Skip to content

Issues: sherlock-audit/2024-06-new-scope-judging

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

30 Open 506 Closed
30 Open 506 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

ether_sky - The repayment process in the NFTPositionManager can sometimes be reverted Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A Medium severity issue. Reward A payout will be made for this issue
#488 opened Sep 10, 2024 by sherlock-admin4
KupiaSec - Wrong calculation of supply/debt balance of a position, disrupting core system functionalities Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A High severity issue. Reward A payout will be made for this issue
#473 opened Sep 10, 2024 by sherlock-admin2
6
hyh - NFTPositionManager's repay() and repayETH() are unavailable unless preceded atomically by an accounting updating operation Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A Medium severity issue. Reward A payout will be made for this issue
#467 opened Sep 10, 2024 by sherlock-admin4
11
Nihavent - Curated Vault allocators cannot reallocate() a pool to zero due to attempting to withdraw 0 tokens from the underlying pool Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A Medium severity issue. Reward A payout will be made for this issue
#434 opened Sep 10, 2024 by sherlock-admin3
Nihavent - CuratedVaultSetters::_supplyPool() does not consider the pool cap of the underlying pool, which may cause deposit() to revert or lead to an unintended reordering of supplyQueue Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A Medium severity issue. Reward A payout will be made for this issue
#433 opened Sep 10, 2024 by sherlock-admin3
22
Nihavent - Supply interest is earned on accruedToTreasuryShares resulting in higher than expected treasury fees and under rare circumstances DOSed pool withdrawals Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A Medium severity issue. Reward A payout will be made for this issue
#430 opened Sep 10, 2024 by sherlock-admin3
15
Nihavent - Unclaimable reserve assets will accrue in a pool due to the difference between interest paid on borrows and interest earned on supplies Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A Medium severity issue. Reward A payout will be made for this issue
#429 opened Sep 10, 2024 by sherlock-admin3
10
imsrybr0 - Interest rate is updated before updating the debt when repaying debt Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A High severity issue. Reward A payout will be made for this issue
#413 opened Sep 10, 2024 by sherlock-admin3
A2-security - Inconsistent Application of Reserve Factor Changes Leads to Protocol Insolvency Risk Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A Medium severity issue. Reward A payout will be made for this issue
#402 opened Sep 10, 2024 by sherlock-admin3
11
Bigsam - Liquidation fails to update the interest Rate when liquidation funds are sent to the treasury thus the next user uses an inflated index Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A Medium severity issue. Reward A payout will be made for this issue
#401 opened Sep 10, 2024 by sherlock-admin3
7
A2-security - Position Risk Management Functionality Missing in Position Manager and dos in certain conditions Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A Medium severity issue. Reward A payout will be made for this issue
#398 opened Sep 10, 2024 by sherlock-admin3
1
ether_sky - The rewards distribution in the NFTPositionManager is unfair Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A Medium severity issue. Reward A payout will be made for this issue
#393 opened Sep 10, 2024 by sherlock-admin4
25
Bigsam - After a User withdraws The interest Rate is not updated accordingly leading to the next user using an inflated index during next deposit before the rate is normalized again Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A Medium severity issue. Reward A payout will be made for this issue
#387 opened Sep 10, 2024 by sherlock-admin4
4
lemonmon - Function executeMintToTreasury will incorrectly reduce the supplyShares, therefore prevent the last users from withdrawing Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A High severity issue. Reward A payout will be made for this issue
#375 opened Sep 10, 2024 by sherlock-admin3
tallo - Partial liquidations can sometimes lower a positions health and lead to guaranteed bad debt Escalated This issue contains a pending escalation Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A High severity issue. Reward A payout will be made for this issue
#338 opened Sep 10, 2024 by sherlock-admin3
8
tallo - Liquidated positions will still accrue rewards after being liquidated Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A High severity issue. Reward A payout will be made for this issue
#312 opened Sep 10, 2024 by sherlock-admin4
Obsidian - When bad debt is accumulated, the loss is not shared amongst all suppliers, instead the last to withdraw will experience a huge loss Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A High severity issue. Reward A payout will be made for this issue
#275 opened Sep 10, 2024 by sherlock-admin2
Obsidian - Malicious pool deployer can use a malicious oracle contract to steal funds of vault depositors Escalation Resolved This issue's escalations have been approved/rejected High A High severity issue. Reward A payout will be made for this issue
#234 opened Sep 10, 2024 by sherlock-admin4
27
Obsidian - Malicious pool deployer can set a malicious interest rate contract to lock funds of vault depositors Escalation Resolved This issue's escalations have been approved/rejected High A High severity issue. Reward A payout will be made for this issue
#233 opened Sep 10, 2024 by sherlock-admin2
13
joshuajee - Borrowers can make their position unprofitable to liquidated by using too many collateral tokens. Escalated This issue contains a pending escalation Medium A Medium severity issue. Reward A payout will be made for this issue
#231 opened Sep 10, 2024 by sherlock-admin3
41
imsrybr0 - LiquidationLogic@_burnCollateralTokens does not account for liquidation fees when withdrawing collateral during liquidation leading to incorrect accounting and Pools insolvency Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A High severity issue. Reward A payout will be made for this issue
#228 opened Sep 10, 2024 by sherlock-admin3
iamnmt - An attacker can hijack the CuratedVault's matured yield Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A High severity issue. Reward A payout will be made for this issue
#199 opened Sep 10, 2024 by sherlock-admin4
5
Flashloan44 - Liquidation can be DOSed due to lack of liquidity on collateral asset reserve Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A High severity issue. Reward A payout will be made for this issue
#198 opened Sep 10, 2024 by sherlock-admin3
11
nfmelendez - GenericLogic.sol contract assumes all price feeds has the same decimals but is a wrong assumption that leads to an incorrect health factor math. Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A Medium severity issue. Reward A payout will be made for this issue
#166 opened Sep 10, 2024 by sherlock-admin4
13
0xNirix - Malicious actors can execute sandwich attacks during market addition with existing funds Escalated This issue contains a pending escalation Medium A Medium severity issue. Reward A payout will be made for this issue
#143 opened Sep 10, 2024 by sherlock-admin3
27
ProTip! Exclude everything labeled bug with -label:bug.