sherlock-audit 2024-06-leveraged-vaults-judging issues

sherlock-audit / 2024-06-leveraged-vaults-judging

9 stars 8 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

ZeroTrust - There is a precision loss in the _stakeTokens function.

#82 sherlock-admin3 closed 2 months ago
1
ZeroTrust - A failed rewardToken transfer results in a loss for the user

#81 sherlock-admin2 closed 2 months ago
0
ZeroTrust - The _getValueOfWithdrawRequest function uses different methods for selecting assets in various vaults.

#80 sherlock-admin4 opened 2 months ago
11
Ironsidesec - No deadline protection from MEV

#79 sherlock-admin3 closed 1 month ago
13
ZeroTrust - The withdrawValue calculation in _calculateValueOfWithdrawRequest is incorrect.

#78 sherlock-admin2 opened 2 months ago
12
ZeroTrust - In the _claimAccountRewards function, skipping the third-party reward claim might cause losses for users.

#77 sherlock-admin4 closed 2 months ago
9
ZeroTrust - For liquidators, a Denial of Service (DoS) could occur if vaultShares is not equal to vaultSharesRedeemed.

#76 sherlock-admin3 closed 2 months ago
1
BiasedMerc - VaultRewarderLib::_claimRewardToken transfer wrapped in try catch can lead to loss of rewards

#75 sherlock-admin2 closed 2 months ago
0
TopStar - Top88Star - Potential overflow when calculating rewards

#74 sherlock-admin4 closed 2 months ago
1
xiaoming90 - Protocol could be DOS by transfer error due to lack of code length check

#73 sherlock-admin3 opened 2 months ago
13
xiaoming90 - `rescueTokens` feature is broken

#72 sherlock-admin2 opened 2 months ago
13
xiaoming90 - Reward token will be lost if a transfer fails

#71 sherlock-admin4 closed 2 months ago
0
xiaoming90 - Lack of slippage control on `_redeemPT` function

#70 sherlock-admin3 opened 2 months ago
2
xiaoming90 - Incorrect assumption that PT rate is 1.0 post-expiry

#69 sherlock-admin2 opened 2 months ago
2
xiaoming90 - Reward tokens can be stolen

#68 sherlock-admin4 closed 2 months ago
1
xiaoming90 - Value of vault shares can be manipulated

#67 sherlock-admin3 closed 1 month ago
10
xiaoming90 - Wrong decimal precision resulted in the price being inflated

#66 sherlock-admin2 opened 2 months ago
3
KungFuPanda - The EthenaVault's redemptions of a user's withdrawal request with an ID=0 will always fail on Arbitrum

#65 sherlock-admin4 closed 2 months ago
1
xiaoming90 - Malicious users can steal reward tokens via re-entrancy attack

#64 sherlock-admin3 opened 2 months ago
19
xiaoming90 - Users can deny the vault from claiming reward tokens

#63 sherlock-admin2 opened 2 months ago
7
xiaoming90 - Malicious withdrawal requests can be injected into the holder's queue

#62 sherlock-admin4 closed 2 months ago
7
xiaoming90 - Loss of rewards due to continuous griefing attacks on L2 environment

#61 sherlock-admin3 opened 2 months ago
18
xiaoming90 - Incorrect valuation of vault share

#60 sherlock-admin2 opened 2 months ago
2
zhuying - Some user funds will be struck and unable to be withdrawn

#59 sherlock-admin4 closed 2 months ago
1
DenTonylifer - VaultRewarderLib cannot receive rewards for boosted staking

#58 sherlock-admin3 closed 2 months ago
1
BiasedMerc - Ethena::_sellStakedUSDe will revert due to not setting approvals to called DEX

#57 sherlock-admin2 closed 2 months ago
1
eeyore - Premature collateralization check in the `BaseStakingVault.initiateWithdraw()` function can leave accounts undercollateralized

#56 sherlock-admin4 opened 2 months ago
13
nfmelendez - call() should be used instead of transfer() on an address payable

#55 sherlock-admin3 closed 2 months ago
1
web3tycoon - An account can avoid liquidation by calling `finalizeWithdrawsManual`

#54 sherlock-admin2 closed 2 months ago
1
eeyore - Liquidation of an insolvent account should be permitted if it results in a solvent account and a derisked Notional protocol

#53 sherlock-admin4 closed 2 months ago
1
web3tycoon - The `requestId` is never reset back to zero.

#52 sherlock-admin3 closed 2 months ago
1
MSaptarshi - deadline set to as block.timestamp is a dangerous parameter

#51 sherlock-admin2 closed 2 months ago
0
eeyore - Inability to perform PendlePTStakedUSDeVault._executeInstantRedemption() as there is no sufficient liquidity for direct sUSDe -> USDe swap

#50 sherlock-admin4 closed 2 months ago
1
ZeroTrust - The _redeemPT function lacks slippage protection.

#49 sherlock-admin3 closed 2 months ago
0
ZeroTrust - The lack of slippage protection in `EthenaLib::_sellStakedUSDe()` could lead to sandwich attacks.

#48 sherlock-admin2 closed 2 months ago
0
ZeroTrust - `BaseStrategyVault::liquidateVaultCashBalance()` are not override in BaseStakingVault.sol

#47 sherlock-admin4 closed 2 months ago
1
ZeroTrust - The `VaultRewarderLib::deleverageAccount` function can be abused by users of staking leverage vaults.

#46 sherlock-admin3 closed 2 months ago
1
ZeroTrust - The _executeClaim function will revert if the RewardPoolType is _UNUSED.

#45 sherlock-admin2 closed 2 months ago
19
ZeroTrust - After a liquidator liquidates someone else’s position, it could cause a Denial of Service (DoS) when their own position also needs to be liquidated.

#44 sherlock-admin4 opened 2 months ago
14
ZeroTrust - `EtherFiLib::_initiateWithdrawImpl` will revert because rebase tokens transfer 1-2 less wei

#43 sherlock-admin3 opened 2 months ago
13
web3tycoon - Same Reward can be claimed more than once.

#42 sherlock-admin2 closed 2 months ago
1
ZeroTrust - In the _splitWithdrawRequest() function, there exists an issue that causes both the from and to requestId to be 0

#41 sherlock-admin4 closed 2 months ago
8
web3tycoon - No check if An account is healthy during liquidations.

#40 sherlock-admin3 closed 2 months ago
1
Salty Midnight Loris - Off-by-one in `EthenaCooldownHolder._canFinalizeWithdrawRequest()` function

#39 sherlock-admin4 closed 2 months ago
1
eeyore - `VaultRewarderLib._claimVaultRewards()` call can be front-run to steal incentive gains from boosting protocols

#38 sherlock-admin3 closed 2 months ago
1
web3tycoon - Owner can steal all tokens

#37 sherlock-admin2 closed 2 months ago
1
eeyore - Loss of user-earned rewards due to lack of recovery mechanism and insufficient reward token balances in the VaultRewarderLib _claimRewardToken() function

#36 sherlock-admin4 closed 2 months ago
1
pseudoArtist - Missing transaction expiration check result in tokens selling at a lower price

#35 sherlock-admin3 closed 2 months ago
0
Zealous Cornflower Nightingale - Update initializer modifier to prevent storage collision

#34 sherlock-admin4 closed 2 months ago
1
Filip.R - When call `_splitWithdrawRequest`, It has not been checked about _from's remaing vaultShares.

#33 sherlock-admin3 closed 2 months ago
1

Previous Next