-
Notifications
You must be signed in to change notification settings - Fork 0
Issues: sherlock-audit/2024-12-mach-finance-judging
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
Quiet Cerulean Anteater - Lack of Sanity Check on Price Feed IDs in Constructor
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#58
opened Dec 21, 2024 by
sherlock-admin2
Magic Foggy Oyster - The sponsor acknowledged this issue is valid
Won't Fix
The sponsor confirmed this issue will not be fixed
PriceOracleAggregator.getUnderlyingPrice() : allows consuming different prices for the same asset in the same block
Sponsor Confirmed
#57
opened Dec 21, 2024 by
sherlock-admin4
Magic Foggy Oyster - The sponsor acknowledged this issue is valid
Won't Fix
The sponsor confirmed this issue will not be fixed
PythOracle.getPrice() : incorrect handling of price decimals results in returning an deflated asset price
Sponsor Confirmed
#56
opened Dec 21, 2024 by
sherlock-admin3
Mean Ivory Elephant - No initialize modifier in 'initialize'
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Won't Fix
The sponsor confirmed this issue will not be fixed
#55
opened Dec 21, 2024 by
sherlock-admin2
Wonderful Chartreuse Cat - The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
borrowRateMaxMantissa was not adjusted after switching from block.number to block.timestamp.
Sponsor Confirmed
#54
opened Dec 21, 2024 by
sherlock-admin4
Wonderful Chartreuse Cat - Unsafe casting in the PythOracle.
#52
opened Dec 21, 2024 by
sherlock-admin2
Wonderful Chartreuse Cat - PythOracle does not verify the confidence interval.
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Won't Fix
The sponsor confirmed this issue will not be fixed
#51
opened Dec 21, 2024 by
sherlock-admin4
Boxy Gingham Condor - Lack of Reserved Storage Slots for Future Upgrades
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Won't Fix
The sponsor confirmed this issue will not be fixed
#50
opened Dec 21, 2024 by
sherlock-admin3
Little Olive Yeti - Pyth
expo value is not handled correctly.
#49
opened Dec 21, 2024 by
sherlock-admin2
Boxy Gingham Condor - Missing Staleness Check in The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
_getLatestPrice
Sponsor Confirmed
#48
opened Dec 21, 2024 by
sherlock-admin4
Little Olive Yeti - Empty market deposits can be stolen by inflation attack
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Won't Fix
The sponsor confirmed this issue will not be fixed
#47
opened Dec 21, 2024 by
sherlock-admin3
Lively Glossy Goat - Attacker will redeem tokens at stale prices
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#46
opened Dec 21, 2024 by
sherlock-admin2
Little Olive Yeti - Protocol miscounts the supply cap of cSonic
#45
opened Dec 21, 2024 by
sherlock-admin4
Shaggy Lava Mustang - Market may not increase total reserves during times of high volume/frequent transactions
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Won't Fix
The sponsor confirmed this issue will not be fixed
#44
opened Dec 21, 2024 by
sherlock-admin3
Acidic Eggshell Parrot - Integer Overflow Vulnerability in mintInternal with uint256 Arithmetic
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Won't Fix
The sponsor confirmed this issue will not be fixed
#43
opened Dec 21, 2024 by
sherlock-admin2
Wonderful Chartreuse Cat - Missing staleness check in API3Oracle can lead to using prices from expired sponsored price feeds.
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#42
opened Dec 21, 2024 by
sherlock-admin4
Wonderful Chartreuse Cat - Missing staleness check in PythOracle can lead to forced liquidations and theft of funds from borrowers.
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#41
opened Dec 21, 2024 by
sherlock-admin3
Mean Ivory Elephant - No nonReentrant modifier in _setInterestRateModel
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Won't Fix
The sponsor confirmed this issue will not be fixed
#40
opened Dec 21, 2024 by
sherlock-admin2
Big Obsidian Crab - Missing Timestamp Validation for Pyth Oracle Price Feeds Leading to Stale Data Use
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#39
opened Dec 21, 2024 by
sherlock-admin4
Shaggy Lava Mustang - The project does not support price updating for Pyth Oracle
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Won't Fix
The sponsor confirmed this issue will not be fixed
#38
opened Dec 21, 2024 by
sherlock-admin3
Big Obsidian Crab - Absence of Timestamp Validation in Oracle Price Fetching From API3 Oracle
#37
opened Dec 21, 2024 by
sherlock-admin2
Early Carob Barbel - PythOracle may return expired prices
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
#36
opened Dec 21, 2024 by
sherlock-admin4
Early Carob Barbel -
API3Oracle may return expired prices
#35
opened Dec 21, 2024 by
sherlock-admin3
Shaggy Lava Mustang - Confidence intervals of Pyth Oracle prices are ignored
#34
opened Dec 21, 2024 by
sherlock-admin2
Previous Next
ProTip!
Find all open issues with in progress development work with linked:pr.