Giters
sherlock-audit
/
2023-05-Index-judging
Geek Repo:
Geek Repo
Github PK Tool:
Github PK Tool
Stargazers:
6
Watchers:
1
Issues:
338
Forks:
3
sherlock-audit/2023-05-Index-judging Issues
ShadowForce - The protocol does not compatible with token such as USDT because of the Approval Face Protection
Updated
a year ago
Comments count
8
ShadowForce - division before multiplication may result in truncation of result
Closed
a year ago
Comments count
7
oxchryston - Chainlink price feed is `deprecated`, not sufficiently validated and can return `stale` prices.
Updated
a year ago
Comments count
4
hildingr - Oracle Price miss matched when E-mode uses single oracle
Updated
a year ago
Comments count
14
hildingr - Operator is blocked when sequencer is down on Arbitrum
Updated
a year ago
Comments count
13
Angry_Mustache_Man - Use BTC/USD chainlink oracle to price WBTC which is problematic if WBTC depegs
Closed
a year ago
MohammedRizwan - Wrong use of access modifier on BaseManagerV2.transferTokens() function
Closed
a year ago
Comments count
4
Saeedalipoor01988 - Missing check AMM Pools balance before changes manager address
Closed
a year ago
whitehat - The trade transactions lack of expiration timestamp check
Closed
a year ago
whitehat - removeExtension should validate if the extension is completely paused
Closed
a year ago
BugBusters - Wrong modifier is being used in interactManager() function
Closed
a year ago
whitehat - Protocol can fall into situation that ripcord reward are all drained
Closed
a year ago
Comments count
10
ShadowForce - Wrongly assume the token decimals is 18
Closed
a year ago
Comments count
3
ShadowForce - Wrongly assume chainlink oracle decimal is always 8
Closed
a year ago
hildingr - Possible to redeem tokens without repaying debt.
Closed
a year ago
Comments count
6
MohammedRizwan - Transaction revert if the Token does not support 0 value transfer
Closed
a year ago
BugBusters - Wrong modifier is being used in `transferTokens()` function
Closed
a year ago
0xpinky - DebtIssuanceModule.sol : `removeModule` will not clear the mapping.
Closed
a year ago
Angry_Mustache_Man - Remaining collateral assets get's stuck
Closed
a year ago
warRoom - Division before multiplication incurs unnecessary precision loss
Closed
a year ago
hildingr - onlyEOA() modifier could be bypassed in the future due to EIP3074
Closed
a year ago
ShadowForce - 0 value is not allowed
Closed
a year ago
lemonmon - MethodologySettings not validated correctly in AaveLeverageStrategyExtension
Closed
a year ago
Comments count
3
BugBusters - Index Coop is vulnerable to attackers sending LTV = 0 collateral tokens, supply/supplyCollateral, bor- row and liquidate operations could stop working
Closed
a year ago
Comments count
9
Vagner - `calculateDefaultEditPositionUnit` could revert in multiple cases which will make functions in `TradeWrapModule.sol` or `WrapModuleV2.sol` not work
Closed
a year ago
seerether - Inability to withdraw collaterals
Closed
a year ago
ShadowForce - DOS set token through erc777 hook
Closed
a year ago
Comments count
1
erictee - M - wrong function name used in _setEModeCategory in AaveV3LeverageStrategyExtension.sol
Closed
a year ago
erictee - M - wrong modifier used in transferTokens function in BaseManagerv2.sol according to the comment.
Closed
a year ago
BugBusters - Deadline is hardcode to block.timestamp in DexAdapter can cause problem like sandwich attack in aave extensions.
Closed
a year ago
Comments count
1
Angry_Mustache_Man - Index is vulnerable to attackers sending LTV = 0 collateral tokens, supply/supplyCollateral, borrow and liquidate operations could stop working
Closed
a year ago
Comments count
5
oxchryston - Tokens sent to `manager` contracts will be lost `forever`.
Closed
a year ago
ShadowForce - Excessive asset from trade / swap is not handled well when deleveraging
Closed
a year ago
Phantasmagoria - Protocol assumes that chainlink will return prices with 8 decimals
Closed
a year ago
tsvetanovv - Wrong modifier in `transferTokens()`
Closed
a year ago
BugBusters - Emode cannot be enable on Aave Leverage Extension due to call to wrong function.
Closed
a year ago
Comments count
5
Phantasmagoria - Attacker can make some functionality of the protocol completely unusable
Closed
a year ago
Comments count
8
Phantasmagoria - addLiquidity() function of ammModule.sol reverts every time when adding liquidity
Closed
a year ago
ShadowForce - Lack of consideration when liquidation happens during leverage
Closed
a year ago
BugBusters - Division before multiplication in `_calculateMinRepayUnits` function causes no accurate calculation in delever
Closed
a year ago
Angry_Mustache_Man - Not checking the return value of withdraw function can cause DOS
Closed
a year ago
whitehat - Deprecated oracle function `latestAnswer()` could bring fund loss
Closed
a year ago
erictee - M - Chainlink pricer is using a deprecated API
Closed
a year ago
BugBusters - latestAnswer() has no check for round completeness #9
Closed
a year ago
BugBusters - Chainlink’s latestAnswer might return stale or incorrect results #8
Closed
a year ago
BugBusters - Oracle data feed can be outdated yet used anyways
Closed
a year ago
hildingr - Ripcord can be pulled when the sequencer is down
Closed
a year ago
BugBusters - Missing checks for whether Arbitrum Sequencer is active
Closed
a year ago
hildingr - Wrong LTV and threshold LTV when in E-Mode
Closed
a year ago
hildingr - Delevering can be blocked by other positions
Closed
a year ago
Previous
Next