Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

Issues: sherlock-audit/2023-02-blueberry-judging

28 Open 339 Closed
28 Open 339 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

berndartmueller - The maximum size of an ICHI vault spell position can be arbitrarily surpassed Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#327 opened Mar 1, 2023 by github-actions bot
berndartmueller - Too few ICHI v2 farming reward tokens transferred to the user due to incorrect decimal precision Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#319 opened Mar 1, 2023 by github-actions bot
Jeiwan - Liquidations are enabled when repayments are disabled, causing borrowers to lose funds without a chance to repay Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#290 opened Mar 1, 2023 by github-actions bot
tives - IchiLpOracle returns inflated price due to invalid calculation Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#254 opened Mar 1, 2023 by github-actions bot
1
Robert - Deposit Theft by Crashing LP Spot Prices Through MEV Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#220 opened Mar 1, 2023 by github-actions bot
4
rbserver - BlueBerryBank.withdrawLend function cannot be paused Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#204 opened Mar 1, 2023 by github-actions bot
obront - If a token's oracle goes down or price falls to zero, liquidations will be frozen Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#161 opened Mar 1, 2023 by github-actions bot
obront - Users who deposit extra funds into their Ichi farming positions will lose all their ICHI rewards Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#158 opened Mar 1, 2023 by github-actions bot
obront - totalLend isn't updated on liquidation, leading to permanently inflated value Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#155 opened Mar 1, 2023 by github-actions bot
obront - Complete debt size is not paid off for fee on transfer tokens, but users aren't warned Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
#153 opened Mar 1, 2023 by github-actions bot
obront - LP tokens cannot be valued because ICHI cannot be priced by oracle, causing all new open positions to revert Escalation Resolved This issue's escalations have been approved/rejected Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Disputed The sponsor disputed this issue's validity Won't Fix The sponsor confirmed this issue will not be fixed
#152 opened Mar 1, 2023 by github-actions bot
6
obront - LP tokens are not sent back to withdrawing user Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#151 opened Mar 1, 2023 by github-actions bot
1
obront - HardVault never deposits assets to Compound Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#147 opened Mar 1, 2023 by github-actions bot
cducrest-brainbot - Fail to accrue interests on multiple token positions Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#140 opened Mar 1, 2023 by github-actions bot
obront - Withdrawals from IchiVaultSpell have no slippage protection so can be frontrun, stealing all user funds Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#130 opened Mar 1, 2023 by github-actions bot
obront - Users can get around MaxLTV because of lack of strategyId validation Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#129 opened Mar 1, 2023 by github-actions bot
obront - Liquidator can take all collateral and underlying tokens for a fraction of the correct price Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#127 opened Mar 1, 2023 by github-actions bot
obront - Users can be liquidated prematurely because calculation understates value of underlying position High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#126 opened Mar 1, 2023 by github-actions bot
0Kage - Interest component of underlying amount is not withdrawable using the withdrawLend function. Such amount is permanently locked in the BlueBerryBank contract Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#109 opened Mar 1, 2023 by github-actions bot
SPYBOY - Chainlink's latestRoundData return stale or incorrect result Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#94 opened Mar 1, 2023 by github-actions bot
rvierdiiev - BasicSpell.doCutRewardsFee uses depositFee instead of withdraw fee Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#82 opened Mar 1, 2023 by github-actions bot
chaduke - A borrower might drain the vault by calling borrow() repeatedly with small borrow amount each time. Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#45 opened Mar 1, 2023 by github-actions bot
0x52 - BlueBerryBank#withdrawLend will cause underlying token accounting error if soft/hard vault has withdraw fee Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#33 opened Mar 1, 2023 by github-actions bot
koxuan - onlyEOAEx modifier that ensures call is from EOA might not hold true in the future Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#21 opened Mar 1, 2023 by github-actions bot
0x52 - IchiLpOracle is extemely easy to manipulate due to how IchiVault calculates underlying token balances Has Duplicates A valid issue with 1+ other issues describing the same vulnerability High A valid High severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
#20 opened Mar 1, 2023 by github-actions bot
ProTip! What’s not been updated in a month: updated:<2024-10-11.