Skip to content

Issues: sherlock-audit/2024-06-leveraged-vaults-judging

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort

Issues list

lemonmon - Kelp:_finalizeCooldown cannot claim the withdrawal if adversary would requestWithdrawals with dust amount for the holder Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#105 opened Jul 3, 2024 by sherlock-admin3
ZeroTrust - The _getValueOfWithdrawRequest function uses different methods for selecting assets in various vaults. Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#80 opened Jul 3, 2024 by sherlock-admin4
ZeroTrust - The withdrawValue calculation in _calculateValueOfWithdrawRequest is incorrect. Escalation Resolved This issue's escalations have been approved/rejected High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#78 opened Jul 3, 2024 by sherlock-admin2
xiaoming90 - Protocol could be DOS by transfer error due to lack of code length check Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#73 opened Jul 3, 2024 by sherlock-admin3
xiaoming90 - rescueTokens feature is broken Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#72 opened Jul 3, 2024 by sherlock-admin2
xiaoming90 - Lack of slippage control on _redeemPT function Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#70 opened Jul 3, 2024 by sherlock-admin3
xiaoming90 - Incorrect assumption that PT rate is 1.0 post-expiry Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#69 opened Jul 3, 2024 by sherlock-admin2
xiaoming90 - Wrong decimal precision resulted in the price being inflated Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#66 opened Jul 3, 2024 by sherlock-admin2
xiaoming90 - Malicious users can steal reward tokens via re-entrancy attack Escalation Resolved This issue's escalations have been approved/rejected High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#64 opened Jul 3, 2024 by sherlock-admin3
xiaoming90 - Users can deny the vault from claiming reward tokens Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#63 opened Jul 3, 2024 by sherlock-admin2
xiaoming90 - Loss of rewards due to continuous griefing attacks on L2 environment Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#61 opened Jul 3, 2024 by sherlock-admin3
xiaoming90 - Incorrect valuation of vault share Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#60 opened Jul 3, 2024 by sherlock-admin2
eeyore - Premature collateralization check in the BaseStakingVault.initiateWithdraw() function can leave accounts undercollateralized Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#56 opened Jul 3, 2024 by sherlock-admin4
ZeroTrust - After a liquidator liquidates someone else’s position, it could cause a Denial of Service (DoS) when their own position also needs to be liquidated. Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#44 opened Jul 3, 2024 by sherlock-admin4
ZeroTrust - EtherFiLib::_initiateWithdrawImpl will revert because rebase tokens transfer 1-2 less wei Escalation Resolved This issue's escalations have been approved/rejected High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#43 opened Jul 3, 2024 by sherlock-admin3
yotov721 - Selling sUSDe is vulnerable to sandwich attack when staked token is DAI Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#18 opened Jul 3, 2024 by sherlock-admin2
novaman33 - Lido withdraw limitation will brick the withdraw process in an edge case Escalation Resolved This issue's escalations have been approved/rejected High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#14 opened Jul 3, 2024 by sherlock-admin4
novaman33 - _splitWithdrawRequest will make invalid withdraw requests in an edge case Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#6 opened Jul 3, 2024 by sherlock-admin4
chaduke - _claimRewardToken() will update accountRewardDebt even when there is a failure during reward claiming, as a result, a user might lose rewards. Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#1 opened Jul 3, 2024 by sherlock-admin2
ProTip! What’s not been updated in a month: updated:<2024-11-28.