sherlock-audit 2024-09-symmio-v0-8-4-update-contest-judging issues

sherlock-audit / 2024-09-symmio-v0-8-4-update-contest-judging

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Petite Spruce Mammoth - Event emission before state change in `setSymmioAddress` function can lead to inconsistencies between the emitted event and the actual state of the contract in `SymmioPartyA.sol`

#76 sherlock-admin3 closed 1 week ago
0
Petite Spruce Mammoth - Using `SafeMath` increases gas costs unnecessarily without adding any extra safety in `LibLockedValues.sol`

#75 sherlock-admin4 closed 1 week ago
0
Petite Spruce Mammoth - Duplicate import of `LibAccessibility.sol` could introduce unnecessary compilation issues or code redundancy in `SettlementFacet.sol`

#74 sherlock-admin2 closed 1 week ago
0
Petite Spruce Mammoth - Gas inefficiency in `settleAndForceClosePosition` results in higher transaction costs and reduced throughput for users interacting with the contract in `ForceActionsFacet.sol`

#73 sherlock-admin3 closed 1 week ago
0
Petite Spruce Mammoth - Gas inefficiencies in loops (O(n²) complexity) can result in prohibitively high gas costs for users in `DiamondLoupFacet.sol`

#72 sherlock-admin4 closed 1 week ago
0
Petite Spruce Mammoth - Lack of role removal verification in `revokeRole` will lead to unnecessary storage writes and potential role management issues in `ControlFacet.sol`

#71 sherlock-admin2 closed 1 week ago
0
Petite Spruce Mammoth - Lack of validation for `bridgeAddress` and `amount` in `transferToBridge` will potentially lead to lose funds and DoS attacks by spamming transactions in `BridgeFacet.sol`

#70 sherlock-admin3 closed 1 week ago
0
Petite Spruce Mammoth - Gas optimization in `AccountFacetImpl.sol`

#69 sherlock-admin4 closed 1 week ago
0
Petite Spruce Mammoth - Lack of input validation on the `amount` parameter will lead to various unintended behaviors in `AccountFacet.sol`

#68 sherlock-admin2 closed 1 week ago
0
Albort - Duplicate Liquidators Leading to Incorrect Fee Distribution

#67 sherlock-admin4 opened 1 week ago
0
Gaurav2811 - Unchecked ERC20 Transfer Return Value Leads to Potential Fund Loss in Bridge Withdrawals : `BridgeFacetImpl.sol:withdrawReceivedBridgeValue`

#66 sherlock-admin3 opened 1 week ago
0
0xShoonya - Hash Collision Vulnerability in `verifyPartyBUpnl` Function of `LibMuon`

#65 sherlock-admin4 opened 1 week ago
0
OlaHamid - [M-1] DOS (denial of service) vulnerability in the nested loop within the `DiamondLoupFacet.sol:facets` function.

#64 sherlock-admin3 opened 1 week ago
0
OlaHamid - [H-2] Local var `numFacet` in the `DiamondLoupFacet.sol:facets` function is set to zero, desrupting the total logic of the code.

#63 sherlock-admin4 opened 1 week ago
0
Aycozzynfada - Missing Cooldown require statement in deallocateForPartyB Function

#62 sherlock-admin3 opened 1 week ago
0
OlaHamid - [H-1] RE-ENTRANCY attack in `Accout:AccountFacetImpl.sol` allow malicious actor to drain funds

#61 sherlock-admin4 opened 1 week ago
0
nikhil840096 - Deadline Bypass in Force Close Mechanism Leading to Exploitation

#60 sherlock-admin3 opened 1 week ago
0
Aycozzynfada - Denial of Service in Internal Transfer Function Due to PartyB Modifier

#59 sherlock-admin4 opened 1 week ago
0
carpark - The depositor can deposit for suspended user.

#58 sherlock-admin4 closed 1 week ago
0
air_0x - pending quotes and balances for Party B are not cleared

#57 sherlock-admin3 opened 1 week ago
0
Aycozzynfada - Allocate() is broken due to incorrect precision

#56 sherlock-admin4 opened 1 week ago
0
KungFuPanda - LibSettlement::settleUpnl will not revert with a correct "LibSettlement: Invalid partyBUpnlIndex in signature" message at the right time, leading to external integrations problems

#55 sherlock-admin3 opened 1 week ago
0
air_0x - dos through lockQuote( )

#54 sherlock-admin4 opened 1 week ago
0
xiaoming90 - Unsafe casting of `reserveAmount` from uint256 to int256

#53 sherlock-admin3 opened 1 week ago
0
xiaoming90 - Inconsistent in the liquidation fee leads to unfairness in liquidation process

#52 sherlock-admin4 opened 1 week ago
1
air_0x - abi.encodePacked Allows Hash Collision

#51 sherlock-admin3 opened 1 week ago
0
xiaoming90 - Emergency close might be blocked due to insufficient allocated balance

#50 sherlock-admin4 opened 1 week ago
1
xiaoming90 - Position's leverage factor can exceed the protocol's maximum allowable leverage

#49 sherlock-admin3 opened 1 week ago
0
xiaoming90 - Rounding error when computing `settleAmounts`

#48 sherlock-admin4 opened 1 week ago
0
xiaoming90 - An excessive number of user positions can be settled even if the shortfall allocated balance needed for fulfilling the close request is only a small amount

#47 sherlock-admin3 opened 1 week ago
1
xiaoming90 - PartyB can settle PartyA’s losing positions even when it is unnecessary and detrimental to Party A’s allocated balance

#46 sherlock-admin4 opened 1 week ago
1
xiaoming90 - PartyA can exploit the force close opportunity to settle other positions' uPNL that they have with other PartyBs/hedgers

#45 sherlock-admin3 opened 1 week ago
1
xiaoming90 - Ability to revoke access does not expire

#44 sherlock-admin4 opened 1 week ago
0
air_0x - User may lose funds when executing user operations

#43 sherlock-admin3 opened 1 week ago
0
xiaoming90 - Force Close can be DOSed by exploiting `settleUpnl` function

#42 sherlock-admin4 opened 1 week ago
0
xiaoming90 - Ineffective settlement cooldown measure

#41 sherlock-admin3 opened 1 week ago
0
xiaoming90 - Unauthorized PartyB could settle PNL of other PartyBs and users in the system

#40 sherlock-admin4 opened 1 week ago
1
xiaoming90 - `settleUpnl` function can be DOSed by other PartyBs/hedgers

#39 sherlock-admin3 opened 1 week ago
0
air_0x - fallback allows invalid facet addresses to be used

#38 sherlock-admin4 opened 1 week ago
0
danyilbalko - The withdrawFromReserveVault function must ensure arithmetic precision for the amount value

#37 sherlock-admin3 opened 1 week ago
0
danyilbalko - The depositToReserveVault function must ensure arithmetic precision for the amount value.

#36 sherlock-admin4 opened 1 week ago
1
danyilbalko - Service stopped due to incorrect judgment of array length and index in settleUpnl function error. (DoS)

#35 sherlock-admin3 opened 1 week ago
2
air_0x - AccountFacetImpl.sol:withdraw allows draining of funds

#34 sherlock-admin3 opened 1 week ago
0
nikhil840096 - Double Accounting of Liquidation Fees Leads to Inflated Balance Calculation and Solvency Bypass

#33 sherlock-admin3 opened 1 week ago
0
carpark - The withdraw function didn't do CEI.

#32 sherlock-admin3 closed 1 week ago
0
safdie - Unchecked low-level call in `_call` function will cause unexpected behavior of the contract `SymmioPartyA.sol`

#31 sherlock-admin3 opened 1 week ago
0
safdie - Immediate insolvency vulnerability in `isSolventAfterOpenPosition` function in `LibSolvency.sol`

#30 sherlock-admin3 opened 1 week ago
0
safdie - Precision issues for `pnl` and `fee` will cause incorrect financial decisions based on the wrong profit/loss values in `LibQuote.sol`

#29 sherlock-admin3 opened 1 week ago
0
safdie - Unchecked array bounds will cause an out-of-bounds error if `array_` is empty in `LibQuote.sol`

#28 sherlock-admin3 opened 1 week ago
0
safdie - The logic for determining the `feeCollector` will introduce unintended behavior if an invalid address is passed as the affiliate fee collector in `LibPartyBPositionsActions.sol`

#27 sherlock-admin3 opened 1 week ago
0