Skip to content
This repository has been archived by the owner on Oct 1, 2023. It is now read-only.

Issues: sherlock-audit/2023-03-Y2K-judging

19 Open 496 Closed
19 Open 496 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

minhtrng - Inconsistent use of epochBegin could lock user funds Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#480 opened Mar 28, 2023 by sherlock-admin
2
0x52 - Adversary can break deposit queue and cause loss of funds Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#468 opened Mar 27, 2023 by sherlock-admin
@3xHarry
4
0x52 - Null epochs will freeze rollovers Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#442 opened Mar 27, 2023 by sherlock-admin
3
0x52 - VaultFactoryV2#changeTreasury misconfigures the vault Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#435 opened Mar 27, 2023 by sherlock-admin
3
berndartmueller - Arbitrum sequencer downtime lasting before and beyond epoch expiry prevents triggering depeg Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#422 opened Mar 27, 2023 by sherlock-admin
6
berndartmueller - Carousel.mintRollovers potentially mints 0 shares and can grief rollover queue Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#418 opened Mar 27, 2023 by sherlock-admin
6
ast3ros - Vault Factory ownership can be changed immediately and bypass timelock delay Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#337 opened Mar 27, 2023 by sherlock-admin
7
cccz - mintRollovers should require entitledShares >= relayerFee Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#293 opened Mar 27, 2023 by sherlock-admin
6
bin2chen - changeTreasury() Lack of check and remove old Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#208 opened Mar 27, 2023 by sherlock-admin
7
csanuragjain - User deposit may never be entertained from deposit queue Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#174 opened Mar 27, 2023 by sherlock-admin
7
nobody2018 - Malicious user can make rolloverQueue never get processed Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Won't Fix The sponsor confirmed this issue will not be fixed
#172 opened Mar 27, 2023 by sherlock-admin
2
kenzo - When rolling over, user will lose his winnings from previous epoch Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#163 opened Mar 27, 2023 by sherlock-admin
6
hickuphh3 - Stuck emissions for nullified epochs Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#122 opened Mar 27, 2023 by sherlock-admin
3
Ruhum - Controller doesn't send treasury funds to the vault's treasury address Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#110 opened Mar 27, 2023 by sherlock-admin
5
roguereddwarf - ControllerPeggedAssetV2: triggerEndEpoch function can be called even if epoch is null epoch leading to loss of funds Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#108 opened Mar 27, 2023 by sherlock-admin
2
hickuphh3 - depositFee can be bypassed via deposit queue Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#75 opened Mar 27, 2023 by sherlock-admin
5
hickuphh3 - Earlier users in rollover queue can grief later users Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#72 opened Mar 27, 2023 by sherlock-admin
11
roguereddwarf - ControllerPeggedAssetV2: outdated price may be used which can lead to wrong depeg events Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#70 opened Mar 27, 2023 by sherlock-admin
3
hickuphh3 - Funds can be stolen because of incorrect update to ownerToRollOverQueueIndex for existing rollovers Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#2 opened Mar 27, 2023 by sherlock-admin
3
ProTip! What’s not been updated in a month: updated:<2024-12-12.