This repository has been archived by the owner on Nov 5, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
Issues: sherlock-audit/2023-04-blueberry-judging
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
ctf_sec - Deadline check is not effective, allowing outdated slippage and allow pending transaction to be unexpected executed
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#145
opened Apr 30, 2023 by
sherlock-admin
ctf_sec - Missing checks for whether Arbitrum Sequencer is active
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#142
opened Apr 30, 2023 by
sherlock-admin
cuthalion0x - A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
BalancerPairOracle can be manipulated using read-only reentrancy
High
#141
opened Apr 30, 2023 by
sherlock-admin
0x52 - Pending CRV rewards are not accounted for and can cause unfair liquidations
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#136
opened Apr 30, 2023 by
sherlock-admin
0x52 - ShortLongSpell#openPosition can cause user unexpected liquidation when increasing position size
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#135
opened Apr 30, 2023 by
sherlock-admin
0x52 - Balance check for swapToken in ShortLongSpell#_deposit is incorrect and will result in nonfunctional contract
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#133
opened Apr 30, 2023 by
sherlock-admin
0x52 - UniswapV3 sqrtRatioLimit doesn't provide slippage protection and will result in partial swaps
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Will Fix
The sponsor confirmed this issue will be fixed
#132
opened Apr 30, 2023 by
sherlock-admin
0x52 - UserData for balancer pool exits is malformed and will permanently trap users
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#129
opened Apr 30, 2023 by
sherlock-admin
0x52 - rewardTokens removed from WAuraPool/WConvexPools will be lost forever
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#128
opened Apr 30, 2023 by
sherlock-admin
0x52 - WAuraPools will irreversibly break if reward tokens are added to pool after deposit
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#127
opened Apr 30, 2023 by
sherlock-admin
0x52 - ShortLongSpell#_withdraw checks slippage limit but never applies it making it useless
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#126
opened Apr 30, 2023 by
sherlock-admin
0x52 - ConvexSpell#closePositionFarm removes liquidity without any slippage protection
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#124
opened Apr 30, 2023 by
sherlock-admin
helpMePlease - Potential flash loan attack vulnerability in A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
getPrice function of CurveOracle
Has Duplicates
#123
opened Apr 30, 2023 by
sherlock-admin
0x52 - AuraSpell#closePositionFarm requires users to swap all reward tokens through same router
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#122
opened Apr 30, 2023 by
sherlock-admin
0x52 - Users are forced to swap all reward tokens with no slippage protection
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#121
opened Apr 30, 2023 by
sherlock-admin
0x52 - AuraSpell#openPositionFarm uses incorrect join type for balancer
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#120
opened Apr 30, 2023 by
sherlock-admin
0x52 - Issue 94 from previous contest has not been fixed
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#118
opened Apr 30, 2023 by
sherlock-admin
0x52 - Issue 290 from previous contest has not been fully addressed by fixes
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#117
opened Apr 30, 2023 by
sherlock-admin
Ch_301 - asking for the wrong address for This issue's escalations have been approved/rejected
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Will Fix
The sponsor confirmed this issue will be fixed
balanceOf()
Escalation Resolved
#116
opened Apr 30, 2023 by
sherlock-admin
0x52 - BlueBerryBank#getPositionValue causes DOS if reward token is added that doens't have an oracle
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#115
opened Apr 30, 2023 by
sherlock-admin
Ch_301 - M-03 wrong token address on This issue's escalations have been approved/rejected
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Will Fix
The sponsor confirmed this issue will be fixed
ShortLongSpell.sol
Escalation Resolved
#114
opened Apr 30, 2023 by
sherlock-admin
Ch_301 - attackers will keep stealing the This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Will Fix
The sponsor confirmed this issue will be fixed
rewards from Convex SPELL
Escalation Resolved
#101
opened Apr 30, 2023 by
sherlock-admin
Ch_301 - This issue's escalations have been approved/rejected
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Disputed
The sponsor disputed this issue's validity
Won't Fix
The sponsor confirmed this issue will not be fixed
getPositionRisk() will return a wrong value of risk
Escalation Resolved
#97
opened Apr 30, 2023 by
sherlock-admin
Bauer - Users can fail to closePositionFarm and lose their funds
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#64
opened Apr 30, 2023 by
sherlock-admin
Bauer - The protocol will not be able to add liquidity on the curve with another token with a balance.
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#47
opened Apr 30, 2023 by
sherlock-admin
Previous Next
ProTip!
Add no:assignee to see everything that’s not assigned.