issues
search
sherlock-audit
/
2024-05-napier-update-judging
8
stars
7
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
no - Checking `RSETH_DEPOSIT_POOL.minAmountToDeposit()` in `RsETHAdapter::_stake()` causes Dos
#46
sherlock-admin3
opened
5 months ago
4
no - Invalid check for repayAmount in `MetapoolRouter::receiveFlashLoan` cause DOS
#45
sherlock-admin2
closed
4 months ago
0
no - Using deprecated interfaces `PUFFER_DEPOSITOR.depositStETH()` causes DOS
#44
sherlock-admin2
closed
4 months ago
0
merlin - The _stake function in the PufETHAdapter will always fail
#43
sherlock-admin4
closed
4 months ago
0
Bauer - The staking implementation logic is inconsistent across different adapters
#42
sherlock-admin3
closed
4 months ago
1
Bauer - Requesting withdrawal makes it susceptible to attacks, resulting in burning more tokens and financial losses
#41
sherlock-admin4
closed
4 months ago
3
Ironsidesec - `swapETHForYt` will revert even if contract has enough ETH to repay flashloan and refund remaining to user
#40
sherlock-admin2
closed
4 months ago
0
Bauer - Missing checks for staking limit
#39
sherlock-admin2
closed
4 months ago
0
Bauer - PufETHAdapter is unable to stake
#38
sherlock-admin4
closed
4 months ago
0
Bauer - `rsETHPrice()` may return an outdated price
#37
sherlock-admin4
closed
4 months ago
0
ydlee - Incorrect checking in `receiveFlashLoan` can cause `swapETHForYt` to fail unexpectedly.
#36
sherlock-admin3
opened
5 months ago
2
Bauer - Exchanging uniETH for WETH in the Uniswap V3 pool incurs significant slippage
#35
sherlock-admin3
closed
4 months ago
4
zraxx - prefundedDeposit will be DOSed if currentStakeLimit is small.
#34
sherlock-admin2
closed
4 months ago
1
Bauer - The redeem contract have Critical Risk
#33
sherlock-admin2
closed
4 months ago
1
Bauer - `BEDROCK_STAKING.mint()` lacks slippage protection
#32
sherlock-admin4
closed
4 months ago
2
zraxx - The function `claimWithdrawal` in `EETHAdapter` is not restricted which may cause the eeETH scale to be decreased maliciously
#31
sherlock-admin4
closed
4 months ago
4
blackhole - Incorrect totalAssets amounts can manipulate the price per share value in the EETHAdapter
#30
sherlock-admin3
closed
4 months ago
1
blackhole - The `recipient` parameter is missing in the call to the `depositStETH` function in the PufETHAdapter.
#29
sherlock-admin3
closed
4 months ago
0
Ironsidesec - Slippage on `MetapoolRouter.addLiquidityOneETHKeepYt`
#28
sherlock-admin3
opened
5 months ago
2
NoOne - Contracts are vulnerable to fee-on-transfer accounting-related issues
#27
sherlock-admin2
closed
4 months ago
1
Ironsidesec - Less rsETH minted than intended in volatile conditions. due to zero slippage when staking ETH to mint rsETH
#26
sherlock-admin2
opened
5 months ago
2
NoOne - should use `safeApprove` instead `approve`
#25
sherlock-admin4
closed
4 months ago
1
Ironsidesec - Missing stake limit validation on `RenzoAdapter._stake`
#24
sherlock-admin4
opened
5 months ago
3
T_F_E - more shares can be minted even when staking is paused
#23
sherlock-admin3
closed
4 months ago
1
Ironsidesec - Loss of referral rewards like $SWELL and ezRENZO points
#22
sherlock-admin3
closed
4 months ago
4
Ironsidesec - Depositing `stETH` to puffer finance will revert due to wrong implementation of `PufETHAdapter._stake` call
#21
sherlock-admin2
opened
5 months ago
3
Bauchibred - `UniETHAdapter#_stake()` , `RsETHAdapter#_stake()` & `UniETHAdapter#_requestWithdrawal()` all lack any slippage or deadline mechanism whatsoever
#20
sherlock-admin2
closed
4 months ago
2
Bauchibred - `MetapoolRouter#removeLiquidityOneETH()`'s attempt at removing liquidity could be completely bricked
#19
sherlock-admin4
closed
4 months ago
1
fandonov - The `RenzoAdapter.sol` contract doesn't check for the current staking limit in the `_stake` function
#18
sherlock-admin4
closed
4 months ago
2
fandonov - `BaseLSTAdapterUpgradeable` and `BaseLSTVaultUpgradeable` don't disable initializers as another layer of security.
#17
sherlock-admin3
closed
4 months ago
1
djaner - Oracle response not checked for stale prices
#16
sherlock-admin3
closed
4 months ago
1
djaner - `MetapoolIRouter.sol` lacks withdrawal and swap functionalities for YT tokens
#15
sherlock-admin2
closed
4 months ago
1
djaner - `MetapoolIRouter.sol` lacks withdrawal and swap functionalities for YT tokens
#14
sherlock-admin2
closed
4 months ago
2
yamato - `pufETHAdapter` will not work as it calls inexistent function
#13
sherlock-admin4
closed
4 months ago
0
yamato - `EETHAdapter` wrongfully valuates `EETH : ETH` at 1:1 rate
#12
sherlock-admin4
closed
4 months ago
2
yamato - `claimWithdrawal` deletes the entire `totalQueueETH`
#11
sherlock-admin3
closed
4 months ago
4
yamato - `uniETH` will get stuck within `uniETHSwapper` if swap crosses set `sqrtPriceLimitX96`
#10
sherlock-admin3
closed
4 months ago
23
blutorque - Any queued withdrawal from EtherFi adapter cannot be claimed
#9
sherlock-admin2
closed
4 months ago
0
blutorque - `currentStakeLimit` depletes faster in some adapters, due to actual amount spent less than the input `stakeAmount`
#8
sherlock-admin2
opened
5 months ago
2
whitehair0330 - There is no mechanism for distributing some additional rewards including eigenlayer restaked points.
#7
sherlock-admin4
closed
4 months ago
1
whitehair0330 - Users can deposit into tranche without any fee.
#6
sherlock-admin4
closed
4 months ago
23
whitehair0330 - Invalid check `_requestId < ETHERFI_WITHDRAW_NFT.lastFinalizedRequestId()` in the `EETHAdapter.claimWithdrawal()` function.
#5
sherlock-admin3
closed
4 months ago
0
blutorque - `PufETHAdapter` uses the incorrect function signature for staking
#4
sherlock-admin3
closed
4 months ago
1
NoOne - Using block.timestamp for deadline offers no protection
#3
sherlock-admin2
closed
4 months ago
1
NoOne - should use `safeTransfer` instead `transfer`
#2
sherlock-admin2
closed
4 months ago
1
NoOne - Pssible DoS atack
#1
sherlock-admin4
closed
4 months ago
12
Previous