Skip to content
This repository has been archived by the owner on Mar 3, 2024. It is now read-only.

Issues: sherlock-audit/2023-06-tokemak-judging

35 Open 889 Closed
35 Open 889 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

ctf_sec - curve admin can drain pool via reentrancy (equal to execute emergency withdraw and rug tokenmak fund by third party) Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue
#862 opened Aug 30, 2023 by sherlock-admin
17
carrotsmuggler - Slashing during LSTCalculatorBase.sol deployment can show bad apr for months Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Disputed The sponsor disputed this issue's validity
#824 opened Aug 30, 2023 by sherlock-admin
1
carrotsmuggler - OOG / unexpected reverts due to incorrect usage of staticcall. Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid
#822 opened Aug 30, 2023 by sherlock-admin
24
tives - Aura/Convex rewards are stuck after DOS Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid
#738 opened Aug 30, 2023 by sherlock-admin
Aymen0909 - Incorrect amount given as input to _handleRebalanceIn when flashRebalance is called Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid
#701 opened Aug 30, 2023 by sherlock-admin2
1
n33k - LMPVault: DoS when feeSink balance hits perWalletLimit Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid
#679 opened Aug 30, 2023 by sherlock-admin2
0x007 - LMPVault.updateDebtReporting could underflow because of subtraction before addition Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue
#675 opened Aug 30, 2023 by sherlock-admin2
10
ast3ros - Vault cannot be added back into the vault registry Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid
#674 opened Aug 30, 2023 by sherlock-admin
xiaoming90 - navPerShareHighMark not reset to 1.0 Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue
#661 opened Aug 30, 2023 by sherlock-admin2
9
duc - Maverick oracle can be manipulated Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Disputed The sponsor disputed this issue's validity
#635 opened Aug 30, 2023 by sherlock-admin2
1
duc - Incorrect handling of Stash Tokens within the ConvexRewardsAdapter._claimRewards() Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid
#632 opened Aug 30, 2023 by sherlock-admin
1
xiaoming90 - Incorrect number of shares minted as fee Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid
#624 opened Aug 30, 2023 by sherlock-admin
5
xiaoming90 - Incorrect pricing for CurveV2 LP Token High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid
#621 opened Aug 30, 2023 by sherlock-admin2
xiaoming90 - Gain From LMPVault Can Be Stolen Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid
#620 opened Aug 30, 2023 by sherlock-admin
xiaoming90 - Malicious users could use back old values Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue
#612 opened Aug 30, 2023 by sherlock-admin
9
xiaoming90 - Differences between actual and cached total assets can be arbitraged Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid
#611 opened Aug 30, 2023 by sherlock-admin2
xiaoming90 - Price returned by Oracle is not verified Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue
#604 opened Aug 30, 2023 by sherlock-admin
16
xiaoming90 - Immediately start getting rewards belonging to others after staking Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid
#603 opened Aug 30, 2023 by sherlock-admin2
xiaoming90 - Malicious users could lock in the NAV/Share of the DV to cause the loss of fees Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue
#601 opened Aug 30, 2023 by sherlock-admin2
9
xiaoming90 - Inflated price due to unnecessary precision scaling Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid
#600 opened Aug 30, 2023 by sherlock-admin
xiaoming90 - Losses are not distributed equally Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid
#591 opened Aug 30, 2023 by sherlock-admin2
xiaoming90 - Incorrect approach to tracking the PnL of a DV Escalation Resolved This issue's escalations have been approved/rejected High A valid High severity issue Reward A payout will be made for this issue
#589 opened Aug 30, 2023 by sherlock-admin2
9
xiaoming90 - Stat calculator returns incorrect report for swETH Escalation Resolved This issue's escalations have been approved/rejected High A valid High severity issue Reward A payout will be made for this issue
#587 opened Aug 30, 2023 by sherlock-admin2
8
xiaoming90 - previewRedeem and redeem functions deviate from the ERC4626 specification Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue
#577 opened Aug 30, 2023 by sherlock-admin2
23
xiaoming90 - Malicious or compromised admin of certain LSTs could manipulate the price Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid
#570 opened Aug 30, 2023 by sherlock-admin
ProTip! no:milestone will show everything without a milestone.