Giters
sherlock-audit
/
2024-03-arrakis-judging
Geek Repo:
Geek Repo
Github PK Tool:
Github PK Tool
Stargazers:
2
Watchers:
0
Issues:
99
Forks:
2
sherlock-audit/2024-03-arrakis-judging Issues
abi.encodePacked may break with some initManagement signatures
Closed
2 months ago
ArrakisMetaVault::mint Insufficient MINIMUM_LIQUIDITY Won’t Protect Against Vault Inflation Attack (Grieving)
Closed
2 months ago
ValantisModulePublic::deposit Lack of slippage controls
Closed
2 months ago
ValantisModule::setPriceBounds Missing whenNotPaused modifier
Closed
2 months ago
No check if the Arbitrum Sequencer is down in `HOTOracle.sol:_getOraclePriceUSD()` and not verifying if `answeredInRound` value with the `roundID`
Closed
2 months ago
Incorrect Use of `symbol()` Instead of `name()` in `getTokenName`
Closed
2 months ago
Missing checks for `address(0)`
Closed
2 months ago
Inefficient Input Validation in `mint` and `burn` Functions
Closed
2 months ago
0xAadi - Initial depositor has to spend additional amount to mint MINIMUM_LIQUIDITY and it canot be withdrawn
Closed
2 months ago
Comments count
1
NoOne - use `safeMint` instead `mint`
Closed
2 months ago
Angry_Mustache_Man - Loss of funds caused by edge case in Deposit & Withdraw functions of Private & Public Vaults
Closed
2 months ago
Comments count
10
bareli - no check on cooldownPeriod in ArrakisStandardManager.
Closed
2 months ago
Comments count
1
RadCet - Users lost their private vault
Closed
2 months ago
Ocean_Sky - Private vault ownership nft can be subject for honeypot attack
Closed
2 months ago
0xrobsol - Caller Verification in removeLiquidity Function
Closed
2 months ago
Comments count
1
0xrobsol - Missing Check for Manager Fee Limit in _updateParamsChecks Function
Closed
2 months ago
Comments count
1
0xrobsol - Cooldown Period Management in _updateParamsChecks Function
Closed
2 months ago
Comments count
1
0xrobsol - Indexing Behavior in initializedVaults Function
Closed
2 months ago
0xrobsol - Inadequate Role Management for Contract Executors
Closed
2 months ago
cergyk - ArrakisMetaVaultPrivate::fund No slippage control on private vault deposit can cause unlimited loss to owner
Updated
2 months ago
Comments count
7
cergyk - HOT::setPriceBounds Malicious executor can brick vault withdrawals for at least 2 days
Closed
2 months ago
Comments count
9
mgf15 - Use safeMint instead of mint for ERC721
Closed
2 months ago
0xrobsol - Inadequate Liquidity Management During Discounted HOT Swaps
Closed
2 months ago
cergyk - ArrakisStandardManager::rebalance Malicious executor can bypass slippage check and steal funds from a public vault
Closed
2 months ago
Comments count
15
mgf15 - MISSING STALENESS CHECKS
Closed
2 months ago
mgf15 - missing check to see if the L2 sequencer is down
Closed
2 months ago
cergyk - ValantisModule::setALMAndManagerFees Public vault owner can use upgradeable oracle to rug funds
Closed
2 months ago
cergyk - HOTOracle::getSqrtOraclePriceX96 Missing checks on values returned by Chainlink aggregators
Closed
2 months ago
0xrobsol - Potential Fee Calculation Exploit in AMM Due to Infrequent Timestamp Updates
Closed
2 months ago
0xrobsol - Need for Buffer in Spot Price Validation During AMM Swaps
Closed
2 months ago
kfx - Insufficient swap price validation means that solvers can their use signed quotes as free options, causing losses to the LP
Closed
2 months ago
Comments count
11
kfx - Liquidity calculation overflows can be weaponized for DoS attacks via token donations
Closed
2 months ago
Comments count
3
cergyk - ValantisModule::initializePosition Unlimited slippage can be incurred on initialization of position
Closed
2 months ago
Comments count
8
0xrobsol - Inconsistent Liquidity Updates in AMM Swap Function
Closed
2 months ago
cergyk - Private vault NFT sale can be front-run to withdraw the funds
Closed
2 months ago
0xlookman - 0xlookman:- ArrakisMetaVaultFactory.sol::getTokenName returns token symbol instead of Token name.
Closed
2 months ago
0xlookman - 0xlookman - `ArrakisPublicVaultRouter.sol::wrapAndSwapAndAddLiquidity` most likely to revert hence denying users this service.
Closed
2 months ago
Comments count
1
0xlookman - 0xlookman - `ArrakisPublicVaultRouter.sol::swapAndAddLiquidity` can be used to steal `eth`\ native token funds from this contract
Closed
2 months ago
bareli - Chainlink’s latestRoundData might return stale or incorrect results
Closed
2 months ago
0xrobsol - L2 Sequencer Reliability and Oracle Data Freshness
Closed
2 months ago
Comments count
4
whitehair0330 - A malicious rebalancing process can `significantly` alter the ratio between the amounts of `token0` and `token1` held in the pool.
Closed
2 months ago
Comments count
12
kennedy1030 - Modifying the `_managerFeePIPS` variable within the `ValantisHOTModule` is not possible until the `ValantisHOTModule` has been designated as the `poolManager` of the SovereignPool.
Closed
2 months ago
Angry_Mustache_Man - No setter function available for ValantisHOTModule.sol.maxSlippage()
Closed
2 months ago
Comments count
5
kennedy1030 - A malicious rebalance executor can illegally siphon off assets through the rebalancing process.
Closed
2 months ago
Comments count
7
KupiaSec - The rebalance executor can take large amounts of vault shares even without any underlying assets
Closed
2 months ago
Comments count
9
KupiaSec - Adding liquidity can be `DoS`ed due to calculation mismatches
Updated
2 months ago
Comments count
21
Angry_Mustache_Man - rebalancing functionality can be used by executor to drain funds
Closed
2 months ago
Comments count
11
Angry_Mustache_Man - Arithmetic Overflow is caused while calculating Liquidity Quote during a Hot Swap
Closed
2 months ago
Comments count
1
AgileJune - _hotSwap() will be reverted for some tokens pair due to overflow
Closed
2 months ago
cergyk - ArrakisMetaVault::setModule Malicious executor can drain the vault by calling withdraw after initializePosition
Updated
2 months ago
Comments count
8
Previous
Next