Skip to content

Issues: sherlock-audit/2024-11-superfluid-locking-contract-judging

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

82 Open 6 Closed
82 Open 6 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Albort - {actor} will {impact} {affected party}
#83 opened Nov 24, 2024 by sherlock-admin4
franfran20 - The Nonce Validity Check Can Lead To Lockers Losing Valid Units In A Program Pool
#82 opened Nov 24, 2024 by sherlock-admin3
sa9933 - Anyone can create program and update user units in eppProgrammer
#81 opened Nov 24, 2024 by sherlock-admin2
drlaravel - Timestamp Manipulation and Points Dilution in Superfluid Locking Contract
#80 opened Nov 24, 2024 by sherlock-admin4
Albort - The stake function allows users to reset the staking cooldown period by repeatedly calling it.
#79 opened Nov 24, 2024 by sherlock-admin3
franfran20 - Member Units Can Be Lost Due To Overwriting Nature Of UpdateUserUnits
#78 opened Nov 24, 2024 by sherlock-admin2
rzizah - Malicious User Could Use uint256.max Nonce to Prevent Any Modifications to the Locker Position
#77 opened Nov 24, 2024 by sherlock-admin4
rzizah - User Can Front-Run unlock Function by Calling lock and stake to Profit from Penalty Distribution
#76 opened Nov 24, 2024 by sherlock-admin3
rzizah - invariant is broken
#75 opened Nov 24, 2024 by sherlock-admin2
drlaravel - Precision Loss in Superfluid Locking Contract Causes Significant Token Loss for Users
#74 opened Nov 24, 2024 by sherlock-admin4
0xlookman - Signatures used in EPProgramManager.sol::updateUserUnits in vulnerability to cross chain signature replys.
#73 opened Nov 24, 2024 by sherlock-admin3
0rpse - FluidLocker can be blocked from connecting to a pool
#72 opened Nov 24, 2024 by sherlock-admin2
Albort - Incorrect Nonce Update Order
#71 opened Nov 24, 2024 by sherlock-admin4
drlaravel - Flow Rate Precision Loss Vulnerability Report
#70 opened Nov 24, 2024 by sherlock-admin3
franfran20 - Fontaine Creation Could Force Users To Only Unlock Tokens Through Instant Unlocks
#69 opened Nov 24, 2024 by sherlock-admin2
Albort - Nonce Handling is Not Strict, Potentially Leading to Replay Attacks and Denial-of-Service (DoS) Attacks
#68 opened Nov 24, 2024 by sherlock-admin4
franfran20 - A malicious user can prevent users from being able to create a locker.
#67 opened Nov 24, 2024 by sherlock-admin3
0rpse - valid signatures can be invalidated due to how nonce validation works
#66 opened Nov 24, 2024 by sherlock-admin2
merlinboii - FluidLocker::lock() allows unauthorized token locking, breaking distribution invariants when UNLOCK_AVAILABLE is false
#65 opened Nov 24, 2024 by sherlock-admin4
merlinboii - FluidLocker::_getUnlockingPercentage() cause incorrect unlock rate calculations for vesting unlock
#64 opened Nov 24, 2024 by sherlock-admin3
IzuMan - Signatures can be replayed resulting in cross chain attacks
#63 opened Nov 24, 2024 by sherlock-admin2
Drynooo - The signature portion of the EPProgramManager contract is expected to be compliant with EIP-1271, however it is not.
#62 opened Nov 24, 2024 by sherlock-admin4
Drynooo - As the parent contract of the upgradeable contract, EPProgramManager has state variables but does not set aside _gap. This can cause storage confusion in subsequent upgrades.
#61 opened Nov 24, 2024 by sherlock-admin3
bareli - wrong implement of _getUnlockingPercentage.
#60 opened Nov 24, 2024 by sherlock-admin2
Drynooo - The _calculateVestUnlockFlowRates function may overflow, causing the user to pay more penalties to unlock.
#59 opened Nov 24, 2024 by sherlock-admin4
ProTip! Add no:assignee to see everything that’s not assigned.