issues
search
sherlock-audit
/
2024-09-symmio-v0-8-4-update-contest-judging
0
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Petite Spruce Mammoth - Event emission before state change in `setSymmioAddress` function can lead to inconsistencies between the emitted event and the actual state of the contract in `SymmioPartyA.sol`
#76
sherlock-admin3
closed
1 week ago
0
Petite Spruce Mammoth - Using `SafeMath` increases gas costs unnecessarily without adding any extra safety in `LibLockedValues.sol`
#75
sherlock-admin4
closed
1 week ago
0
Petite Spruce Mammoth - Duplicate import of `LibAccessibility.sol` could introduce unnecessary compilation issues or code redundancy in `SettlementFacet.sol`
#74
sherlock-admin2
closed
1 week ago
0
Petite Spruce Mammoth - Gas inefficiency in `settleAndForceClosePosition` results in higher transaction costs and reduced throughput for users interacting with the contract in `ForceActionsFacet.sol`
#73
sherlock-admin3
closed
1 week ago
0
Petite Spruce Mammoth - Gas inefficiencies in loops (O(n²) complexity) can result in prohibitively high gas costs for users in `DiamondLoupFacet.sol`
#72
sherlock-admin4
closed
1 week ago
0
Petite Spruce Mammoth - Lack of role removal verification in `revokeRole` will lead to unnecessary storage writes and potential role management issues in `ControlFacet.sol`
#71
sherlock-admin2
closed
1 week ago
0
Petite Spruce Mammoth - Lack of validation for `bridgeAddress` and `amount` in `transferToBridge` will potentially lead to lose funds and DoS attacks by spamming transactions in `BridgeFacet.sol`
#70
sherlock-admin3
closed
1 week ago
0
Petite Spruce Mammoth - Gas optimization in `AccountFacetImpl.sol`
#69
sherlock-admin4
closed
1 week ago
0
Petite Spruce Mammoth - Lack of input validation on the `amount` parameter will lead to various unintended behaviors in `AccountFacet.sol`
#68
sherlock-admin2
closed
1 week ago
0
Albort - Duplicate Liquidators Leading to Incorrect Fee Distribution
#67
sherlock-admin4
opened
1 week ago
0
Gaurav2811 - Unchecked ERC20 Transfer Return Value Leads to Potential Fund Loss in Bridge Withdrawals : `BridgeFacetImpl.sol:withdrawReceivedBridgeValue`
#66
sherlock-admin3
opened
1 week ago
0
0xShoonya - Hash Collision Vulnerability in `verifyPartyBUpnl` Function of `LibMuon`
#65
sherlock-admin4
opened
1 week ago
0
OlaHamid - [M-1] DOS (denial of service) vulnerability in the nested loop within the `DiamondLoupFacet.sol:facets` function.
#64
sherlock-admin3
opened
1 week ago
0
OlaHamid - [H-2] Local var `numFacet` in the `DiamondLoupFacet.sol:facets` function is set to zero, desrupting the total logic of the code.
#63
sherlock-admin4
opened
1 week ago
0
Aycozzynfada - Missing Cooldown require statement in deallocateForPartyB Function
#62
sherlock-admin3
opened
1 week ago
0
OlaHamid - [H-1] RE-ENTRANCY attack in `Accout:AccountFacetImpl.sol` allow malicious actor to drain funds
#61
sherlock-admin4
opened
1 week ago
0
nikhil840096 - Deadline Bypass in Force Close Mechanism Leading to Exploitation
#60
sherlock-admin3
opened
1 week ago
0
Aycozzynfada - Denial of Service in Internal Transfer Function Due to PartyB Modifier
#59
sherlock-admin4
opened
1 week ago
0
carpark - The depositor can deposit for suspended user.
#58
sherlock-admin4
closed
1 week ago
0
air_0x - pending quotes and balances for Party B are not cleared
#57
sherlock-admin3
opened
1 week ago
0
Aycozzynfada - Allocate() is broken due to incorrect precision
#56
sherlock-admin4
opened
1 week ago
0
KungFuPanda - LibSettlement::settleUpnl will not revert with a correct "LibSettlement: Invalid partyBUpnlIndex in signature" message at the right time, leading to external integrations problems
#55
sherlock-admin3
opened
1 week ago
0
air_0x - dos through lockQuote( )
#54
sherlock-admin4
opened
1 week ago
0
xiaoming90 - Unsafe casting of `reserveAmount` from uint256 to int256
#53
sherlock-admin3
opened
1 week ago
0
xiaoming90 - Inconsistent in the liquidation fee leads to unfairness in liquidation process
#52
sherlock-admin4
opened
1 week ago
1
air_0x - abi.encodePacked Allows Hash Collision
#51
sherlock-admin3
opened
1 week ago
0
xiaoming90 - Emergency close might be blocked due to insufficient allocated balance
#50
sherlock-admin4
opened
1 week ago
1
xiaoming90 - Position's leverage factor can exceed the protocol's maximum allowable leverage
#49
sherlock-admin3
opened
1 week ago
0
xiaoming90 - Rounding error when computing `settleAmounts`
#48
sherlock-admin4
opened
1 week ago
0
xiaoming90 - An excessive number of user positions can be settled even if the shortfall allocated balance needed for fulfilling the close request is only a small amount
#47
sherlock-admin3
opened
1 week ago
1
xiaoming90 - PartyB can settle PartyA’s losing positions even when it is unnecessary and detrimental to Party A’s allocated balance
#46
sherlock-admin4
opened
1 week ago
1
xiaoming90 - PartyA can exploit the force close opportunity to settle other positions' uPNL that they have with other PartyBs/hedgers
#45
sherlock-admin3
opened
1 week ago
1
xiaoming90 - Ability to revoke access does not expire
#44
sherlock-admin4
opened
1 week ago
0
air_0x - User may lose funds when executing user operations
#43
sherlock-admin3
opened
1 week ago
0
xiaoming90 - Force Close can be DOSed by exploiting `settleUpnl` function
#42
sherlock-admin4
opened
1 week ago
0
xiaoming90 - Ineffective settlement cooldown measure
#41
sherlock-admin3
opened
1 week ago
0
xiaoming90 - Unauthorized PartyB could settle PNL of other PartyBs and users in the system
#40
sherlock-admin4
opened
1 week ago
1
xiaoming90 - `settleUpnl` function can be DOSed by other PartyBs/hedgers
#39
sherlock-admin3
opened
1 week ago
0
air_0x - fallback allows invalid facet addresses to be used
#38
sherlock-admin4
opened
1 week ago
0
danyilbalko - The withdrawFromReserveVault function must ensure arithmetic precision for the amount value
#37
sherlock-admin3
opened
1 week ago
0
danyilbalko - The depositToReserveVault function must ensure arithmetic precision for the amount value.
#36
sherlock-admin4
opened
1 week ago
1
danyilbalko - Service stopped due to incorrect judgment of array length and index in settleUpnl function error. (DoS)
#35
sherlock-admin3
opened
1 week ago
2
air_0x - AccountFacetImpl.sol:withdraw allows draining of funds
#34
sherlock-admin3
opened
1 week ago
0
nikhil840096 - Double Accounting of Liquidation Fees Leads to Inflated Balance Calculation and Solvency Bypass
#33
sherlock-admin3
opened
1 week ago
0
carpark - The withdraw function didn't do CEI.
#32
sherlock-admin3
closed
1 week ago
0
safdie - Unchecked low-level call in `_call` function will cause unexpected behavior of the contract `SymmioPartyA.sol`
#31
sherlock-admin3
opened
1 week ago
0
safdie - Immediate insolvency vulnerability in `isSolventAfterOpenPosition` function in `LibSolvency.sol`
#30
sherlock-admin3
opened
1 week ago
0
safdie - Precision issues for `pnl` and `fee` will cause incorrect financial decisions based on the wrong profit/loss values in `LibQuote.sol`
#29
sherlock-admin3
opened
1 week ago
0
safdie - Unchecked array bounds will cause an out-of-bounds error if `array_` is empty in `LibQuote.sol`
#28
sherlock-admin3
opened
1 week ago
0
safdie - The logic for determining the `feeCollector` will introduce unintended behavior if an invalid address is passed as the affiliate fee collector in `LibPartyBPositionsActions.sol`
#27
sherlock-admin3
opened
1 week ago
0
Next