Giters
sherlock-audit
/
2023-06-bond-judging
Geek Repo:
Geek Repo
Github PK Tool:
Github PK Tool
Stargazers:
3
Watchers:
2
Issues:
110
Forks:
3
sherlock-audit/2023-06-bond-judging Issues
bin2chen - claimRewards() If a rewards is too small, it may block other epochs
Updated
a year ago
Comments count
7
kutugu - Users can bypass allowList
Closed
a year ago
bin2chen - stake() missing set lastEpochClaimed when userBalance equal 0
Updated
a year ago
Comments count
7
tnquanghuy0512 - User losing token when exercise() while is not the option token's receiver
Closed
a year ago
bin2chen - steal funds with variable decimals of payoutToken
Closed
a year ago
namx05 - Fee Calculation Issue in FixedStrikeOptionTeller.sol
Closed
a year ago
tnquanghuy0512 - User can reclaim() multiple time, causing draining the contract
Closed
a year ago
tnquanghuy0512 - OptionToken can not deploy with huge strike price
Closed
a year ago
supernova - Wrong comparison between block.timestamp , eligible_, and expiry_
Closed
a year ago
Kow - Unrestricted reclaim of payout/quote tokens allows user to steal all collateral from Teller
Closed
a year ago
Auditwolf - ERC 20 approve can fail for some tokens.
Closed
a year ago
caventa - For OracleStrikeOTLM, newly staked token could not be unstaked and its staked rewards could not be claimed in the new epoch due to invalid strike price
Closed
a year ago
Auditwolf - Incorrect calculation of current rewards per token.
Closed
a year ago
OCC - Reentrancy attack vulnerability in the deploy() function
Closed
a year ago
tsvetanovv - The user can't recive rewards if token is USDT
Closed
a year ago
ctf_sec - Strike price can be too high and cause overflow depends on the amount of option minted, receiver cannot reclaim the fund
Closed
a year ago
OCC - Detect collision due to dynamic type usages
Closed
a year ago
ctf_sec - OTLM: Stakers unable to claim their rewards
Closed
a year ago
Comments count
2
ctf_sec - FixedStrikeOptionTeller: Receiver can only reclaim entire suply of option token and not a partial option token amount
Closed
a year ago
Comments count
3
ctf_sec - FixedStrikeOptionTeller: create can be invoked when block.timestamp == expiry but exercise reverts
Updated
a year ago
Comments count
3
ctf_sec - All funds can be stolen from FixedStrikeOptionTeller using a token with malicious decimals
Updated
a year ago
Comments count
7
ctf_sec - Flashloan can be used to bypass the token allow list check
Closed
a year ago
Comments count
3
ctf_sec - Too few or too much option reward token is minted if the payout token decimal miss match the staked token decimal
Closed
a year ago
Comments count
3
ctf_sec - Division before multiplication result in loss of token reward if the reward update time elapse is small
Updated
a year ago
Comments count
3
ctf_sec - IERC20(token).approve revert if the underlying ERC20 token approve does not return boolean
Updated
a year ago
Comments count
3
ctf_sec - User cannot emergencyUnstake in certain case because the staked token balance is treated as the payout balance if the payout token equals to the staked token
Closed
a year ago
Comments count
4
ctf_sec - Strike price can be too high and cause overflow when exercise their token, then user will never exercise their option and lose their option token
Closed
a year ago
Comments count
10
ctf_sec - Use A's staked token balance can be used to mint option token as reward for User B if the payout token equals to the stake token
Updated
a year ago
Comments count
18
ctf_sec - Loss of option token from Teller and reward from OTLM if L2 sequencer goes down
Updated
a year ago
Comments count
5
ctf_sec - Blocklisted address can be used to lock the option token minter's fund
Updated
a year ago
Comments count
13
qandisa - Users can not access the exercise function when the sequencer is down on Arbitrum
Closed
a year ago
ctf_sec - All fund from Teller contract can be drained because a malicious receiver can call reclaim repeatedly
Updated
a year ago
Comments count
4
qandisa - Options can expire while users are unable to exercise them during sequencer failure
Closed
a year ago
qandisa - Rounding to nearest day is incorrect
Closed
a year ago
Comments count
5
berndartmueller - A malicious option token deployer can drain quote token funds from the `FixedStrikeOptionTeller` contract
Closed
a year ago
caventa - Functions of OracleStrikeOTLM could not be performed for certain strike price
Closed
a year ago
caventa - Blacklist receiver maybe unable to reclaim option token leads to fund token in the contract
Closed
a year ago
Sm4rty - Attacker can Steal Other User's Collateral
Closed
a year ago
kutugu - A malicious user can use a backrun attack to make the staking user lose the reward
Closed
a year ago
Jiamin - Option Tokens should not be repeatedly used for reclaiming
Closed
a year ago
bin2chen - receiver can prevent exercise then force OptionToken to expire
Closed
a year ago
kutugu - Fulfill a small quantity portion of the order will affect the income of the protocol
Closed
a year ago
bin2chen - reclaim() can be executed repeatedly
Closed
a year ago
kutugu - A malicious user can use reclaim to steal teller funds
Closed
a year ago
tvdung94 - Malicious users could empty teller quote/payout tokens by repeatedly reclaim expired option token
Closed
a year ago
TrungOre - optionToken can't be exercise right after function `create` is called
Closed
a year ago
BenRai - The period in which `optionTokens` are executable is up to nearly 1 day shorter than intended
Closed
a year ago
BenRai - `optionTokens` can be expired even though the epoch is not over
Updated
a year ago
Comments count
6
berndartmueller - Payout tokens can be stolen from the `FixedStrikeOptionTeller` contract by exercising call options without paying quote tokens
Closed
a year ago
berndartmueller - Funds can be stolen from the `FixedStrikeOptionTeller` contract by creating put option tokens without providing collateral
Updated
a year ago
Comments count
7
Previous
Next