Skip to content
This repository has been archived by the owner on Nov 3, 2024. It is now read-only.

Issues: sherlock-audit/2024-04-teller-finance-judging

29 Open 276 Closed
29 Open 276 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

pkqs90 - Users can bypass auction mechanism for LenderCommitmentGroup_Smart liquidation mechanism for loans that are close to end of loan Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#289 opened Apr 29, 2024 by sherlock-admin4
4
CodeWasp - The cycle payment due may span over approx. 2 cycles and block the borrower from paying Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#285 opened Apr 29, 2024 by sherlock-admin3
6
pkqs90 - LenderCommitmentGroup_Smart.sol cannot deploy pools with non-string symbol() ERC20s. Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#269 opened Apr 29, 2024 by sherlock-admin2
3
0xadrii - Performing a direct multiplication in _getPriceFromSqrtX96 will overflow for some uniswap pools Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#243 opened Apr 29, 2024 by sherlock-admin3
10
0xadrii - Not transferring collateral when submitting bids allows malicious users to create honeypot-style attacks High A valid High severity issue Reward A payout will be made for this issue Sponsor Disputed The sponsor disputed this issue's validity Won't Fix The sponsor confirmed this issue will not be fixed
#219 opened Apr 29, 2024 by sherlock-admin3
9
EgisSecurity - If repayLoanCallback address doesn't implement repayLoanCallback try/catch won't go into the catch and will revert the tx High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#178 opened Apr 29, 2024 by sherlock-admin4
2
0x73696d616f - FlashRolloverLoan_G5 will not work for certain tokens due to not setting the approval to 0 after repaying a loan Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#140 opened Apr 29, 2024 by sherlock-admin2
2
0x73696d616f - FlashRolloverLoan_G5 will fail for LenderCommitmentGroup_Smart due to CollateralManager pulling collateral from FlashRolloverLoan_G5 Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#138 opened Apr 29, 2024 by sherlock-admin3
3
0x73696d616f - Incorrect selector in FlashRolloverLoan_G5::_acceptCommitment() does not match SmartCommitmentForwarder::acceptCommitmentWithRecipient() Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#135 opened Apr 29, 2024 by sherlock-admin3
2
0x3b - _sendOrEscrowFunds will brick LCG funds causing insolvency Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#126 opened Apr 29, 2024 by sherlock-admin3
2
0x73696d616f - Issue #497 'Add parameter to lender accept bid for MaxMarketFee' from previous audit is still present Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#125 opened Apr 29, 2024 by sherlock-admin2
3
cryptic - LenderCommitmentGroup pools will have incorrect exchange rate when fee-on-transfer tokens are used Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#122 opened Apr 29, 2024 by sherlock-admin2
14
jovi - liquidateDefaultedLoanWithIncentive can be gamed to avoid paying loans interest Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#121 opened Apr 29, 2024 by sherlock-admin4
3
jovi - Malicious borrower can pay each payment and make its own loan default 1 month later Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Disputed The sponsor disputed this issue's validity Won't Fix The sponsor confirmed this issue will not be fixed
#116 opened Apr 29, 2024 by sherlock-admin2
9
0x73696d616f - Interest rate in LenderCommitmentGroup_Smart may be easily manipulated by depositing, taking a loan and withdrawing Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#110 opened Apr 29, 2024 by sherlock-admin2
4
0x73696d616f - LenderCommitmentGroup_Smart picks the wrong Uniswap price, allowing borrowing at a discount by swapping before withdrawing Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#109 opened Apr 29, 2024 by sherlock-admin4
3
0x3b - APRs are lower than they should Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#72 opened Apr 29, 2024 by sherlock-admin3
2
0x3b - Utilization math should include liquidityThresholdPercent Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#70 opened Apr 29, 2024 by sherlock-admin4
2
0x3b - Borrowers can surpass liquidityThresholdPercent and borrow to near 100% of the principal Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#68 opened Apr 29, 2024 by sherlock-admin2
14
0x73696d616f - LenderCommitmentGroup_Smart_test::addPrincipalToCommitmentGroup/burnSharesToWithdrawEarnings() are vulnerable to slippage attacks Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#64 opened Apr 29, 2024 by sherlock-admin4
3
0x73696d616f - Drained lender due to LenderCommitmentGroup_Smart::acceptFundsForAcceptBid() _collateralAmount by STANDARD_EXPANSION_FACTOR multiplication Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#58 opened Apr 29, 2024 by sherlock-admin4
3
DenTonylifer - Anyone can steal pool shares from lender group if no-revert-on-failure tokens are used Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#50 opened Apr 29, 2024 by sherlock-admin2
5
0x3b - liquidateDefaultedLoanWithIncentive sends the collateral to the wrong account Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#46 opened Apr 29, 2024 by sherlock-admin4
2
0x3b - Borrowers can brick the commitment group pool Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Disputed The sponsor disputed this issue's validity Won't Fix The sponsor confirmed this issue will not be fixed
#42 opened Apr 29, 2024 by sherlock-admin3
2
0x73696d616f - LenderCommitmentGroup_Smart does not use mulDiv when converting between token and share amounts, possibly leading to DoS or loss of funds Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#39 opened Apr 29, 2024 by sherlock-admin3
14
ProTip! Type g p on any issue or pull request to go back to the pull request listing page.