-
Notifications
You must be signed in to change notification settings - Fork 8
Issues: sherlock-audit/2024-06-leveraged-vaults-judging
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
lemonmon - This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
Kelp:_finalizeCooldown
cannot claim the withdrawal if adversary would requestWithdrawals with dust amount for the holder
Escalation Resolved
#105
opened Jul 3, 2024 by
sherlock-admin3
ZeroTrust - The _getValueOfWithdrawRequest function uses different methods for selecting assets in various vaults.
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#80
opened Jul 3, 2024 by
sherlock-admin4
ZeroTrust - The withdrawValue calculation in _calculateValueOfWithdrawRequest is incorrect.
Escalation Resolved
This issue's escalations have been approved/rejected
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#78
opened Jul 3, 2024 by
sherlock-admin2
xiaoming90 - Protocol could be DOS by transfer error due to lack of code length check
Escalation Resolved
This issue's escalations have been approved/rejected
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#73
opened Jul 3, 2024 by
sherlock-admin3
xiaoming90 - This issue's escalations have been approved/rejected
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
rescueTokens
feature is broken
Escalation Resolved
#72
opened Jul 3, 2024 by
sherlock-admin2
xiaoming90 - Lack of slippage control on A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
_redeemPT
function
Has Duplicates
#70
opened Jul 3, 2024 by
sherlock-admin3
xiaoming90 - Incorrect assumption that PT rate is 1.0 post-expiry
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#69
opened Jul 3, 2024 by
sherlock-admin2
xiaoming90 - Wrong decimal precision resulted in the price being inflated
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#66
opened Jul 3, 2024 by
sherlock-admin2
xiaoming90 - Malicious users can steal reward tokens via re-entrancy attack
Escalation Resolved
This issue's escalations have been approved/rejected
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#64
opened Jul 3, 2024 by
sherlock-admin3
xiaoming90 - Users can deny the vault from claiming reward tokens
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Won't Fix
The sponsor confirmed this issue will not be fixed
#63
opened Jul 3, 2024 by
sherlock-admin2
xiaoming90 - Loss of rewards due to continuous griefing attacks on L2 environment
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Won't Fix
The sponsor confirmed this issue will not be fixed
#61
opened Jul 3, 2024 by
sherlock-admin3
xiaoming90 - Incorrect valuation of vault share
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#60
opened Jul 3, 2024 by
sherlock-admin2
eeyore - Premature collateralization check in the This issue's escalations have been approved/rejected
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
BaseStakingVault.initiateWithdraw()
function can leave accounts undercollateralized
Escalation Resolved
#56
opened Jul 3, 2024 by
sherlock-admin4
ZeroTrust - After a liquidator liquidates someone else’s position, it could cause a Denial of Service (DoS) when their own position also needs to be liquidated.
Escalation Resolved
This issue's escalations have been approved/rejected
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#44
opened Jul 3, 2024 by
sherlock-admin4
ZeroTrust - This issue's escalations have been approved/rejected
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
EtherFiLib::_initiateWithdrawImpl
will revert because rebase tokens transfer 1-2 less wei
Escalation Resolved
#43
opened Jul 3, 2024 by
sherlock-admin3
yotov721 - Selling sUSDe is vulnerable to sandwich attack when staked token is DAI
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#18
opened Jul 3, 2024 by
sherlock-admin2
novaman33 - Lido withdraw limitation will brick the withdraw process in an edge case
Escalation Resolved
This issue's escalations have been approved/rejected
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#14
opened Jul 3, 2024 by
sherlock-admin4
novaman33 - This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
_splitWithdrawRequest
will make invalid withdraw requests in an edge case
Escalation Resolved
#6
opened Jul 3, 2024 by
sherlock-admin4
chaduke - _claimRewardToken() will update accountRewardDebt even when there is a failure during reward claiming, as a result, a user might lose rewards.
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Won't Fix
The sponsor confirmed this issue will not be fixed
#1
opened Jul 3, 2024 by
sherlock-admin2
ProTip!
What’s not been updated in a month: updated:<2024-11-28.