-
Notifications
You must be signed in to change notification settings - Fork 5
Issues: sherlock-audit/2024-08-sentiment-v2-judging
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
vatsal - rounding error due to internal accounting and can steal some portion of the first depositors funds
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A High severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#597
opened Aug 24, 2024 by
sherlock-admin3
hash - User's can create non-liquidateable positions by leveraging This issue's escalations have been approved/rejected
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
rebalanceBadDebt
to decrease share price
Escalation Resolved
#585
opened Aug 24, 2024 by
sherlock-admin3
hash - Setting This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Won't Fix
The sponsor confirmed this issue will not be fixed
minDebt
and minBorrow
to low values can cause protocol to accrue bad debt
Escalation Resolved
#572
opened Aug 24, 2024 by
sherlock-admin2
hash - This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Won't Fix
The sponsor confirmed this issue will not be fixed
ChainlinkOracle
doesn't validate for minAnswer/maxAnswer
Escalation Resolved
#570
opened Aug 24, 2024 by
sherlock-admin2
hash - Attacker can inflict losses to other Superpool user's during a bad debt liquidation depending on the deposit/withdraw queue order
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#564
opened Aug 24, 2024 by
sherlock-admin2
hash - User's can seize more assets during liquidation by using type(uint).max
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A High severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#556
opened Aug 24, 2024 by
sherlock-admin2
0xarno - Attacker Can Manipulate Interest Distribution by Exploiting Asset Transfers and Fee Accrual Mechanism
Escalation Resolved
This issue's escalations have been approved/rejected
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#541
opened Aug 24, 2024 by
sherlock-admin3
valuevalk - Protocol's interestFees + Interest in a pool can be lost because of precision loss when using low-decimal assets like USDT/USDC.
Escalation Resolved
This issue's escalations have been approved/rejected
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Won't Fix
The sponsor confirmed this issue will not be fixed
#448
opened Aug 24, 2024 by
sherlock-admin2
ThePharmacist - Base pools can get bricked if depositors pull out
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#400
opened Aug 24, 2024 by
sherlock-admin2
Nihavent - Liquidators may repay a position's debt to pools that are within their risk tolerance, breaking the concept of isolated risk in base pools
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#382
opened Aug 24, 2024 by
sherlock-admin2
sl1 - Lack of slippage protection during withdrawal in SuperPool and Pool contracts.
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Disputed
The sponsor disputed this issue's validity
Won't Fix
The sponsor confirmed this issue will not be fixed
#356
opened Aug 24, 2024 by
sherlock-admin3
EgisSecurity - Under certain circumstances bad debt will cause first depositor to lose funds
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#319
opened Aug 24, 2024 by
sherlock-admin2
EgisSecurity - Exploiter can force user into unhealthy condition and liquidate him
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#299
opened Aug 24, 2024 by
sherlock-admin3
000000 - Liquidations will revert if a position has been blacklisted for USDC
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Won't Fix
The sponsor confirmed this issue will not be fixed
#284
opened Aug 24, 2024 by
sherlock-admin3
000000 - Not removing a token from the position assets upon an owner removing a token from the known assets will cause huge issues
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Won't Fix
The sponsor confirmed this issue will not be fixed
#282
opened Aug 24, 2024 by
sherlock-admin4
h2134 - None of the functions in SuperPool checks pause state
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#270
opened Aug 24, 2024 by
sherlock-admin4
h2134 - Super Pool shares can be inflated by bad debt leading to overflows
Escalation Resolved
This issue's escalations have been approved/rejected
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#266
opened Aug 24, 2024 by
sherlock-admin3
0xDazai - This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
SuperPool
fails to correctly deposit into pools
Escalation Resolved
#178
opened Aug 24, 2024 by
sherlock-admin2
zarkk01 - RedStone oracle is vulnerable because This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Disputed
The sponsor disputed this issue's validity
Won't Fix
The sponsor confirmed this issue will not be fixed
updatePrice
is not called during the getEthValue
function.
Escalation Resolved
#161
opened Aug 24, 2024 by
sherlock-admin2
Obsidian - The RedstoneCoreOracle has a constant stale price threshold, this is dangerous to use with tokens that have a smaller threshold as the oracle will report stale prices as valid
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Disputed
The sponsor disputed this issue's validity
Won't Fix
The sponsor confirmed this issue will not be fixed
#126
opened Aug 24, 2024 by
sherlock-admin3
Kalogerone - The This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
SuperPool
vault is not strictly ERC4626 compliant as it should be
Escalation Resolved
#110
opened Aug 24, 2024 by
sherlock-admin2
X12 - LTV of 98% would be extremely dangerous
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Won't Fix
The sponsor confirmed this issue will not be fixed
#102
opened Aug 24, 2024 by
sherlock-admin3
Kalogerone - Griefer can DOS the This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
SuperPool
creation and make it very expensive for other users
Escalation Resolved
#97
opened Aug 24, 2024 by
sherlock-admin4
Obsidian - Liquidation fee is incorrectly calculated, leading to unprofitable liquidations
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#91
opened Aug 24, 2024 by
sherlock-admin4
0xAlix2 - Super pool uses A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
ERC20.approve
instead of safe approvals, causing it to always revert on some ERC20s
Has Duplicates
#48
opened Aug 24, 2024 by
sherlock-admin2
Previous Next
ProTip!
Updated in the last three days: updated:>2024-11-24.