This repository has been archived by the owner on May 26, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
Issues: sherlock-audit/2023-10-notional-judging
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
xiaoming90 - Leverage Vault on sidechains that support Curve V2 pools is broken
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Disputed
The sponsor disputed this issue's validity
Won't Fix
The sponsor confirmed this issue will not be fixed
#88
opened Nov 25, 2023 by
sherlock-admin
xiaoming90 - Single-sided instead of proportional exit is performed during emergency exit
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#87
opened Nov 25, 2023 by
sherlock-admin2
xiaoming90 - Native ETH not received when removing liquidity from Curve V2 pools
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#86
opened Nov 25, 2023 by
sherlock-admin
xiaoming90 - Different spot prices used during the comparison
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#85
opened Nov 25, 2023 by
sherlock-admin2
xiaoming90 - Unable to reinvest if the reward token equals one of the pool tokens
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#84
opened Nov 25, 2023 by
sherlock-admin
xiaoming90 - Incorrect invariant used for Balancer's composable pools
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#83
opened Nov 25, 2023 by
sherlock-admin2
xiaoming90 - Fewer than expected LP tokens if the pool is imbalanced during vault restoration
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#82
opened Nov 25, 2023 by
sherlock-admin
xiaoming90 - Incorrect Spot Price
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#81
opened Nov 25, 2023 by
sherlock-admin2
xiaoming90 - Incorrect scaling of the spot price
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#79
opened Nov 25, 2023 by
sherlock-admin2
xiaoming90 - Rounding differences when computing the invariant
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#77
opened Nov 25, 2023 by
sherlock-admin2
xiaoming90 - BPT LP Token could be sold off during re-investment
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#76
opened Nov 25, 2023 by
sherlock-admin
xiaoming90 - ETH can be sold during reinvestment
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#74
opened Nov 25, 2023 by
sherlock-admin
mstpr-brainbot - Emergency withdraw might not be enough if the underlying pool is a nested pool
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#52
opened Nov 25, 2023 by
sherlock-admin
Vagner - This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Disputed
The sponsor disputed this issue's validity
Will Fix
The sponsor confirmed this issue will be fixed
depositFromNotional
function is payable, which means that it should accept Ether, but in reality will revert 100% when msg.value > 0
Escalation Resolved
#51
opened Nov 25, 2023 by
sherlock-admin2
mstpr-brainbot - Some curve pools can not be used as a single sided strategy
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#40
opened Nov 25, 2023 by
sherlock-admin
Vagner - A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
BalancerWeightedAuraVault.sol
wrongly assumes that all of the weighted pools uses totalSupply
Medium
#36
opened Nov 25, 2023 by
sherlock-admin
bin2chen - reinvestReward() generates dust totalPoolClaim causing vault abnormal
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#17
opened Nov 25, 2023 by
sherlock-admin2
ZanyBonzy - No check for active L2 Sequencer
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#2
opened Nov 25, 2023 by
sherlock-admin
ProTip!
no:milestone will show everything without a milestone.