sherlock-audit 2024-08-saffron-finance-judging issues

sherlock-audit / 2024-08-saffron-finance-judging

9 stars 5 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

0xBhumii - Potential Race Condition in `deposit` Function

#124 sherlock-admin3 opened 2 months ago
0
Albort - The incorrect use of calldata

#123 sherlock-admin2 opened 2 months ago
0
smbv-1923 - `getCalculateVariableWithdrawStateWithStakingBalance()` does not work under certain conditions

#122 sherlock-admin4 opened 2 months ago
0
patronasxd - Vault Balance Manipulation Through stETH Transfers

#121 sherlock-admin3 opened 2 months ago
0
Bluedragon - MultiSig Wallets Can't Receive Native ETH Due To The `transfer()` Function Gas Constraint Causing Variable Users Unable to Receive Their Pending Variable Amount.

#120 sherlock-admin2 opened 2 months ago
0
AresAudits - Logic Bug in deposit Function Prevents Vault from Reaching Full Capacity

#119 sherlock-admin4 opened 2 months ago
0
FadoBagi - FadoBagi - Incorrect Handling of fixedOngoingWithdrawalUsers Leads to Inconsistencies

#118 sherlock-admin3 opened 2 months ago
0
0xBhumii - Fixed-Side Capacity Calculation Error Leading to Unnecessary Deposit Rejections

#117 sherlock-admin2 opened 2 months ago
0
alexfu - Sandwich Attack Vulnerability and Comment-Code Discrepancy in `LidoVault.sol:deposit` Mechanism Leads to Protocol Malfunction and Poor User Experience

#116 sherlock-admin4 opened 2 months ago
0
fat32 - LidoVault contract has Lack of Access Control on the getFixedOngoingWithdrawalRequestIds Function

#115 sherlock-admin3 opened 2 months ago
0
0x73696d616f - Having exactly 0 steth when withdrawing via will DoS variable users withdrawing

#114 sherlock-admin2 opened 2 months ago
0
eeyore - Variable users will be penalized when withdrawing their compensation from a fixed user premature withdrawal before Vault end.

#113 sherlock-admin4 opened 2 months ago
0
eeyore - Fixed side users will not be able to withdraw during the `before the Vault starts` period in an edge case scenario.

#112 sherlock-admin3 opened 2 months ago
0
eeyore - Funds can become stuck in the contract due to a lack of validation on the maximum `fixedSideCapacity` value.

#111 sherlock-admin2 opened 2 months ago
0
0xCarlos - Disorderly verification vulnerability in minimum deposits.

#110 sherlock-admin4 opened 2 months ago
0
eeyore - Invalid calculations of total earnings can lead to a DoS due to an `ETF` error when withdrawing or cause a lock of funds for early withdrawal users.

#109 sherlock-admin3 opened 2 months ago
0
fat32 - LidoVault allows unauthorised actors to access sensitive data via getFixedOngoingWithdrawalRequestTimestamp function

#108 sherlock-admin2 opened 2 months ago
0
AresAudits - Re-Entrancy Risks in deposit Function

#107 sherlock-admin4 opened 2 months ago
0
0xloophole - Inaccurate Protocol Fee Calculation in Lido Vault

#106 sherlock-admin3 opened 2 months ago
0
0x73696d616f - Attacker will DoS `LidoVault` up to 36 days which will ruin expected apr for all parties involved

#105 sherlock-admin2 opened 2 months ago
1
FadoBagi - FadoBagi - Funds Can Become Stuck Due to Lido Withdrawal Minimums

#104 sherlock-admin4 opened 2 months ago
0
dagos - Withdrawal Function Reverts on Variable Side Withdrawal, after vault started, Due to Uninitialized variableToWithdrawnStakingEarningsInShares Mapping

#103 sherlock-admin3 opened 2 months ago
0
FadoBagi - FadoBagi - Funds Can Become Stuck Due to Lido Withdrawal Minimums

#102 sherlock-admin4 closed 2 months ago
0
PeterSR - OOG due to transfer

#101 sherlock-admin3 opened 2 months ago
0
AresAudits - Cross-Chain Replay Attack Vulnerability in createVault Function

#100 sherlock-admin2 opened 2 months ago
0
locoToe4301 - vault won't start due to capacities restriction

#99 sherlock-admin4 opened 2 months ago
0
bumble - Pending withdraw amounts cannot be claimed by inadequate smart contract

#98 sherlock-admin3 opened 2 months ago
0
DPS - FIXED side users receive part of the yield as well which results in losses for the VARIABLE side

#97 sherlock-admin2 opened 2 months ago
0
0x73696d616f - Lido slashing will cause losses to users withdrawing that were frontrunned by it due to missing slippage check

#96 sherlock-admin4 opened 2 months ago
0
0xCarlos - call()` should be used instead of `transfer()` on an `address payable

#95 sherlock-admin3 opened 2 months ago
0
0xBhumii - Potential Vulnerability in `Early Exit Fee` Calculation

#94 sherlock-admin2 opened 2 months ago
0
0xAdra - Potencial Reentrancy in LidoVault::deposit function

#93 sherlock-admin4 opened 2 months ago
0
0x73696d616f - Withdrawing after a slash event before the vault has ended will decrease `fixedSidestETHOnStartCapacity` by less than it should, so following users will withdraw more their initial deposit

#92 sherlock-admin3 opened 2 months ago
0
0xlexx2310 - Logical errors because of deleting the member of an array

#91 sherlock-admin2 opened 2 months ago
0
0x73696d616f - Lido slashing after requesting the ending withdrawal will affect the stETH shares / eth, leading to some users inability to withdraw

#90 sherlock-admin4 opened 2 months ago
1
0xlexx2310 - The contract will result in compilation error

#89 sherlock-admin3 opened 2 months ago
0
0xMaroutis - Incorrect `FixedEarlyExitFees` calculation leads to significantly reduced fees

#88 sherlock-admin2 opened 2 months ago
0
0x73696d616f - The amount withdrawn by an user does not discount the fee paid which will leave funds stuck when calling `LidoVault::VaultEndedWithdraw()`

#87 sherlock-admin4 opened 2 months ago
1
rmdanxyz - Fixed participants can claim more premium than expected

#86 sherlock-admin3 opened 2 months ago
0
0x73696d616f - `totalEarnings` is incorrect when withdrawing after ending which will withdraw too many funds leaving the `Vault` insolvent

#85 sherlock-admin2 opened 2 months ago
1
KungFuPanda - Due to using strict > comparison operator, accumulated Lido earnings are distributed with a delay

#84 sherlock-admin4 opened 2 months ago
0
vizay9652 - Vulnerability in `LidoVault::_claimWithdrawals` function: `unlockReceive` and `address(this).balance` leads to Potential Overpayments

#83 sherlock-admin3 opened 2 months ago
0
Albort - There is an issue with the management of the `fixedOngoingWithdrawalUsers` array.

#82 sherlock-admin2 opened 2 months ago
0
0xMaroutis - Fixed side deposits requirementscan lead to DOS and delayed vault start

#81 sherlock-admin4 opened 2 months ago
0
Greed - Potential DoS due to non-shrinking array usage in an unbounded loop

#80 sherlock-admin3 opened 2 months ago
0
novaman33 - There is a calculation error when accounting the totalEarnings of the variable side

#79 sherlock-admin2 opened 2 months ago
0
0xAlix2 - Variable users aren't able to withdraw the early exit fees if all the deposited amount was withdrawn before the vault end

#78 sherlock-admin4 opened 2 months ago
0
DPS - There will be cases where the last user needs to deposit much more than the minimum amount

#77 sherlock-admin3 opened 2 months ago
0
dinkras_ - some smart contract vault users will not be able to withdraw

#76 sherlock-admin2 opened 2 months ago
0
Albort - The internal function `claimFixedVaultOngoingWithdrawal` uses `msg.sender` instead of the passed `user` parameter.

#75 sherlock-admin4 opened 2 months ago
0

Previous Next