTrust - DECREASE order can not be canceled.
#241
sherlock-admin2
closed
3 months ago
1
ZeroTrust - The profits of LpPool are not included in AvailableLiquidity in `getPoolAvailableLiquidity()`
#240
sherlock-admin4
closed
3 months ago
9
nikhil840096 - Missing Function Signature in Diamond Proxy Contract Deployment
#239
sherlock-admin3
closed
3 months ago
1
ZeroTrust - poolLiquidityLimit=0 has completely different meanings in UsdPool.sol and LpPoolQueryProcess.sol
#238
sherlock-admin2
closed
3 months ago
1
ZeroTrust - The calculations in `isSubAmountAllowed` overcounted balance.unsettledAmount in LpPool.sol
#237
sherlock-admin4
closed
2 months ago
16
ZeroTrust - The balance.unsettledAmount is missing in the calculations for `getMaxWithdraw` and `isSubAmountAllowed` in UsdPool.sol
#236
sherlock-admin3
opened
3 months ago
13
ZeroTrust - When a user opens a short position, there is a lack of checks on the liquidity pool, which can result in the user being unable to realize their profits if they succeed.
#235
sherlock-admin2
closed
3 months ago
10
ZeroTrust - When the poolValue is 0, the corresponding market will experience a DoS
#234
sherlock-admin4
closed
3 months ago
1
CL001 - Users can avoid paying borrowing fees
#233
sherlock-admin3
closed
3 months ago
2
pwning_dev - `decreasePosition` function is vulnerable to reentrancy attacks
#232
sherlock-admin2
closed
3 months ago
2
pwning_dev - `validateAndDepositMintExecutionFee` incorrect validation of inputs
#231
sherlock-admin4
closed
3 months ago
0
pwning_dev - Inadequate Handling of Token Transfers in cancelOrder
#230
sherlock-admin3
closed
3 months ago
0
pwning_dev - Missing Return Value Checks on External Calls
#229
sherlock-admin2
closed
3 months ago
0
pwning_dev - Missing Check for Existence in cancelOrder Function
#228
sherlock-admin4
closed
3 months ago
0
pwning_dev - Missing Return Value Checks on External Calls
#227
sherlock-admin3
closed
3 months ago
1
ZeroTrust - The create Withdraw Request lacks any condition checks, making it easy to create a large number of invalid requests
#226
sherlock-admin2
closed
3 months ago
0
ZeroTrust - The check for the user’s collateralUserCap is missing params.amount in AssetsProcess::deposit()
#225
sherlock-admin4
closed
3 months ago
0
ZeroTrust - Missing executionFee in the function `createWithdrawRequest`
#224
sherlock-admin3
closed
3 months ago
0
ZeroTrust - The `executeUpdatePositionMarginRequest` function is missing the operation to update the borrowing fee
#223
sherlock-admin2
closed
3 months ago
0
ZeroTrust - The `executeUpdateLeverageRequest` function is missing the operation to update the borrowing fee
#222
sherlock-admin4
closed
3 months ago
0
tedox - `AccountFacet::batchUpdateAccountToken` allows users to manually change their blance
#221
sherlock-admin3
closed
3 months ago
0
SAAJ - All onlyRoleAdmin functions are useless as no admin due to empty constructor
#220
sherlock-admin2
closed
3 months ago
1
SAAJ - cancelUpdatePositionMarginRequest does not refund eth
#219
sherlock-admin4
closed
3 months ago
1
SAAJ - createUpdatePositionMarginRequest can be used to create multiple positions in a single transaction
#218
sherlock-admin3
closed
3 months ago
3
SAAJ - createWithdrawRequest revert for native token
#217
sherlock-admin2
closed
3 months ago
1
SAAJ - No re-entrancy protection in deposit function
#216
sherlock-admin4
closed
3 months ago
1
AnasTur - Uncontrolled Slippage Exposes Users to Unfavorable Trade Executions
#215
sherlock-admin3
closed
3 months ago
1
ZeroTrust - Using the .call() method to refund the refundFee In processExecutionFee may result in excessive gas consumption and potential reentrancy attacks.
#214
sherlock-admin2
closed
3 months ago
0
ZeroTrust - Logical error in the processExecutionFee function GasProcess.sol
#213
sherlock-admin4
closed
3 months ago
0
ZeroTrust - Logical error in the getPoolIntValue function in LpPoolQueryProcess.sol
#212
sherlock-admin3
closed
3 months ago
0
KupiaSec - The `lossFee` is always 0 in the `GasProcess.processExecutionFee()` function
#211
sherlock-admin2
closed
3 months ago
0
KupiaSec - The `PositionMarginProcess.updatePositionFromBalanceMargin()` function calculates the `changeAmount` after modifying the storage variable
#210
sherlock-admin4
closed
3 months ago
0
KupiaSec - The `AssetsProcess.withdraw()` function doesn't update the `CommonData`
#209
sherlock-admin3
closed
3 months ago
0
KupiaSec - When withdrawing funds, the `PositionMarginProcess.updatePositionFromBalanceMargin()` function may not operate correctly
#208
sherlock-admin2
closed
3 months ago
0
KupiaSec - The implementation of the `PositionMarginProcess.updateAllPositionFromBalanceMargin()` function does not update the `accountProps`
#207
sherlock-admin4
closed
3 months ago
1
KupiaSec - The `PositionMarginProcess.updateAllPositionFromBalanceMargin()` function is passing an incorrect parameter to the `updatePositionFromBalanceMargin()` function call
#206
sherlock-admin3
closed
3 months ago
0
KupiaSec - In the `AssetsProcess.deposit()` function, the user collateral cap check is performed using the outdated token amount, instead of the newly updated value
#205
sherlock-admin2
closed
3 months ago
0
KupiaSec - The `AccountFacet.batchUpdateAccountToken()` function is missing a caller authorization check
#204
sherlock-admin4
closed
3 months ago
0
pashap9990 - malicious user can create many withdrawing request and this can have overload for the keeper
#203
sherlock-admin3
closed
3 months ago
0
pashap9990 - autoReducePositions function can has significant losses for the protocol
#202
sherlock-admin2
closed
3 months ago
0
KrisRenZo - Loss of Funds Due Caused by _settleCrossAccount incorrectly Accounting PositionMarginFromBalance
#201
sherlock-admin4
closed
3 months ago
1
KrisRenZo - Accounting error due to Execution fee being charged to wrong vault
#200
sherlock-admin3
closed
3 months ago
0
KrisRenZo - Attacker can extract more funding fees by blockstuffing
#199
sherlock-admin2
closed
3 months ago
3
KrisRenZo - Use of outdated liability value in decreasePosition leads to account error
#198
sherlock-admin4
opened
3 months ago
4
KrisRenZo - Deleted
#197
sherlock-admin3
closed
3 months ago
1
pashap9990 - Users cannot withdraw their assets if admin omit specific token from trade token list
#196
sherlock-admin2
closed
3 months ago
1
korok - `revokeAllRole()` corrupts the EnumerableSet leaving the targets permissions active and making their role unrevokable
#195
sherlock-admin4
closed
3 months ago
0
Previous
Next