sherlock-audit 2024-08-cork-protocol-judging issues

sherlock-audit / 2024-08-cork-protocol-judging

2 stars 2 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Parvez.eth - Unsafe Casting

#257 sherlock-admin3 closed 2 months ago
0
MadSisyphus - Upgradeable contract `AssetFactory.sol` cannot be upgraded

#256 sherlock-admin2 closed 2 months ago
0
Parvez.eth - Unprotected initializer

#255 sherlock-admin2 closed 2 months ago
0
eta - Incorrect Calculation in `getAmountOutDs` Function Leads to Errors in DS Token Swaps

#254 sherlock-admin4 closed 1 month ago
2
MadSisyphus - `notDelegated` modifier prevents `AssetFactory::deploySwapAssets` and `AssetFactory::deployLv` to be used

#253 sherlock-admin3 closed 2 months ago
0
gkrastenov - The cancelRedemptionRequest function does not work properly

#252 sherlock-admin2 closed 2 months ago
1
dimulski - Users who requested to redeem their LV tokens, can't cancel their request.

#251 sherlock-admin4 closed 2 months ago
1
mbengeman - Unprotected FlashSwapRouter::initialize

#250 sherlock-admin4 closed 2 months ago
0
MadSisyphus - `AssetFactory.sol` and `ModuleCore.sol` circular dependency at deployment time

#249 sherlock-admin3 closed 2 months ago
1
Parvez.eth - Using `block.timestamp` for swap deadline offers no protection

#248 sherlock-admin4 closed 2 months ago
1
vinica_boy - Missing slippage protection when redeeming rewards from LV

#247 sherlock-admin3 closed 2 months ago
0
0x73696d616f - Malicious actor will frontrun user redeeming early permit call and DoS the user from withdrawing, being problematic whenever it's close to expiry

#246 sherlock-admin3 closed 1 month ago
19
MadSisyphus - `AssetFactory.sol` proxy contract cannot be initialized

#245 sherlock-admin3 closed 2 months ago
0
Parvez.eth - abi.encodePacked()` should not be used with dynamic types when passing the result to a hash function such as `keccak256()`

#244 sherlock-admin2 closed 2 months ago
1
0x73696d616f - Lack of slippage protection in the `VaultLib` will lead to MEV and users will take losses

#243 sherlock-admin2 closed 2 months ago
0
dimulski - If not all users have requested to redeem their LV tokens, some PA tokens will be locked in the protocol forever

#242 sherlock-admin2 closed 2 months ago
0
Aycozzynfada - Missing Return in PSM.redeemRaWithCtDs Function

#241 sherlock-admin2 closed 2 months ago
1
vinica_boy - Providing liquidity to the AMM does not check the return value of actually provided tokens leading to locked funds.

#240 sherlock-admin2 opened 2 months ago
2
nikhil840096 - Unaccounted Minting of `ds` Tokens Leads to Locked Funds and Inaccessible User Deposits

#239 sherlock-admin2 closed 1 month ago
1
eta - Arbitrage Opportunity Due to Mismatch in `getAmountIn` and `getAmountOut` Calculations in DsSwapperMathLib.sol

#238 sherlock-admin2 closed 2 months ago
1
ivanonchain - The absence of slippage protection can result in users receiving fewer tokens than expected when removing liquidity.

#237 sherlock-admin2 closed 2 months ago
1
0x73696d616f - `VaultLib::__addLiquidityToAmmUnchecked()` does not deal with the remaining amounts not sent to the amm, losing them

#236 sherlock-admin2 closed 2 months ago
0
0x73696d616f - Rebasing tokens are not supported contrary to the readme and will lead to loss of funds

#235 sherlock-admin2 opened 2 months ago
1
0x73696d616f - Users can not cancel redemption requests which will lead to stuck `lv` for them and forces them to wait for expiry, getting `Ra` and `Pa` instead and taking a loss

#234 sherlock-admin2 closed 2 months ago
1
ivanonchain - DOS risk for too strict slippage protection.

#233 sherlock-admin2 closed 1 month ago
11
KupiaSec - Setting `dsId` to an expired `DS` will lead to the reversal of the `FlashSwapRouter.swapDsforRa()` function

#232 sherlock-admin2 closed 2 months ago
1
KupiaSec - `DoS` to the `FlashSwapRouter.__afterFlashswapBuy()` function

#231 sherlock-admin2 closed 1 month ago
0
KupiaSec - When the price of `PA` declines, users can profit by executing `depositPsm + redeemRaWithDs`

#230 sherlock-admin2 closed 1 month ago
1
darkart - Incrementing globalAssetIdx will prevent first-issuance liquidity handling logic from executing correctly

#229 sherlock-admin2 closed 2 months ago
1
KupiaSec - When users buy `DS`, the `FlashSwapRouter` assumes an exchange rate of `1:1` between `RA` and `CT + DS`

#228 sherlock-admin2 closed 2 months ago
7
0xEkko - Lack of Access Control in `onNewIssuance` Function Allows Unauthorized Liquidity Manipulation and Forced LP Liquidation

#227 sherlock-admin2 closed 2 months ago
1
KupiaSec - The `FlashSwapRouter` mistakenly transfers certain `RA` tokens to `DS` buyers, resulting in financial losses for `lv` holders

#226 sherlock-admin2 closed 2 months ago
0
KupiaSec - There is neither a fee collector nor a fee sweep mechanism in place

#225 sherlock-admin2 closed 2 months ago
11
KupiaSec - Title: The `DsFlashSwap.getAmountOutSellDS()` function considers the exchange rate between `RA` and `CT + DS` to be `1:1`

#224 sherlock-admin2 closed 2 months ago
0
KupiaSec - Incorrect return value of the `VaultLib._redeemCtDsAndSellExcessCt()` function

#223 sherlock-admin2 closed 2 months ago
0
KupiaSec - The `VaultLib.__calculateCtBalanceWithRate()` function doesn't sort `raReserve` and `ctReserve`

#222 sherlock-admin2 closed 2 months ago
0
KupiaSec - The `PsmLib.lvRedeemRaWithCtDs()` function doesn't decrease the locked amount of `RA`

#221 sherlock-admin2 closed 2 months ago
0
KupiaSec - The `PsmLib.repurchase()` function doesn't increase the locked amount of `RA`

#220 sherlock-admin2 closed 2 months ago
0
KupiaSec - Incorrect implementation of the `PsmLib.unsafeIssueToLv()` function

#219 sherlock-admin2 closed 2 months ago
1
KupiaSec - In the `VaultLib.__calculateCtBalanceWithRate()` function, the last parameter used to invoke the `__calculateTotalRaAndCtBalanceWithReserve()` function is incorrect

#218 sherlock-admin2 closed 2 months ago
0
KupiaSec - Incorrect calculations of `ra` and `ct` in the `MathHelper.calculateProvideLiquidityAmountBasedOnCtPrice()` function

#217 sherlock-admin2 closed 1 month ago
10
KupiaSec - Improper resetting of `reservedDs` in the `VaultLib._redeemCtDsAndSellExcessCt()` function

#216 sherlock-admin2 closed 1 month ago
7
KupiaSec - The `DsFlashSwap.emptyReserve()` function incorrectly always returns 0

#215 sherlock-admin2 closed 2 months ago
0
KupiaSec - The `VaultLib.__liquidateUnchecked()` function unnecessarily reorders the already correctly ordered values of `raReceived` and `ctReceived` from `UniswapV2Router`

#214 sherlock-admin2 closed 1 month ago
57
KupiaSec - Incorrect `psmRa` in the `VaultLib._liquidatedLp()` function

#213 sherlock-admin2 closed 2 months ago
0
KupiaSec - Incorrect implementation of the modifier `LVDepositNotPaused()`

#212 sherlock-admin2 closed 2 months ago
0
0x73696d616f - Withdrawing all `lv` before expiry will lead to lost funds in the Vault

#211 sherlock-admin2 opened 2 months ago
3
0xaliyah - ERC20 approve is front-run able.

#210 sherlock-admin2 closed 2 months ago
1
Minato7namikazi - Risk of Misleading Users in `previewRedeemExpiredLv` function logic

#209 sherlock-admin2 closed 2 months ago
1
hunter_w3b - Inability to redeem remaining DS+PA after `redeemRaWithCt` call.

#208 sherlock-admin2 closed 2 months ago
1

Previous Next