Skip to content

Issues: sherlock-audit/2024-06-leveraged-vaults-judging

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

19 Open 113 Closed
19 Open 113 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

lemonmon - Kelp:_finalizeCooldown cannot claim the withdrawal if adversary would requestWithdrawals with dust amount for the holder Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#105 opened Jul 3, 2024 by sherlock-admin3
10
ZeroTrust - The _getValueOfWithdrawRequest function uses different methods for selecting assets in various vaults. Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#80 opened Jul 3, 2024 by sherlock-admin4
11
ZeroTrust - The withdrawValue calculation in _calculateValueOfWithdrawRequest is incorrect. Escalation Resolved This issue's escalations have been approved/rejected High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#78 opened Jul 3, 2024 by sherlock-admin2
12
xiaoming90 - Protocol could be DOS by transfer error due to lack of code length check Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#73 opened Jul 3, 2024 by sherlock-admin3
13
xiaoming90 - rescueTokens feature is broken Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#72 opened Jul 3, 2024 by sherlock-admin2
13
xiaoming90 - Lack of slippage control on _redeemPT function Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#70 opened Jul 3, 2024 by sherlock-admin3
2
xiaoming90 - Incorrect assumption that PT rate is 1.0 post-expiry Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#69 opened Jul 3, 2024 by sherlock-admin2
2
xiaoming90 - Wrong decimal precision resulted in the price being inflated Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#66 opened Jul 3, 2024 by sherlock-admin2
3
xiaoming90 - Malicious users can steal reward tokens via re-entrancy attack Escalation Resolved This issue's escalations have been approved/rejected High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#64 opened Jul 3, 2024 by sherlock-admin3
19
xiaoming90 - Users can deny the vault from claiming reward tokens Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#63 opened Jul 3, 2024 by sherlock-admin2
7
xiaoming90 - Loss of rewards due to continuous griefing attacks on L2 environment Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#61 opened Jul 3, 2024 by sherlock-admin3
18
xiaoming90 - Incorrect valuation of vault share Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#60 opened Jul 3, 2024 by sherlock-admin2
2
eeyore - Premature collateralization check in the BaseStakingVault.initiateWithdraw() function can leave accounts undercollateralized Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#56 opened Jul 3, 2024 by sherlock-admin4
13
ZeroTrust - After a liquidator liquidates someone else’s position, it could cause a Denial of Service (DoS) when their own position also needs to be liquidated. Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#44 opened Jul 3, 2024 by sherlock-admin4
14
ZeroTrust - EtherFiLib::_initiateWithdrawImpl will revert because rebase tokens transfer 1-2 less wei Escalation Resolved This issue's escalations have been approved/rejected High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#43 opened Jul 3, 2024 by sherlock-admin3
13
yotov721 - Selling sUSDe is vulnerable to sandwich attack when staked token is DAI Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#18 opened Jul 3, 2024 by sherlock-admin2
2
novaman33 - Lido withdraw limitation will brick the withdraw process in an edge case Escalation Resolved This issue's escalations have been approved/rejected High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#14 opened Jul 3, 2024 by sherlock-admin4
14
novaman33 - _splitWithdrawRequest will make invalid withdraw requests in an edge case Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#6 opened Jul 3, 2024 by sherlock-admin4
13
chaduke - _claimRewardToken() will update accountRewardDebt even when there is a failure during reward claiming, as a result, a user might lose rewards. Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#1 opened Jul 3, 2024 by sherlock-admin2
2
ProTip! no:milestone will show everything without a milestone.