sherlock-audit 2024-08-saffron-finance-judging issues

sherlock-audit / 2024-08-saffron-finance-judging

9 stars 5 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

test123

#174 tinnohofficial closed 1 month ago
0
Exotic Lime Gecko - Incorrect Vault ID Assignment in VaultFactory

#173 sherlock-admin3 closed 1 month ago
0
Real Tangelo Lion - `block.timestamp` not faithfully representing in the emitted `VaultStarted` event in the `deposit` function.

#172 sherlock-admin4 closed 1 month ago
0
Scrawny Iron Tiger - Unused Events in LidoVault Smart Contract

#171 sherlock-admin2 closed 1 month ago
0
Albort - There be a logical error in the early exit fee calculation formula.

#170 sherlock-admin4 opened 1 month ago
0
branch_indigo - withdraw() has Inconsistent protocol fee accounting between vault ongoing and vault ends

#169 sherlock-admin3 opened 1 month ago
0
dhank - Incorrect calculation for `previousWithdrawnAmount` in withdraw() for variable Users while Vault is ongoing

#168 sherlock-admin2 opened 1 month ago
0
karsar - user who request withdraw before vault start balance is still accounted in the vault .

#167 sherlock-admin4 opened 1 month ago
0
SyncCode2017 - Transactions calling `LidoVault::finalizeVaultOngoingFixedWithdrawals` will fail if one of the requests for withdrawals to Lido reverts causing funds being stuck (DoS).

#166 sherlock-admin3 opened 1 month ago
0
0xrobsol - Incorrect withdrawal distribution due to improper adjustment logic when remaining stETH is below the minimum threshold

#165 sherlock-admin2 opened 1 month ago
0
Motomoto - Fixed users can't withdraw funds after calling claimFixedPremium upfront

#164 sherlock-admin4 opened 1 month ago
0
fat32 - LidoVault contract function named getVariableToVaultOngoingWithdrawalRequestIds exposes sensitive information

#163 sherlock-admin3 opened 1 month ago
0
tmotfl - Some user are not able to withdraw `variableToPendingWithdrawalAmount`

#162 sherlock-admin2 opened 1 month ago
0
dobrevaleri - Invalid `variableSideCapacity` will prevent the vault from starting

#161 sherlock-admin4 opened 1 month ago
0
0xrobsol - Users may incorrectly believe their withdrawal succeeded when transfer fails due to gas limit constraints.

#160 sherlock-admin3 opened 1 month ago
0
dhank - wrong calculation of `totalOwed ` for the variable Users in `getCalculateVariableWithdrawStateWithStakingBalance()`

#159 sherlock-admin2 opened 1 month ago
0
vizay9652 - strict equality check in `LidoVault::deposit` function prevents vault from starting.

#158 sherlock-admin4 opened 1 month ago
0
Minato7namikazi - Inaccurate Variable Withdraw Calculation in Slashing Scenarios

#157 sherlock-admin3 opened 1 month ago
0
YowiSec - Improper Handling of the Zero Address in LidoVault.sol Withdrawal Arrays Will Cause Denial of Service for Vault Participants

#156 sherlock-admin2 opened 1 month ago
0
engineer - `VaultFactory` despite importing `Ownable2Step` is not inheriting from it thereby leaving the owner transfership mechanism vulnerable

#155 sherlock-admin4 opened 1 month ago
0
fat32 - LidoVault contract allows any user to access the withdrawal request IDs of any other user on getFixedToVaultNotStartedWithdrawalRequestIds

#154 sherlock-admin3 opened 1 month ago
0
0xAdra - Potencial Denial of service in LidoVault::deposit

#153 sherlock-admin2 opened 1 month ago
0
dhank - Variable users can deposit amount less than `minimumDepositAmount` deviating from the protocols design.

#152 sherlock-admin4 opened 1 month ago
0
FadoBagi - FadoBagi - Lack of Validation on `earlyExitFeeBps`

#151 sherlock-admin3 opened 1 month ago
0
Minato7namikazi - Lido FIV Unfinalized Fixed Withdrawals Can Block Vault Finalization

#150 sherlock-admin2 opened 1 month ago
0
branch_indigo - Invalid protocolFeeReceiver check whenever the global protocolFeeReceiver address is reset

#149 sherlock-admin4 opened 1 month ago
0
engineer - Core vault parameters may be reset at any time by any user for any non-factory created `LidoVault`

#148 sherlock-admin3 opened 1 month ago
0
SyncCode2017 - Users funds will be stuck if many users request for withdrawal from the fixed side when the vault has started due to two unbounded array lengths in `LidoVault::finalizeVaultOngoingFixedWithdrawals`.

#147 sherlock-admin2 opened 1 month ago
0
tobi0x18 - Incorrect earning calculation while vault is in active

#146 sherlock-admin4 opened 1 month ago
0
0xrobsol - -

#145 sherlock-admin3 opened 1 month ago
0
dobrevaleri - Unaccounted protocol fee will lead to funds getting locked

#144 sherlock-admin2 opened 1 month ago
1
0xloophole - Insufficient Fixed-Side Capacity in Vault Creation Can Lead to Unusable Vaults

#143 sherlock-admin4 opened 1 month ago
0
importDev0x - Using `transfer` to send ETH is preventing contract users from making withdrawals.

#142 sherlock-admin3 opened 1 month ago
0
Minato7namikazi - Lido FIV Protocol Fee Receiver Can Bypass Variable Side Withdrawal Checks!

#141 sherlock-admin2 opened 1 month ago
0
FadoBagi - FadoBagi - Lack of Input Validation on Deposited Amounts

#140 sherlock-admin4 opened 1 month ago
0
AresAudits - Missing Check for variableSideCapacity != 0 in deposit Function

#139 sherlock-admin3 opened 1 month ago
0
0xloophole - Variable Side Interest Calculation Inaccuracy in Ended Vaults

#138 sherlock-admin2 opened 1 month ago
0
engineer - `LidoVault` created by `VaultFactory::createVault` can never be initialized. It also makes all the `VaultFactory` setters useless.

#137 sherlock-admin4 opened 1 month ago
0
tobi0x18 - An incorrect income distribution will lead to fund losses during slashing

#136 sherlock-admin3 opened 1 month ago
1
tobi0x18 - Rounding errors in the calculation of `variableToWithdrawnStakingEarningsInShares` will lead to lack of ethers in the vault

#135 sherlock-admin2 opened 1 month ago
0
dobrevaleri - Incorrect usage of shares will lead to insolvency

#134 sherlock-admin4 opened 1 month ago
0
0xloophole - Inconsistent Handling of Fixed Side Withdrawals in Ended Vaults

#133 sherlock-admin3 opened 1 month ago
0
FadoBagi - FadoBagi - Incorrect Implementation of the Vault Lifecycle Allows for Vault Never Starting

#132 sherlock-admin2 opened 1 month ago
0
durov - Use call() instead of transfer() when sending ETH in withdrawAmountVariablePending()

#131 sherlock-admin4 opened 1 month ago
0
tobi0x18 - Fixed-side depositors face potential losses due to unclear withdrawal amounts and early exit fees

#130 sherlock-admin3 opened 1 month ago
0
iamnmt - The incorrect accounting of protocol fee will cause double charging fee and wrong distribution of earnings for variable users

#129 sherlock-admin2 opened 1 month ago
1
Abhan1041 - Incorrect calculation in `getCalculateVariableWithdrawStateWithStakingBalance` function

#128 sherlock-admin4 opened 1 month ago
0
tobi0x18 - Fixed side depositors won't be eligible for referral rewards for depositing ETH

#127 sherlock-admin3 opened 1 month ago
0
0x73696d616f - Exit fees are not quadratically scalled as they should be which will allow fixed users to withdraw for less fees early on

#126 sherlock-admin2 opened 1 month ago
0
0xMaroutis - Withdrawals can be locked forever if recipient is a contract

#125 sherlock-admin4 opened 1 month ago
0