sherlock-audit 2024-08-woofi-solana-deployment-judging issues

sherlock-audit / 2024-08-woofi-solana-deployment-judging

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Steep Ocean Swift - Missing signer check in `create_pool`

#45 sherlock-admin2 opened 13 hours ago
1
Steep Ocean Swift - Missing signer check in `create_wooracle`

#44 sherlock-admin4 opened 13 hours ago
1
Uneven Gingham Locust - Incorrect implementation of `query` function

#43 sherlock-admin3 opened 13 hours ago
1
Uneven Gingham Locust - WooFi program ignores Pyth price feed confidence interval

#42 sherlock-admin2 opened 13 hours ago
1
Creamy Carrot Yeti - Anybody can claim rebate fees

#41 sherlock-admin4 opened 13 hours ago
1
Uneven Gingham Locust - Swap function does not check `woopool_quote` is indeed a quote pool

#40 sherlock-admin3 opened 13 hours ago
1
Uneven Gingham Locust - Attacker can prevent WooFi admin from adding additional base tokens

#39 sherlock-admin2 opened 13 hours ago
1
Creamy Carrot Yeti - Missing access control in the create_config instruction

#38 sherlock-admin4 opened 13 hours ago
1
Uneven Gingham Locust - Attacker can DoS WooFi deployment

#37 sherlock-admin3 opened 13 hours ago
1
Creamy Carrot Yeti - Wooracle authority is incorrectly set

#36 sherlock-admin2 opened 13 hours ago
1
Creamy Carrot Yeti - Fees are inconsistently charged if the price direction quote -> base and base -> quote

#35 sherlock-admin4 opened 13 hours ago
1
Creamy Carrot Yeti - Permit functionality cannot be properly used in the contract

#34 sherlock-admin3 opened 13 hours ago
1
Cuddly Gauze Mustang - Attacker will create pool and oracle for token that are planned to be supported in the future

#33 sherlock-admin2 opened 13 hours ago
1
Cuddly Gauze Mustang - User will use external accounts for bypassing check in programs

#32 sherlock-admin4 opened 13 hours ago
1
Cuddly Gauze Mustang - Attacker will initialize WooOracle before the project

#31 sherlock-admin3 opened 13 hours ago
1
Cuddly Gauze Mustang - Any user will initialize WooFi program before the protocol

#30 sherlock-admin2 opened 13 hours ago
1
Fresh Pineapple Dalmatian - `rebate_info` and `rebate_manager` are unable to sign the CPI call due to an incorrect implementation of the `seeds` function

#29 sherlock-admin4 opened 13 hours ago
1
Uneven Tin Mongoose - The implementation of `get_price_impl` is incorrect.

#28 sherlock-admin3 opened 13 hours ago
1
Glamorous Violet Chameleon - Querying for the swap amounts does not account for the swap fee when the quote and base token are the same in the from Pool

#27 sherlock-admin2 opened 13 hours ago
1
Uneven Tin Mongoose - The calculation of `quote_amount` may result in discrepancies

#26 sherlock-admin4 opened 13 hours ago
1
Glamorous Violet Chameleon - Attacker can control Oracles and Pools by front-running their creation

#25 sherlock-admin3 opened 13 hours ago
1
Passive Indigo Dolphin - Wooracle timestamp not updated on initialization

#24 sherlock-admin2 opened 13 hours ago
1
Glamorous Violet Chameleon - Only 1 Oracle can be created for a base token due to not including the quote token in the oracle's seeds

#23 sherlock-admin4 opened 13 hours ago
1
Passive Indigo Dolphin - Pending Rebate and Woopool Unclaimed fee is of inapppropriate type

#22 sherlock-admin3 opened 13 hours ago
1
Tame Macaroon Tapir - Pyth prices are used without necessary precautions

#21 sherlock-admin2 opened 13 hours ago
1
Tame Macaroon Tapir - Constraints are not defined in set_only_owner_config.rs

#20 sherlock-admin4 opened 13 hours ago
1
Passive Indigo Dolphin - Rebate_to account not validated during Swapping

#19 sherlock-admin3 opened 13 hours ago
1
Glamorous Violet Chameleon - Transfers from the rebate manager's token vault always fail due to lack of bump seed

#18 sherlock-admin2 opened 13 hours ago
1
Glamorous Violet Chameleon - Rebate authority is unable to claim fee due to incorrect constraint not allowing rebate manager admin authority

#17 sherlock-admin4 opened 13 hours ago
1
Glamorous Violet Chameleon - Attacker can control rebate managers for supported tokens since there is only 1 rebate manager per quote token

#16 sherlock-admin3 opened 13 hours ago
1
Passive Indigo Dolphin - DOS vulnerability due to Global WooConfig Account

#15 sherlock-admin2 opened 13 hours ago
1
Cuddly Gauze Mustang - Any user will gain authority on RebateManager

#14 sherlock-admin4 opened 13 hours ago
1
Cuddly Gauze Mustang - An admin authority initializing RebateInfo will make claim_rebate_fee unusable

#13 sherlock-admin3 opened 13 hours ago
1
Creamy Carrot Yeti - Spread is not updated for base tokens when performing base to base swap

#12 sherlock-admin2 opened 13 hours ago
1
Fast Sand Millipede - get_price.rs - Missing Ownership Validation on Oracle Accounts

#11 sherlock-admin4 opened 13 hours ago
1
Fast Sand Millipede - Improper Decimal Scaling in Cross-Price Calculation

#10 sherlock-admin3 opened 13 hours ago
1
Creamy Carrot Yeti - Fallback oracle is not used if the wo_price is not feasible and is not in bounds

#9 sherlock-admin2 opened 13 hours ago
1
Creamy Carrot Yeti - wo_price_in_bound has incorrect check implementation

#8 sherlock-admin4 opened 13 hours ago
1
Creamy Carrot Yeti - Incorrect checking of the feasible wo_price

#7 sherlock-admin3 opened 13 hours ago
1
Creamy Carrot Yeti - Fees are not transferred to the woopool_quote.token_vault after the swap

#6 sherlock-admin2 opened 13 hours ago
1
Creamy Carrot Yeti - Swap fees are only taken for the first swap

#5 sherlock-admin4 opened 13 hours ago
1
Creamy Carrot Yeti - Swap fees are not correctly handled as they are substracted from the woopool_quote reserves

#4 sherlock-admin3 opened 13 hours ago
1
Creamy Carrot Yeti - from_amount is not validated properly

#3 sherlock-admin2 opened 13 hours ago
1
Creamy Carrot Yeti - swap_fee is incorrectly calculated for the quote_amount

#2 sherlock-admin4 opened 13 hours ago
1
Creamy Carrot Yeti - UnPause struct has no check for the pause_authority

#1 sherlock-admin3 opened 13 hours ago
1