sherlock-audit 2024-05-elfi-protocol-judging issues

sherlock-audit / 2024-05-elfi-protocol-judging

11 stars 7 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

blackhole - Unauthorized access to `batchUpdateAccountToken` function allows arbitrary token updates in AccountFacet

#244 sherlock-admin2 closed 3 months ago
0
ZeroTrust - In the PositionMarginProcess.updateAllPositionFromBalanceMargin function, requestId might conflict due to having the same value.

#243 sherlock-admin4 closed 3 months ago
1
ZeroTrust - Liquidity providers are unreasonably restricted by pool.getPoolAvailableLiquidity() when redeeming Stake Tokens

#242 sherlock-admin3 closed 3 months ago
1
ZeroTrust - DECREASE order can not be canceled.

#241 sherlock-admin2 closed 3 months ago
1
ZeroTrust - The profits of LpPool are not included in AvailableLiquidity in `getPoolAvailableLiquidity()`

#240 sherlock-admin4 closed 3 months ago
9
nikhil840096 - Missing Function Signature in Diamond Proxy Contract Deployment

#239 sherlock-admin3 closed 3 months ago
1
ZeroTrust - poolLiquidityLimit=0 has completely different meanings in UsdPool.sol and LpPoolQueryProcess.sol

#238 sherlock-admin2 closed 3 months ago
1
ZeroTrust - The calculations in `isSubAmountAllowed` overcounted balance.unsettledAmount in LpPool.sol

#237 sherlock-admin4 closed 2 months ago
16
ZeroTrust - The balance.unsettledAmount is missing in the calculations for `getMaxWithdraw` and `isSubAmountAllowed` in UsdPool.sol

#236 sherlock-admin3 opened 3 months ago
13
ZeroTrust - When a user opens a short position, there is a lack of checks on the liquidity pool, which can result in the user being unable to realize their profits if they succeed.

#235 sherlock-admin2 closed 3 months ago
10
ZeroTrust - When the poolValue is 0, the corresponding market will experience a DoS

#234 sherlock-admin4 closed 3 months ago
1
CL001 - Users can avoid paying borrowing fees

#233 sherlock-admin3 closed 3 months ago
2
pwning_dev - `decreasePosition` function is vulnerable to reentrancy attacks

#232 sherlock-admin2 closed 3 months ago
2
pwning_dev - `validateAndDepositMintExecutionFee` incorrect validation of inputs

#231 sherlock-admin4 closed 3 months ago
0
pwning_dev - Inadequate Handling of Token Transfers in cancelOrder

#230 sherlock-admin3 closed 3 months ago
0
pwning_dev - Missing Return Value Checks on External Calls

#229 sherlock-admin2 closed 3 months ago
0
pwning_dev - Missing Check for Existence in cancelOrder Function

#228 sherlock-admin4 closed 3 months ago
0
pwning_dev - Missing Return Value Checks on External Calls

#227 sherlock-admin3 closed 3 months ago
1
ZeroTrust - The create Withdraw Request lacks any condition checks, making it easy to create a large number of invalid requests

#226 sherlock-admin2 closed 3 months ago
0
ZeroTrust - The check for the user’s collateralUserCap is missing params.amount in AssetsProcess::deposit()

#225 sherlock-admin4 closed 3 months ago
0
ZeroTrust - Missing executionFee in the function `createWithdrawRequest`

#224 sherlock-admin3 closed 3 months ago
0
ZeroTrust - The `executeUpdatePositionMarginRequest` function is missing the operation to update the borrowing fee

#223 sherlock-admin2 closed 3 months ago
0
ZeroTrust - The `executeUpdateLeverageRequest` function is missing the operation to update the borrowing fee

#222 sherlock-admin4 closed 3 months ago
0
tedox - `AccountFacet::batchUpdateAccountToken` allows users to manually change their blance

#221 sherlock-admin3 closed 3 months ago
0
SAAJ - All onlyRoleAdmin functions are useless as no admin due to empty constructor

#220 sherlock-admin2 closed 3 months ago
1
SAAJ - cancelUpdatePositionMarginRequest does not refund eth

#219 sherlock-admin4 closed 3 months ago
1
SAAJ - createUpdatePositionMarginRequest can be used to create multiple positions in a single transaction

#218 sherlock-admin3 closed 3 months ago
3
SAAJ - createWithdrawRequest revert for native token

#217 sherlock-admin2 closed 3 months ago
1
SAAJ - No re-entrancy protection in deposit function

#216 sherlock-admin4 closed 3 months ago
1
AnasTur - Uncontrolled Slippage Exposes Users to Unfavorable Trade Executions

#215 sherlock-admin3 closed 3 months ago
1
ZeroTrust - Using the .call() method to refund the refundFee In processExecutionFee may result in excessive gas consumption and potential reentrancy attacks.

#214 sherlock-admin2 closed 3 months ago
0
ZeroTrust - Logical error in the processExecutionFee function GasProcess.sol

#213 sherlock-admin4 closed 3 months ago
0
ZeroTrust - Logical error in the getPoolIntValue function in LpPoolQueryProcess.sol

#212 sherlock-admin3 closed 3 months ago
0
KupiaSec - The `lossFee` is always 0 in the `GasProcess.processExecutionFee()` function

#211 sherlock-admin2 closed 3 months ago
0
KupiaSec - The `PositionMarginProcess.updatePositionFromBalanceMargin()` function calculates the `changeAmount` after modifying the storage variable

#210 sherlock-admin4 closed 3 months ago
0
KupiaSec - The `AssetsProcess.withdraw()` function doesn't update the `CommonData`

#209 sherlock-admin3 closed 3 months ago
0
KupiaSec - When withdrawing funds, the `PositionMarginProcess.updatePositionFromBalanceMargin()` function may not operate correctly

#208 sherlock-admin2 closed 3 months ago
0
KupiaSec - The implementation of the `PositionMarginProcess.updateAllPositionFromBalanceMargin()` function does not update the `accountProps`

#207 sherlock-admin4 closed 3 months ago
1
KupiaSec - The `PositionMarginProcess.updateAllPositionFromBalanceMargin()` function is passing an incorrect parameter to the `updatePositionFromBalanceMargin()` function call

#206 sherlock-admin3 closed 3 months ago
0
KupiaSec - In the `AssetsProcess.deposit()` function, the user collateral cap check is performed using the outdated token amount, instead of the newly updated value

#205 sherlock-admin2 closed 3 months ago
0
KupiaSec - The `AccountFacet.batchUpdateAccountToken()` function is missing a caller authorization check

#204 sherlock-admin4 closed 3 months ago
0
pashap9990 - malicious user can create many withdrawing request and this can have overload for the keeper

#203 sherlock-admin3 closed 3 months ago
0
pashap9990 - autoReducePositions function can has significant losses for the protocol

#202 sherlock-admin2 closed 3 months ago
0
KrisRenZo - Loss of Funds Due Caused by _settleCrossAccount incorrectly Accounting PositionMarginFromBalance

#201 sherlock-admin4 closed 3 months ago
1
KrisRenZo - Accounting error due to Execution fee being charged to wrong vault

#200 sherlock-admin3 closed 3 months ago
0
KrisRenZo - Attacker can extract more funding fees by blockstuffing

#199 sherlock-admin2 closed 3 months ago
3
KrisRenZo - Use of outdated liability value in decreasePosition leads to account error

#198 sherlock-admin4 opened 3 months ago
4
KrisRenZo - Deleted

#197 sherlock-admin3 closed 3 months ago
1
pashap9990 - Users cannot withdraw their assets if admin omit specific token from trade token list

#196 sherlock-admin2 closed 3 months ago
1
korok - `revokeAllRole()` corrupts the EnumerableSet leaving the targets permissions active and making their role unrevokable

#195 sherlock-admin4 closed 3 months ago
0

Previous Next