This repository has been archived by the owner on Oct 22, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 6
Issues: sherlock-audit/2023-03-teller-judging
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
tallo - A malicious market owner/protocol owner can front-run calls to lenderAcceptBid and change the marketplace fee to steal lender funds
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Will Fix
The sponsor confirmed this issue will be fixed
#497
opened Apr 22, 2023 by
sherlock-admin
branch_indigo - Premature Liquidation When a Borrower Pays early
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#494
opened Apr 22, 2023 by
sherlock-admin
0xmuxyz - A borrower/lender or liquidator will fail to withdraw the collateral assets due to reaching a gas limit
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Will Fix
The sponsor confirmed this issue will be fixed
#357
opened Apr 22, 2023 by
sherlock-admin
cccz - setLenderManager may cause some Lenders to lose their assets
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Will Fix
The sponsor confirmed this issue will be fixed
#339
opened Apr 22, 2023 by
sherlock-admin
immeas - last repayments are calculated incorrectly for "irregular" loan durations
Escalation Resolved
This issue's escalations have been approved/rejected
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#328
opened Apr 22, 2023 by
sherlock-admin
immeas - bids can be created against markets that doesn't exist
Disagree With Severity
The sponsor disputed the severity of this issue
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Will Fix
The sponsor confirmed this issue will be fixed
#323
opened Apr 22, 2023 by
sherlock-admin
immeas - defaulting doesn't change the state of the loan
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Will Fix
The sponsor confirmed this issue will be fixed
#317
opened Apr 22, 2023 by
sherlock-admin
RaymondFam - EMI last payment not handled perfectly could lead to borrower losing collaterals
Escalation Resolved
This issue's escalations have been approved/rejected
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Will Fix
The sponsor confirmed this issue will be fixed
#315
opened Apr 22, 2023 by
sherlock-admin
0x52 - Malicious user can abuse UpdateCommitment to create commitments for other users
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#260
opened Apr 22, 2023 by
sherlock-admin
cducrest-brainbot - _repayLoan will fail if lender is blacklisted
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Will Fix
The sponsor confirmed this issue will be fixed
#212
opened Apr 22, 2023 by
sherlock-admin
cducrest-brainbot - Bid submission vulnerable to market parameters changes
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Won't Fix
The sponsor confirmed this issue will not be fixed
#205
opened Apr 22, 2023 by
sherlock-admin
0x52 - LenderCommitmentForwarder#updateCommitment can be front-run by malicious borrower to cause lender to over-commit funds
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Will Fix
The sponsor confirmed this issue will be fixed
#176
opened Apr 22, 2023 by
sherlock-admin
0x52 - CollateralManager#commitCollateral overwrites collateralInfo._amount if called with an existing collateral
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Will Fix
The sponsor confirmed this issue will be fixed
#170
opened Apr 22, 2023 by
sherlock-admin
0x52 - CollateralManager#commitCollateral can be called by anyone
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#169
opened Apr 22, 2023 by
sherlock-admin
0x52 - CollateralManager#commitCollateral can be called on an active loan
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Will Fix
The sponsor confirmed this issue will be fixed
#168
opened Apr 22, 2023 by
sherlock-admin
dacian - Lender can take borrower's collateral before first payment due
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Won't Fix
The sponsor confirmed this issue will not be fixed
#92
opened Apr 22, 2023 by
sherlock-admin
nobody2018 - If the collateral is a fee-on-transfer token, repayment will be blocked
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Will Fix
The sponsor confirmed this issue will be fixed
#91
opened Apr 22, 2023 by
sherlock-admin
nobody2018 - updateCommitmentBorrowers does not delete all existing users
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Will Fix
The sponsor confirmed this issue will be fixed
#88
opened Apr 22, 2023 by
sherlock-admin
J4de - The calculation time methods of A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Will Fix
The sponsor confirmed this issue will be fixed
calculateNextDueDate and _canLiquidateLoan are inconsistent
Has Duplicates
#78
opened Apr 22, 2023 by
sherlock-admin
0xGoodess - lender could be forced to withdraw collateral even if he/she would rather wait for liquidation during default
Escalation Resolved
This issue's escalations have been approved/rejected
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
help wanted
Extra attention is needed
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Will Fix
The sponsor confirmed this issue will be fixed
#2
opened Apr 22, 2023 by
sherlock-admin
ProTip!
Follow long discussions with comments:>50.