Giters
sherlock-audit
/
2023-04-gmx-judging
Geek Repo:
Geek Repo
Github PK Tool:
Github PK Tool
Stargazers:
2
Watchers:
3
Issues:
279
Forks:
1
sherlock-audit/2023-04-gmx-judging Issues
pontifex - Incorrect min balance validation
Closed
a year ago
Chinmay - User can have healthy position even at Zero collateral
Closed
a year ago
ten-on-ten - Logical error when computing `estimatedRemainingCollateralUsd`
Closed
a year ago
Jaraxxus - Malicious keeper can still DoS deposits and gain rewards using the 63/64 rule
Closed
a year ago
ten-on-ten - Un-intended overflow in calculating mid price
Closed
a year ago
Comments count
5
ten-on-ten - Deprecated prb-math version
Closed
a year ago
stent - poolAmountAdjustment set but not unset in swapProfitToCollateralToken
Closed
a year ago
Chinmay - Price Impact calculated after Updating OI for Increase Orders
Closed
a year ago
Comments count
8
stent - Calc.boundedSub can throw arithmetic overflow
Closed
a year ago
lemonmon - Unnecessary oracle block number restrictions for limit swap orders
Closed
a year ago
stent - Calc.boundedAdd used intitally but later regular subtraction used
Updated
a year ago
Comments count
2
stopthecap - Wrong comparison operators
Closed
a year ago
Comments count
2
Chinmay - isPositionLiquidatable should use max collateral prices in fees cost calculation
Closed
a year ago
Comments count
1
J4de - Funding fee is still counted when the market is pause
Closed
a year ago
J4de - The gas fee when `withOraclePrices` is not included so the gas fee got by the keeper may be less than the spent
Closed
a year ago
Chinmay - The Holding_address in TokenUtils has no way of retreiving funds
Closed
a year ago
J4de - `ReferralUtils.sol#setTraderReferralCode` can be exploited to zore risk trade
Closed
a year ago
IllIllI - No grace period after sequencer outage
Closed
a year ago
Comments count
1
IllIllI - Unnecessary loss of precision
Closed
a year ago
Comments count
3
IllIllI - Operations may overflow when sign is flipped from negative to positive
Closed
a year ago
Comments count
2
IllIllI - Funding fee accounting is incorrect when the number of sides of OI increases to two
Closed
a year ago
Comments count
10
IllIllI - Limit orders may not work properly in the block after oracles come back after outages
Closed
a year ago
Comments count
9
IllIllI - Virtual swap impacts can be bypassed by swapping through markets where only one of the collateral tokens has virtual inventory
Updated
a year ago
Comments count
1
IllIllI - Virtual inventory for swaps is not tracked properly when long/short collateral are the same
Closed
a year ago
Comments count
1
IllIllI - The pool adjustment config parameters won't work properly when long and short collateral are the same
Closed
a year ago
Comments count
1
IllIllI - Stable prices don't have their values validated like oracle prices do
Closed
a year ago
Comments count
14
IllIllI - Overflow protection in `getNextOpenInterestParams()` makes overflow more likely
Closed
a year ago
Comments count
6
IllIllI - Using spot prices with moving averages will lead to orders not being executed, and liquidations
Closed
a year ago
Comments count
6
IllIllI - Virtual swap balances don't take into account token prices
Updated
a year ago
Comments count
2
IllIllI - No UI fee paid for ADL orders even though referral fees are paid for those orders
Closed
a year ago
Comments count
1
IllIllI - `initialCollateralDeltaAmount` is incorrectly interpreted as a USD value when calculating estimated remaining collateral
Updated
a year ago
Comments count
2
IllIllI - Full impact discounts aren't given if the trigger price can't fulfill the order
Closed
a year ago
Comments count
4
IllIllI - Favoring the balancing of pools over virtual impacts defeats the purpose of virtual impacts
Closed
a year ago
Comments count
4
IllIllI - Users can get impact pool discounts while also increasing the virtual impact pool skew
Updated
a year ago
Comments count
1
IllIllI - `boundedSub()` reverts rather than returning a bounded value, when `type(int256).min` is used
Closed
a year ago
Comments count
2
IllIllI - Block hash reorg protection is insufficient after 255 blocks
Closed
a year ago
Comments count
7
IllIllI - MIN_ORACLE_SIGNERS may cause users to get liquidated, or get the wrong price
Closed
a year ago
Comments count
5
jasonxiale - slippage protection is ignored
Closed
a year ago
IllIllI - Limit swap orders can be used to get a free look into the future
Updated
a year ago
Comments count
2
IllIllI - Swaps associated with position orders will use the wrong price
Updated
a year ago
Comments count
1
IllIllI - Primary price is used for market orders, rather than secondary prices
Closed
a year ago
Comments count
9
IllIllI - Liquidation and ADL orders swap PnL to collateral with unlimited slippage
Closed
a year ago
Comments count
10
IllIllI - Traders can get prices prior to their orders using acceptable prices below trigger prices
Closed
a year ago
Comments count
1
IllIllI - Traders can get prices prior to their orders using trigger prices
Closed
a year ago
Comments count
6
IllIllI - Pool amount adjustments for collateral decreases aren't undone if swaps are successful
Updated
a year ago
Comments count
1
IllIllI - Overflow protection adjustment in `getNextOpenInterestForVirtualInventory()` breaks accounting
Closed
a year ago
Comments count
2
IllIllI - Stop-loss orders do not become marketable orders
Updated
a year ago
Comments count
7
KingNFT - Users cannot seamlessly migrate from other platforms to GMX
Closed
a year ago
lemonmon - The claimable collateral amount is always zero, because the collateral factor is never initialized or adapted or updated.
Closed
a year ago
lemonmon - Stop-loss orders are broken for certain use cases.
Closed
a year ago
Previous
Next