cancelVouch doesn't update the voucher index of the last vouch …
2nd place to Union Finance V2 Sherlock's contest: cancelVouch doesn't update the voucher index of the last vouch of a borrower properly
Auditor
Smart Contract Engineer
Security Engineer
Solidity
A malicious early user/attacker can manipulate the pxGmx's pric…
Redacted Cartel code4rena's contest: A malicious early user/attacker can manipulate the pxGmx's pricePerShare to take an unfair share of future user's deposits
Auditor
Smart Contract Engineer
Security Engineer
Solidity
UserManager.updateFrozenInfo cannot be called from UToken
Union Finance V2 Sherlock's contest: UserManager.updateFrozenInfo cannot be called from UToken
Auditor
Smart Contract Engineer
Security Engineer
Solidity
Funders can deny rewards to last claimants by calling refundDep…
OpenQ Sherlock's contest: Funders can deny rewards to last claimants by calling refundDeposit between tiers claims
Auditor
Smart Contract Engineer
Security Engineer
Solidity
refundDeposit function can be DoS by an unbounded loop in getLo…
OpenQ Sherlock's contest: refundDeposit function can be DoS by an unbounded loop in getLockedFunds
Auditor
Smart Contract Engineer
Security Engineer
Solidity
The auction can be started by anyone calling settle before star…
Fair Funding (Vyper) Sherlock's contest: The auction can be started by anyone calling settle before start_auction is called by the owner
Auditor
Smart Contract Engineer
Security Engineer
Solidity