-
Notifications
You must be signed in to change notification settings - Fork 4
Issues: sherlock-audit/2023-12-flatmoney-judging
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
shaka - Oracle can return different prices in same transaction
Escalation Resolved
This issue's escalations have been approved/rejected
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#216
opened Feb 4, 2024 by
sherlock-admin2
shaka - Trade fees can be avoided in limit orders
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#212
opened Feb 4, 2024 by
sherlock-admin2
xiaoming90 - Losses of some long traders can eat into the margins of others
Escalation Resolved
This issue's escalations have been approved/rejected
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#198
opened Feb 4, 2024 by
sherlock-admin2
xiaoming90 - Long traders unable to withdraw their assets
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#196
opened Feb 4, 2024 by
sherlock-admin2
xiaoming90 - Long trader's deposited margin can be wiped out
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#195
opened Feb 4, 2024 by
sherlock-admin
xiaoming90 - Malicious keepers can manipulate the price when executing an order
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Disputed
The sponsor disputed this issue's validity
Will Fix
The sponsor confirmed this issue will be fixed
#194
opened Feb 4, 2024 by
sherlock-admin2
xiaoming90 - Vault Inflation Attack
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Won't Fix
The sponsor confirmed this issue will not be fixed
#190
opened Feb 4, 2024 by
sherlock-admin2
xiaoming90 - Incorrect price used when updating the global position data
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#188
opened Feb 4, 2024 by
sherlock-admin2
xiaoming90 - Large amounts of points can be minted virtually without any cost
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#187
opened Feb 4, 2024 by
sherlock-admin
xiaoming90 - Asymmetry in profit and loss (PnL) calculations
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#186
opened Feb 4, 2024 by
sherlock-admin2
xiaoming90 - Incorrect handling of PnL during liquidation
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#180
opened Feb 4, 2024 by
sherlock-admin2
xiaoming90 - Oracle will not failover as expected during liquidation
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#177
opened Feb 4, 2024 by
sherlock-admin
nobody2018 - In LeverageModule.executeOpen/executeAdjust, vault.checkSkewMax should be called after updating the global position data
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#143
opened Feb 4, 2024 by
sherlock-admin
HSP - Fees are ignored when checks skew max in Stable Withdrawal / Leverage Open / Leverage Adjust
Escalation Resolved
This issue's escalations have been approved/rejected
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#92
opened Feb 4, 2024 by
sherlock-admin2
juan - A malicious user can bypass limit order trading fees via cross-function re-entrancy
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#75
opened Feb 4, 2024 by
sherlock-admin
r0ck3tz - The transfer lock for leveraged position orders can be bypassed
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#48
opened Feb 4, 2024 by
sherlock-admin2
ProTip!
Adding no:label will show everything without a label.