issues
search
sherlock-audit
/
2024-08-saffron-finance-judging
9
stars
5
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
test123
#174
tinnohofficial
closed
1 month ago
0
Exotic Lime Gecko - Incorrect Vault ID Assignment in VaultFactory
#173
sherlock-admin3
closed
1 month ago
0
Real Tangelo Lion - `block.timestamp` not faithfully representing in the emitted `VaultStarted` event in the `deposit` function.
#172
sherlock-admin4
closed
1 month ago
0
Scrawny Iron Tiger - Unused Events in LidoVault Smart Contract
#171
sherlock-admin2
closed
1 month ago
0
Albort - There be a logical error in the early exit fee calculation formula.
#170
sherlock-admin4
opened
1 month ago
0
branch_indigo - withdraw() has Inconsistent protocol fee accounting between vault ongoing and vault ends
#169
sherlock-admin3
opened
1 month ago
0
dhank - Incorrect calculation for `previousWithdrawnAmount` in withdraw() for variable Users while Vault is ongoing
#168
sherlock-admin2
opened
1 month ago
0
karsar - user who request withdraw before vault start balance is still accounted in the vault .
#167
sherlock-admin4
opened
1 month ago
0
SyncCode2017 - Transactions calling `LidoVault::finalizeVaultOngoingFixedWithdrawals` will fail if one of the requests for withdrawals to Lido reverts causing funds being stuck (DoS).
#166
sherlock-admin3
opened
1 month ago
0
0xrobsol - Incorrect withdrawal distribution due to improper adjustment logic when remaining stETH is below the minimum threshold
#165
sherlock-admin2
opened
1 month ago
0
Motomoto - Fixed users can't withdraw funds after calling claimFixedPremium upfront
#164
sherlock-admin4
opened
1 month ago
0
fat32 - LidoVault contract function named getVariableToVaultOngoingWithdrawalRequestIds exposes sensitive information
#163
sherlock-admin3
opened
1 month ago
0
tmotfl - Some user are not able to withdraw `variableToPendingWithdrawalAmount`
#162
sherlock-admin2
opened
1 month ago
0
dobrevaleri - Invalid `variableSideCapacity` will prevent the vault from starting
#161
sherlock-admin4
opened
1 month ago
0
0xrobsol - Users may incorrectly believe their withdrawal succeeded when transfer fails due to gas limit constraints.
#160
sherlock-admin3
opened
1 month ago
0
dhank - wrong calculation of `totalOwed ` for the variable Users in `getCalculateVariableWithdrawStateWithStakingBalance()`
#159
sherlock-admin2
opened
1 month ago
0
vizay9652 - strict equality check in `LidoVault::deposit` function prevents vault from starting.
#158
sherlock-admin4
opened
1 month ago
0
Minato7namikazi - Inaccurate Variable Withdraw Calculation in Slashing Scenarios
#157
sherlock-admin3
opened
1 month ago
0
YowiSec - Improper Handling of the Zero Address in LidoVault.sol Withdrawal Arrays Will Cause Denial of Service for Vault Participants
#156
sherlock-admin2
opened
1 month ago
0
engineer - `VaultFactory` despite importing `Ownable2Step` is not inheriting from it thereby leaving the owner transfership mechanism vulnerable
#155
sherlock-admin4
opened
1 month ago
0
fat32 - LidoVault contract allows any user to access the withdrawal request IDs of any other user on getFixedToVaultNotStartedWithdrawalRequestIds
#154
sherlock-admin3
opened
1 month ago
0
0xAdra - Potencial Denial of service in LidoVault::deposit
#153
sherlock-admin2
opened
1 month ago
0
dhank - Variable users can deposit amount less than `minimumDepositAmount` deviating from the protocols design.
#152
sherlock-admin4
opened
1 month ago
0
FadoBagi - FadoBagi - Lack of Validation on `earlyExitFeeBps`
#151
sherlock-admin3
opened
1 month ago
0
Minato7namikazi - Lido FIV Unfinalized Fixed Withdrawals Can Block Vault Finalization
#150
sherlock-admin2
opened
1 month ago
0
branch_indigo - Invalid protocolFeeReceiver check whenever the global protocolFeeReceiver address is reset
#149
sherlock-admin4
opened
1 month ago
0
engineer - Core vault parameters may be reset at any time by any user for any non-factory created `LidoVault`
#148
sherlock-admin3
opened
1 month ago
0
SyncCode2017 - Users funds will be stuck if many users request for withdrawal from the fixed side when the vault has started due to two unbounded array lengths in `LidoVault::finalizeVaultOngoingFixedWithdrawals`.
#147
sherlock-admin2
opened
1 month ago
0
tobi0x18 - Incorrect earning calculation while vault is in active
#146
sherlock-admin4
opened
1 month ago
0
0xrobsol - -
#145
sherlock-admin3
opened
1 month ago
0
dobrevaleri - Unaccounted protocol fee will lead to funds getting locked
#144
sherlock-admin2
opened
1 month ago
1
0xloophole - Insufficient Fixed-Side Capacity in Vault Creation Can Lead to Unusable Vaults
#143
sherlock-admin4
opened
1 month ago
0
importDev0x - Using `transfer` to send ETH is preventing contract users from making withdrawals.
#142
sherlock-admin3
opened
1 month ago
0
Minato7namikazi - Lido FIV Protocol Fee Receiver Can Bypass Variable Side Withdrawal Checks!
#141
sherlock-admin2
opened
1 month ago
0
FadoBagi - FadoBagi - Lack of Input Validation on Deposited Amounts
#140
sherlock-admin4
opened
1 month ago
0
AresAudits - Missing Check for variableSideCapacity != 0 in deposit Function
#139
sherlock-admin3
opened
1 month ago
0
0xloophole - Variable Side Interest Calculation Inaccuracy in Ended Vaults
#138
sherlock-admin2
opened
1 month ago
0
engineer - `LidoVault` created by `VaultFactory::createVault` can never be initialized. It also makes all the `VaultFactory` setters useless.
#137
sherlock-admin4
opened
1 month ago
0
tobi0x18 - An incorrect income distribution will lead to fund losses during slashing
#136
sherlock-admin3
opened
1 month ago
1
tobi0x18 - Rounding errors in the calculation of `variableToWithdrawnStakingEarningsInShares` will lead to lack of ethers in the vault
#135
sherlock-admin2
opened
1 month ago
0
dobrevaleri - Incorrect usage of shares will lead to insolvency
#134
sherlock-admin4
opened
1 month ago
0
0xloophole - Inconsistent Handling of Fixed Side Withdrawals in Ended Vaults
#133
sherlock-admin3
opened
1 month ago
0
FadoBagi - FadoBagi - Incorrect Implementation of the Vault Lifecycle Allows for Vault Never Starting
#132
sherlock-admin2
opened
1 month ago
0
durov - Use call() instead of transfer() when sending ETH in withdrawAmountVariablePending()
#131
sherlock-admin4
opened
1 month ago
0
tobi0x18 - Fixed-side depositors face potential losses due to unclear withdrawal amounts and early exit fees
#130
sherlock-admin3
opened
1 month ago
0
iamnmt - The incorrect accounting of protocol fee will cause double charging fee and wrong distribution of earnings for variable users
#129
sherlock-admin2
opened
1 month ago
1
Abhan1041 - Incorrect calculation in `getCalculateVariableWithdrawStateWithStakingBalance` function
#128
sherlock-admin4
opened
1 month ago
0
tobi0x18 - Fixed side depositors won't be eligible for referral rewards for depositing ETH
#127
sherlock-admin3
opened
1 month ago
0
0x73696d616f - Exit fees are not quadratically scalled as they should be which will allow fixed users to withdraw for less fees early on
#126
sherlock-admin2
opened
1 month ago
0
0xMaroutis - Withdrawals can be locked forever if recipient is a contract
#125
sherlock-admin4
opened
1 month ago
0
Next