issues
search
sherlock-audit
/
2024-06-leveraged-vaults-judging
9
stars
8
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
ZeroTrust - There is a precision loss in the _stakeTokens function.
#82
sherlock-admin3
closed
2 months ago
1
ZeroTrust - A failed rewardToken transfer results in a loss for the user
#81
sherlock-admin2
closed
2 months ago
0
ZeroTrust - The _getValueOfWithdrawRequest function uses different methods for selecting assets in various vaults.
#80
sherlock-admin4
opened
2 months ago
11
Ironsidesec - No deadline protection from MEV
#79
sherlock-admin3
closed
1 month ago
13
ZeroTrust - The withdrawValue calculation in _calculateValueOfWithdrawRequest is incorrect.
#78
sherlock-admin2
opened
2 months ago
12
ZeroTrust - In the _claimAccountRewards function, skipping the third-party reward claim might cause losses for users.
#77
sherlock-admin4
closed
2 months ago
9
ZeroTrust - For liquidators, a Denial of Service (DoS) could occur if vaultShares is not equal to vaultSharesRedeemed.
#76
sherlock-admin3
closed
2 months ago
1
BiasedMerc - VaultRewarderLib::_claimRewardToken transfer wrapped in try catch can lead to loss of rewards
#75
sherlock-admin2
closed
2 months ago
0
TopStar - Top88Star - Potential overflow when calculating rewards
#74
sherlock-admin4
closed
2 months ago
1
xiaoming90 - Protocol could be DOS by transfer error due to lack of code length check
#73
sherlock-admin3
opened
2 months ago
13
xiaoming90 - `rescueTokens` feature is broken
#72
sherlock-admin2
opened
2 months ago
13
xiaoming90 - Reward token will be lost if a transfer fails
#71
sherlock-admin4
closed
2 months ago
0
xiaoming90 - Lack of slippage control on `_redeemPT` function
#70
sherlock-admin3
opened
2 months ago
2
xiaoming90 - Incorrect assumption that PT rate is 1.0 post-expiry
#69
sherlock-admin2
opened
2 months ago
2
xiaoming90 - Reward tokens can be stolen
#68
sherlock-admin4
closed
2 months ago
1
xiaoming90 - Value of vault shares can be manipulated
#67
sherlock-admin3
closed
1 month ago
10
xiaoming90 - Wrong decimal precision resulted in the price being inflated
#66
sherlock-admin2
opened
2 months ago
3
KungFuPanda - The EthenaVault's redemptions of a user's withdrawal request with an ID=0 will always fail on Arbitrum
#65
sherlock-admin4
closed
2 months ago
1
xiaoming90 - Malicious users can steal reward tokens via re-entrancy attack
#64
sherlock-admin3
opened
2 months ago
19
xiaoming90 - Users can deny the vault from claiming reward tokens
#63
sherlock-admin2
opened
2 months ago
7
xiaoming90 - Malicious withdrawal requests can be injected into the holder's queue
#62
sherlock-admin4
closed
2 months ago
7
xiaoming90 - Loss of rewards due to continuous griefing attacks on L2 environment
#61
sherlock-admin3
opened
2 months ago
18
xiaoming90 - Incorrect valuation of vault share
#60
sherlock-admin2
opened
2 months ago
2
zhuying - Some user funds will be struck and unable to be withdrawn
#59
sherlock-admin4
closed
2 months ago
1
DenTonylifer - VaultRewarderLib cannot receive rewards for boosted staking
#58
sherlock-admin3
closed
2 months ago
1
BiasedMerc - Ethena::_sellStakedUSDe will revert due to not setting approvals to called DEX
#57
sherlock-admin2
closed
2 months ago
1
eeyore - Premature collateralization check in the `BaseStakingVault.initiateWithdraw()` function can leave accounts undercollateralized
#56
sherlock-admin4
opened
2 months ago
13
nfmelendez - call() should be used instead of transfer() on an address payable
#55
sherlock-admin3
closed
2 months ago
1
web3tycoon - An account can avoid liquidation by calling `finalizeWithdrawsManual`
#54
sherlock-admin2
closed
2 months ago
1
eeyore - Liquidation of an insolvent account should be permitted if it results in a solvent account and a derisked Notional protocol
#53
sherlock-admin4
closed
2 months ago
1
web3tycoon - The `requestId` is never reset back to zero.
#52
sherlock-admin3
closed
2 months ago
1
MSaptarshi - deadline set to as block.timestamp is a dangerous parameter
#51
sherlock-admin2
closed
2 months ago
0
eeyore - Inability to perform PendlePTStakedUSDeVault._executeInstantRedemption() as there is no sufficient liquidity for direct sUSDe -> USDe swap
#50
sherlock-admin4
closed
2 months ago
1
ZeroTrust - The _redeemPT function lacks slippage protection.
#49
sherlock-admin3
closed
2 months ago
0
ZeroTrust - The lack of slippage protection in `EthenaLib::_sellStakedUSDe()` could lead to sandwich attacks.
#48
sherlock-admin2
closed
2 months ago
0
ZeroTrust - `BaseStrategyVault::liquidateVaultCashBalance()` are not override in BaseStakingVault.sol
#47
sherlock-admin4
closed
2 months ago
1
ZeroTrust - The `VaultRewarderLib::deleverageAccount` function can be abused by users of staking leverage vaults.
#46
sherlock-admin3
closed
2 months ago
1
ZeroTrust - The _executeClaim function will revert if the RewardPoolType is _UNUSED.
#45
sherlock-admin2
closed
2 months ago
19
ZeroTrust - After a liquidator liquidates someone else’s position, it could cause a Denial of Service (DoS) when their own position also needs to be liquidated.
#44
sherlock-admin4
opened
2 months ago
14
ZeroTrust - `EtherFiLib::_initiateWithdrawImpl` will revert because rebase tokens transfer 1-2 less wei
#43
sherlock-admin3
opened
2 months ago
13
web3tycoon - Same Reward can be claimed more than once.
#42
sherlock-admin2
closed
2 months ago
1
ZeroTrust - In the _splitWithdrawRequest() function, there exists an issue that causes both the from and to requestId to be 0
#41
sherlock-admin4
closed
2 months ago
8
web3tycoon - No check if An account is healthy during liquidations.
#40
sherlock-admin3
closed
2 months ago
1
Salty Midnight Loris - Off-by-one in `EthenaCooldownHolder._canFinalizeWithdrawRequest()` function
#39
sherlock-admin4
closed
2 months ago
1
eeyore - `VaultRewarderLib._claimVaultRewards()` call can be front-run to steal incentive gains from boosting protocols
#38
sherlock-admin3
closed
2 months ago
1
web3tycoon - Owner can steal all tokens
#37
sherlock-admin2
closed
2 months ago
1
eeyore - Loss of user-earned rewards due to lack of recovery mechanism and insufficient reward token balances in the VaultRewarderLib _claimRewardToken() function
#36
sherlock-admin4
closed
2 months ago
1
pseudoArtist - Missing transaction expiration check result in tokens selling at a lower price
#35
sherlock-admin3
closed
2 months ago
0
Zealous Cornflower Nightingale - Update initializer modifier to prevent storage collision
#34
sherlock-admin4
closed
2 months ago
1
Filip.R - When call `_splitWithdrawRequest`, It has not been checked about _from's remaing vaultShares.
#33
sherlock-admin3
closed
2 months ago
1
Previous
Next