Skip to content
This repository has been archived by the owner on Feb 18, 2024. It is now read-only.

Issues: sherlock-audit/2023-07-perennial-judging

23 Open 159 Closed
23 Open 159 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

[External Audit] Reentrancy in MultiInvoker due to calls to unauthenticated contracts Low/Info A valid Low/Informational severity issue Non-Reward This issue will not receive a payout Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#182 opened Aug 23, 2023 by arjun-io
4
[Perennial Self Report] MultiInvoker doesn't handle collateral magic value Low/Info A valid Low/Informational severity issue Non-Reward This issue will not receive a payout Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#181 opened Aug 23, 2023 by arjun-io
3
[Perennial Self Report] Incorrect funding between makers and minors during socialization Low/Info A valid Low/Informational severity issue Non-Reward This issue will not receive a payout Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#180 opened Aug 18, 2023 by arjun-io
3
[Perennial Self Report] Invalid parameter limits could lead to core accounting logic bugs Low/Info A valid Low/Informational severity issue Non-Reward This issue will not receive a payout Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#179 opened Aug 18, 2023 by arjun-io
3
[Perennial Self Report] Incorrect fee calculation in closed markets Low/Info A valid Low/Informational severity issue Non-Reward This issue will not receive a payout Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#178 opened Aug 18, 2023 by arjun-io
3
[Perennial Self Report] Fix non-requested commits after oracle grace period Medium A valid Medium severity issue Non-Reward This issue will not receive a payout Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#177 opened Aug 18, 2023 by arjun-io
4
[Perennial Self Report] Initial Provider can't sync without any versions Low/Info A valid Low/Informational severity issue Non-Reward This issue will not receive a payout Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#176 opened Aug 18, 2023 by arjun-io
3
0x73696d616f - Drained oracle fees from market by depositing and withdrawing immediately without triggering settlement fees Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#153 opened Aug 15, 2023 by sherlock-admin
1
11
WATCHPUG - OracleVersion latestVersion of Oracle.status() may go backwards when updating to a new oracle provider and result in wrong settlement in _processPositionLocal(). Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#145 opened Aug 15, 2023 by sherlock-admin
9
WATCHPUG - _accumulateFunding() maker will get the wrong amount of funding fee. Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#139 opened Aug 15, 2023 by sherlock-admin
4
bin2chen - update() wrong privilege control Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#121 opened Aug 15, 2023 by sherlock-admin
3
panprog - It is possible to open and liquidate your own position in 1 transaction to overcome efficiency and liquidity removal limits at almost no cost Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#104 opened Aug 15, 2023 by sherlock-admin
1
4
n33k - Market: DoS when stuffed with pending protected positions Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#94 opened Aug 15, 2023 by sherlock-admin
14
KingNFT - Keepers will suffer significant losses due to miss compensation for L1 rollup fees Escalation Resolved This issue's escalations have been approved/rejected High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#91 opened Aug 15, 2023 by sherlock-admin
26
panprog - Bad debt (shortfall) liquidation leaves liquidated user in a negative collateral balance which can cause bank run and loss of funds for the last users to withdraw Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#72 opened Aug 15, 2023 by sherlock-admin
3
Emmanuel - Vault.sol: settleing the 0 address will disrupt accounting Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#62 opened Aug 15, 2023 by sherlock-admin
4
Emmanuel - PythOracle:if price.expo is less than 0, wrong prices will be recorded Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#56 opened Aug 15, 2023 by sherlock-admin
4
Emmanuel - Protocol fee from Market.sol is locked Escalation Resolved This issue's escalations have been approved/rejected Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#52 opened Aug 15, 2023 by sherlock-admin
10
panprog - Invalid oracle versions can cause desync of global and local positions making protocol lose funds and being unable to pay back all users Escalation Resolved This issue's escalations have been approved/rejected High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#49 opened Aug 15, 2023 by sherlock-admin
28
panprog - During oracle provider switch, if it is impossible to commit the last request of previous provider, then the oracle will get stuck (no price updates) without any possibility to fix it Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#46 opened Aug 15, 2023 by sherlock-admin
4
panprog - PythOracle commit() function doesn't require (nor stores) pyth price publish timestamp to be after the previous commit's publish timestamp, which makes it possible to manipulate price to unfairly liquidate users and possible stealing protocol funds Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#44 opened Aug 15, 2023 by sherlock-admin
18
panprog - Oracle request timestamp and pending position timestamp mismatch can make most position updates invalid Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#42 opened Aug 15, 2023 by sherlock-admin
4
Vagner - _unwrap in MultiInvoker.sol can revert every time in some cases which will make the users not being able to _liquidate or _withdraw with warp to true Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#22 opened Aug 15, 2023 by sherlock-admin
11
ProTip! Mix and match filters to narrow down what you’re looking for.