issues
search
sherlock-audit
/
2024-09-symmio-v0-8-4-update-contest-judging
0
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
safdie - Front-running vulnarebility with the `closedPrice`, `openedPrice`, and `filledAmount` parameters will allow an attacker monitor the mempool and attempt to front-run legitimate transactions in `LibPartyBPositionsActions.sol`
#26
sherlock-admin3
opened
1 week ago
0
safdie - `ecrecover` and Pre-EIP-155 replay attack could be reused signatures across different chains by attacker in `LibMuonV04ClientBase.sol`
#25
sherlock-admin3
opened
1 week ago
0
safdie - Zero address and trivial inputs could affect contract logic relying on signature validation in `LibMuonV04ClientBase.sol`
#24
sherlock-admin3
opened
1 week ago
0
safdie - Logic error in `totalForPartyA()` and `totalForPartyB()` leads to inflated locked balances in `LibLockedValues.sol`
#23
sherlock-admin3
opened
1 week ago
0
safdie - Reentrancy attack allow an attacker to drain funds by repeatedly calling the liquidation function in `LibLiquidation.sol`
#22
sherlock-admin3
opened
1 week ago
0
safdie - Data encoding problem lead to a hash collision in `LibMuonSettlement.sol`
#21
sherlock-admin3
opened
1 week ago
0
safdie - Inconsistent liquidation state could result in incorrect liquidation handling or an incomplete process in `DeferredLiquidationFacetImpl.sol`
#20
sherlock-admin3
opened
1 week ago
0
safdie - Lack of `require` for quote validity in `lockQuote` allow attackers to attempt to lock already-locked quotes or expired quotes in `PartyBQuoteActionsFacetImpl.sol`
#19
sherlock-admin3
opened
1 week ago
0
safdie - Arbitrary withdrawal/balance manipulation in `acceptCancelRequest` will lead to incorrect balance deductions or unintended refund in `PartyBQuoteActionsFacetImpl.sol `
#18
sherlock-admin3
opened
1 week ago
0
ghufranhassan - Potential Denial Of Service in ForceActionsFacet::settleAndForceClosePosition function
#17
sherlock-admin3
opened
1 week ago
0
AuditorPraise - create2 works differently on ZkSync Era
#16
sherlock-admin3
opened
1 week ago
0
MIQUINHO - transferToBridge is missing some checks for amount it can be zero
#15
sherlock-admin3
opened
1 week ago
0
safdie - Incomplete validation of `filledAmount` will lead to bypassing position size limits in `PartyBPositionActionsFacet.sol`
#14
sherlock-admin4
opened
1 week ago
0
safdie - Inconsistent handling of rates signs leading to large shifts in `partyAAvailableBalance` or `partyBAvailableBalance` in `FundingRateFacetImpl.sol`
#13
sherlock-admin4
opened
1 week ago
0
safdie - Time manipulation via `block.timestamp` will allow miners to manipulate `block.timestamp` to shift funding rate calculations in `FundingRateFacetImpl.sol`
#12
sherlock-admin4
opened
1 week ago
0
safdie - Inconsistent cooldown validation in `forceClosePosition` function allows users to exploit timing discrepancies in `ForceActionsFacetImpl.sol`
#11
sherlock-admin4
opened
1 week ago
0
safdie - Signature replay attack in `forceClosePosition` function allow an attacker reuse a valid signature in `ForceActionsFacet.sol`
#10
sherlock-admin4
opened
1 week ago
0
safdie - Lack of proper input validation for `quoteId` could lead to unexpected behavior and DoS in `ForceActionsFacet.sol`
#9
sherlock-admin4
opened
1 week ago
0
safdie - Large array allocation without trimming lead to a large waste of gas, or in the worst-case scenario, a denial-of-service (DoS) attack if the arrays become too large in `DiamondLoupFacet.sol`
#8
sherlock-admin4
opened
1 week ago
0
safdie - Lack of input validation for `facetAddress()` function will allow attackers pass arbitrary selectors and flood the contract with useless function calls in `DiamondLoupFacet.sol`
#7
sherlock-admin4
opened
1 week ago
0
safdie - Race conditions/cooldown manipulation on `withdraw` function may allow an attacker to manipulate or bypass the cooldown period in `AccountFacetImpl.sol`
#6
sherlock-admin4
opened
1 week ago
0
safdie - Inadequate handling of suspended transactions could allow suspended transactions to still be withdrawn in `BridgeFacetImpl.sol`
#5
sherlock-admin4
opened
1 week ago
0
safdie - Replay attack on `withdrawReceivedBridgeValue` and `withdrawReceivedBridgeValues` will allow attacker to withdraw more than they are entitled to by replaying or reusing transaction IDs in `BridgeFacet.sol`
#4
sherlock-admin4
opened
1 week ago
0
safdie - Withdrawal logic lacks sufficient validations will lead to manipulate or bypass withdrawal mechanisms in `AccountFacetImpl.sol`
#3
sherlock-admin4
opened
1 week ago
0
safdie - Unauthorized facet functionality will let attackers to gain access to restricted functions in `LibDiamond.sol`
#2
sherlock-admin4
opened
1 week ago
0
safdie - `ReplaceFunctions` does not update selectors will lead to confusion or issues during retrieval or iteration in `LibDiamond.sol`
#1
sherlock-admin4
opened
1 week ago
0
Previous