Skip to content

Issues: sherlock-audit/2024-04-interest-rate-model-judging

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

18 Open 245 Closed
18 Open 245 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

0x73696d616f - rewardData.releaseRate is incorrectly calculated on RewardsController::config() when block.timestamp > start and rewardData.lastConfig != rewardData.start Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#245 opened May 4, 2024 by sherlock-admin3
2
0x73696d616f - Expired maturities longer than FixedLib.INTERVAL with unaccrued earnings may be arbitraged and/or might lead to significant bad debt creation Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#158 opened May 4, 2024 by sherlock-admin3
santiellena - Liquidation does not prioritize lowest LTV tokens Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#155 opened May 4, 2024 by sherlock-admin3
9
0x73696d616f - Utilization rates are 0 when average assets are 0, which may be used to game maturity borrows / deposits / withdrawals Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Disputed The sponsor disputed this issue's validity Won't Fix The sponsor confirmed this issue will not be fixed
#150 opened May 4, 2024 by sherlock-admin4
40
ether_sky - When bad debts are cleared, there will be some untracked funds Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#130 opened May 4, 2024 by sherlock-admin2
2
0x73696d616f - Market::liquidate() will not work when most of the liquidity is borrowed due to wrong liquidator transferFrom() order Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#118 opened May 4, 2024 by sherlock-admin2
6
0x73696d616f - TARGET_HEALTH calculation does not consider the adjust factors of the picked seize and repay markets Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#117 opened May 4, 2024 by sherlock-admin4
6
0x73696d616f - Unassigned pool earnings can be stolen when a maturity borrow is liquidated by depositing at maturity with 1 principal Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#114 opened May 4, 2024 by sherlock-admin4
10
0x73696d616f - Profitable liquidations and accumulation of bad debt due to earnings accumulator not being triggered before liquidating Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#101 opened May 4, 2024 by sherlock-admin3
71
ether_sky - The claimable rewards amount for borrowers decreases over time Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#98 opened May 4, 2024 by sherlock-admin3
ether_sky - Rewards can disappear when new rewards are distributed in the RewardsController. Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#95 opened May 4, 2024 by sherlock-admin3
bin2chen - borrow() maliciously let others to enter market Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#76 opened May 4, 2024 by sherlock-admin2
18
santipu_ - Manipulation of the floating debt by updating floatingBackupBorrowed Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#72 opened May 4, 2024 by sherlock-admin4
3
santipu_ - DoS on liquidations when utilization rate is high Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#70 opened May 4, 2024 by sherlock-admin2
32
santipu_ - Theft of unassigned earnings from a fixed pool Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#68 opened May 4, 2024 by sherlock-admin3
11
santipu_ - Fixed interest rates can be manipulated by a whale borrower Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#67 opened May 4, 2024 by sherlock-admin2
santipu_ - Bad debt isn't cleared when earningsAccumulator is lower than a fixed-pool bad debt Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#66 opened May 4, 2024 by sherlock-admin4
6
kankodu - The Rounding Done in Protocol's Favor Can Be Weaponized to Drain the Protocol Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#41 opened May 4, 2024 by sherlock-admin3
17
ProTip! no:milestone will show everything without a milestone.