issues
search
sherlock-audit
/
2024-08-woofi-solana-deployment-judging
0
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Steep Ocean Swift - Missing signer check in `create_pool`
#45
sherlock-admin2
opened
13 hours ago
1
Steep Ocean Swift - Missing signer check in `create_wooracle`
#44
sherlock-admin4
opened
13 hours ago
1
Uneven Gingham Locust - Incorrect implementation of `query` function
#43
sherlock-admin3
opened
13 hours ago
1
Uneven Gingham Locust - WooFi program ignores Pyth price feed confidence interval
#42
sherlock-admin2
opened
13 hours ago
1
Creamy Carrot Yeti - Anybody can claim rebate fees
#41
sherlock-admin4
opened
13 hours ago
1
Uneven Gingham Locust - Swap function does not check `woopool_quote` is indeed a quote pool
#40
sherlock-admin3
opened
13 hours ago
1
Uneven Gingham Locust - Attacker can prevent WooFi admin from adding additional base tokens
#39
sherlock-admin2
opened
13 hours ago
1
Creamy Carrot Yeti - Missing access control in the create_config instruction
#38
sherlock-admin4
opened
13 hours ago
1
Uneven Gingham Locust - Attacker can DoS WooFi deployment
#37
sherlock-admin3
opened
13 hours ago
1
Creamy Carrot Yeti - Wooracle authority is incorrectly set
#36
sherlock-admin2
opened
13 hours ago
1
Creamy Carrot Yeti - Fees are inconsistently charged if the price direction quote -> base and base -> quote
#35
sherlock-admin4
opened
13 hours ago
1
Creamy Carrot Yeti - Permit functionality cannot be properly used in the contract
#34
sherlock-admin3
opened
13 hours ago
1
Cuddly Gauze Mustang - Attacker will create pool and oracle for token that are planned to be supported in the future
#33
sherlock-admin2
opened
13 hours ago
1
Cuddly Gauze Mustang - User will use external accounts for bypassing check in programs
#32
sherlock-admin4
opened
13 hours ago
1
Cuddly Gauze Mustang - Attacker will initialize WooOracle before the project
#31
sherlock-admin3
opened
13 hours ago
1
Cuddly Gauze Mustang - Any user will initialize WooFi program before the protocol
#30
sherlock-admin2
opened
13 hours ago
1
Fresh Pineapple Dalmatian - `rebate_info` and `rebate_manager` are unable to sign the CPI call due to an incorrect implementation of the `seeds` function
#29
sherlock-admin4
opened
13 hours ago
1
Uneven Tin Mongoose - The implementation of `get_price_impl` is incorrect.
#28
sherlock-admin3
opened
13 hours ago
1
Glamorous Violet Chameleon - Querying for the swap amounts does not account for the swap fee when the quote and base token are the same in the from Pool
#27
sherlock-admin2
opened
13 hours ago
1
Uneven Tin Mongoose - The calculation of `quote_amount` may result in discrepancies
#26
sherlock-admin4
opened
13 hours ago
1
Glamorous Violet Chameleon - Attacker can control Oracles and Pools by front-running their creation
#25
sherlock-admin3
opened
13 hours ago
1
Passive Indigo Dolphin - Wooracle timestamp not updated on initialization
#24
sherlock-admin2
opened
13 hours ago
1
Glamorous Violet Chameleon - Only 1 Oracle can be created for a base token due to not including the quote token in the oracle's seeds
#23
sherlock-admin4
opened
13 hours ago
1
Passive Indigo Dolphin - Pending Rebate and Woopool Unclaimed fee is of inapppropriate type
#22
sherlock-admin3
opened
13 hours ago
1
Tame Macaroon Tapir - Pyth prices are used without necessary precautions
#21
sherlock-admin2
opened
13 hours ago
1
Tame Macaroon Tapir - Constraints are not defined in set_only_owner_config.rs
#20
sherlock-admin4
opened
13 hours ago
1
Passive Indigo Dolphin - Rebate_to account not validated during Swapping
#19
sherlock-admin3
opened
13 hours ago
1
Glamorous Violet Chameleon - Transfers from the rebate manager's token vault always fail due to lack of bump seed
#18
sherlock-admin2
opened
13 hours ago
1
Glamorous Violet Chameleon - Rebate authority is unable to claim fee due to incorrect constraint not allowing rebate manager admin authority
#17
sherlock-admin4
opened
13 hours ago
1
Glamorous Violet Chameleon - Attacker can control rebate managers for supported tokens since there is only 1 rebate manager per quote token
#16
sherlock-admin3
opened
13 hours ago
1
Passive Indigo Dolphin - DOS vulnerability due to Global WooConfig Account
#15
sherlock-admin2
opened
13 hours ago
1
Cuddly Gauze Mustang - Any user will gain authority on RebateManager
#14
sherlock-admin4
opened
13 hours ago
1
Cuddly Gauze Mustang - An admin authority initializing RebateInfo will make claim_rebate_fee unusable
#13
sherlock-admin3
opened
13 hours ago
1
Creamy Carrot Yeti - Spread is not updated for base tokens when performing base to base swap
#12
sherlock-admin2
opened
13 hours ago
1
Fast Sand Millipede - get_price.rs - Missing Ownership Validation on Oracle Accounts
#11
sherlock-admin4
opened
13 hours ago
1
Fast Sand Millipede - Improper Decimal Scaling in Cross-Price Calculation
#10
sherlock-admin3
opened
13 hours ago
1
Creamy Carrot Yeti - Fallback oracle is not used if the wo_price is not feasible and is not in bounds
#9
sherlock-admin2
opened
13 hours ago
1
Creamy Carrot Yeti - wo_price_in_bound has incorrect check implementation
#8
sherlock-admin4
opened
13 hours ago
1
Creamy Carrot Yeti - Incorrect checking of the feasible wo_price
#7
sherlock-admin3
opened
13 hours ago
1
Creamy Carrot Yeti - Fees are not transferred to the woopool_quote.token_vault after the swap
#6
sherlock-admin2
opened
13 hours ago
1
Creamy Carrot Yeti - Swap fees are only taken for the first swap
#5
sherlock-admin4
opened
13 hours ago
1
Creamy Carrot Yeti - Swap fees are not correctly handled as they are substracted from the woopool_quote reserves
#4
sherlock-admin3
opened
13 hours ago
1
Creamy Carrot Yeti - from_amount is not validated properly
#3
sherlock-admin2
opened
13 hours ago
1
Creamy Carrot Yeti - swap_fee is incorrectly calculated for the quote_amount
#2
sherlock-admin4
opened
13 hours ago
1
Creamy Carrot Yeti - UnPause struct has no check for the pause_authority
#1
sherlock-admin3
opened
13 hours ago
1
Previous