issues
search
sherlock-audit
/
2024-08-woofi-solana-deployment-judging
0
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Passive Indigo Dolphin - Some ErrorCodes are not used throughout the codebase
#95
sherlock-admin4
closed
15 hours ago
0
Fluffy Burlap Lark - No event emission while changing states from pausing to unpausing or vice-versa
#94
sherlock-admin2
closed
15 hours ago
0
Passive Indigo Dolphin - Error messages due to constraint violation can be handled better
#93
sherlock-admin3
closed
15 hours ago
0
Cuddly Gauze Mustang - Any user will create rebate info on behalf of an authority
#92
sherlock-admin4
closed
15 hours ago
0
Little Aquamarine Jellyfish - Zero-Amount Swap Vulnerability in WOOFi Solana Protocol
#91
sherlock-admin3
opened
15 hours ago
0
Proud Wintergreen Butterfly - Lack of range checks in update_range_min and update_range_max functions can lead to wrong calculations
#90
sherlock-admin2
opened
15 hours ago
0
Little Aquamarine Jellyfish - Potential Loss of Precision in Swap Amount Conversion
#89
sherlock-admin4
opened
15 hours ago
0
Proud Wintergreen Butterfly - Missing error propagation in set_range_handler function can lead to wrong calculations
#88
sherlock-admin3
opened
15 hours ago
0
Proud Wintergreen Butterfly - DEFAULT_STALE_DURATION causing swap to revert
#87
sherlock-admin2
opened
15 hours ago
0
Proud Wintergreen Butterfly - Possible DOS of pools leading
#86
sherlock-admin4
opened
15 hours ago
0
Little Aquamarine Jellyfish - Unrestricted Access to Claim Rebate Fee Function
#85
sherlock-admin3
opened
15 hours ago
0
Proud Wintergreen Butterfly - Initialization functions of rebate_manager, woofi are front-runnable
#84
sherlock-admin2
opened
15 hours ago
1
Proud Wintergreen Butterfly - incase_token_got_stuck_handler does not update protocol state leading to corrupted state
#83
sherlock-admin4
opened
15 hours ago
0
Proud Wintergreen Butterfly - deposit function redundant check that may lead to DOS
#82
sherlock-admin3
opened
15 hours ago
0
Proud Wintergreen Butterfly - _quote_amount is always calculated with outdated price potentially leading to loss of funds
#81
sherlock-admin2
opened
15 hours ago
0
Zesty Sage Tapir - Potential for Unauthorized Rebate Adjustments in `AddSubRebate`
#80
sherlock-admin4
opened
15 hours ago
0
Zesty Sage Tapir - Inconsistent Authority Constraints in `ClaimRebateFee`
#79
sherlock-admin3
opened
15 hours ago
1
Scrawny Cobalt Goldfish - Withdraw/Redeem functions can fail due to blocked USDT/USDC accounts
#78
sherlock-admin2
opened
15 hours ago
0
Zesty Sage Tapir - Inconsistent Reserve Checks for Fee Deduction
#77
sherlock-admin4
opened
15 hours ago
0
Zesty Sage Tapir - Incorrect Fee Rate Selection
#76
sherlock-admin3
opened
15 hours ago
0
Passive Indigo Dolphin - Withdraw Instruction can withdraw total amount in pool(Including unclaimed_fees)
#75
sherlock-admin2
opened
15 hours ago
0
Zesty Sage Tapir - Potential Overflow in Decimals::new Functionb
#74
sherlock-admin4
opened
15 hours ago
0
Uneven Gingham Locust - State changes are overwritten during anchor serialization when two accounts are the same
#73
sherlock-admin3
opened
15 hours ago
0
Hot Paisley Copperhead - [med] Allowing admin_authority to create `RebateInfo` will create DoS for `ClaimRebateFee` instruction
#72
sherlock-admin2
opened
15 hours ago
0
Scrawny Cobalt Goldfish - precision loss in calc_quote_amount_sell_base.
#71
sherlock-admin4
opened
15 hours ago
0
Helpful Jetblack Snake - Swaps can happen without changing the price for the next trade due to gamma = 0
#70
sherlock-admin3
opened
15 hours ago
0
Fresh Pineapple Dalmatian - Malicious individuals can create corresponding rebate manage and rebate info accounts in advance
#69
sherlock-admin2
opened
15 hours ago
1
Strong Alabaster Leopard - claim_fee will be reverted because of insufficient balance
#68
sherlock-admin4
opened
15 hours ago
0
Scrawny Cobalt Goldfish - amount can be overflowed in deposit and withdraw.
#67
sherlock-admin3
opened
15 hours ago
0
Strong Alabaster Leopard - get_price function returns stale price
#66
sherlock-admin2
opened
15 hours ago
0
Glamorous Violet Chameleon - When withdrawing, the check that balance is enough for unclaimed fees is wrong
#65
sherlock-admin4
opened
15 hours ago
1
Glamorous Violet Chameleon - Quote pools are expected to have same base token and quote token but this is not enforced in swaps
#64
sherlock-admin3
opened
15 hours ago
1
Formal Charcoal Boa - The pool owner can claim all `unclaimed_fee` that has accrued in the pool, resulting in no protocol fee
#63
sherlock-admin2
opened
15 hours ago
1
Formal Charcoal Boa - In the `incase_token_got_stuck::incase_token_got_stuck_handler()` function, there is no limit on the amount of tokens that the pool owner can sweep from the pool, allowing them to even sweep any `unclaimed_fee` accrued in the pool
#62
sherlock-admin4
opened
15 hours ago
1
Helpful Jetblack Snake - A malicious user could profit by front-running the set_price_handler().
#61
sherlock-admin3
opened
15 hours ago
1
Uneven Gingham Locust - Gamma is rounded down, against the protocol, in calc_quote_amount_sell_base
#60
sherlock-admin2
opened
15 hours ago
1
Fresh Pineapple Dalmatian - Allow anyone to create new Wooracles and Woopools
#59
sherlock-admin4
opened
15 hours ago
1
Helpful Jetblack Snake - A malicious user can create multiple `rebate_manager` in advance
#58
sherlock-admin3
opened
15 hours ago
1
Fluffy Burlap Lark - Arbitrary permission initialization of wooracle contract
#57
sherlock-admin2
opened
15 hours ago
1
Helpful Jetblack Snake - There is an issue with the denomination of token and calculation formula of the swap fee in the swap() function.
#56
sherlock-admin4
opened
15 hours ago
1
Helpful Jetblack Snake - WOOFi Swap on Solana does not support the native token SOL.
#55
sherlock-admin3
opened
15 hours ago
1
Helpful Jetblack Snake - Missing permission control in create_oracle and create_pool.
#54
sherlock-admin2
opened
15 hours ago
1
Creamy Carrot Yeti - create_rebate_manager has no access control
#53
sherlock-admin4
opened
15 hours ago
1
Helpful Jetblack Snake - The protocol does not support token2022
#52
sherlock-admin3
opened
15 hours ago
1
Trendy Brick Stallion - Precision loss in `wooracle.rs`
#51
sherlock-admin2
opened
15 hours ago
1
Strong Magenta Loris - Missing Access Control in set_admin_authority Method
#50
sherlock-admin4
opened
15 hours ago
1
Strong Magenta Loris - Missing Initialization Check in initialize Method
#49
sherlock-admin3
opened
15 hours ago
1
Trendy Brick Stallion - authority is not validated in `create_rebate_manager.rs`
#48
sherlock-admin2
opened
15 hours ago
1
Trendy Brick Stallion - Incorrect check in `claim_fee.rs::claim_handler`
#47
sherlock-admin4
opened
15 hours ago
1
Uneven Gingham Locust - Dividing large swaps into smaller swaps does not update spread
#46
sherlock-admin3
opened
15 hours ago
1
Next