The geometric pool reflects passive orders centered at the oracle price, independent of pool balances. Prices across levels are spaced by a fixed tick spacing and order sizes follow a geometric ratio of remaining inventory. The problem here is that asymmetric liquidity provision allows...

Alpha: This is one of these findings that comes up when you think about what happens if you call the same function multiple times with smaller amounts (applies to any kind of math, not just swaps). In this case it's more of a business logic issue than for example exploiting a rounding issue,...

Usually these findings are at most lows and and have 1000 dups, but this was not the case. Why? the truncation was hidden and you had to do the math to verify it is exploitable (gas fees can be bigger than the mistake). Alfa: next time you spot a rounding error, do the math. And also, languages...

Although this finding doesn't pay exceptionally well, there are 24 dups, but it contains a key information about Uniswap v4. The Uniswap v4 pool configuration, as opposed to v3, allows the creation of any number of pools with the same token pair, but the protocol was not aware of this. The pool...

This issue requires knowledge of Uniswap v4 hooks, each time a pool operation happens these hooks may be called depending on the hook's config. Here is a nice resource on these hooks. Find the image below showing just the hook before and after modifying liquidity. The pool's reward distribution...

This issue is a quite straightforward example of missing functionality that the protocol disregarding and is often a trivial finding, but also relates a bit to business logic so many people miss it. The SummerVestingWalletEscrow mints xSUMR (governance power) when the user stakes to them, and...

This issue is a bit complicated to explain standalone, so I will provide some of the required background. Essentially, the first thing to go over is the the Openzeppelin GovernorTimelockControl.sol, and how it interacts with the Timelock. As can be seen below, the governor contract calls the...

The Protocol Owner or Emergency Resolver cannot unilaterally invalidate an active market, which will cause a permanent lock of collateral for all market participants if the market outcome is impossible to determine (e.g., source API failure, question ambiguity, or real-world event cancellation)....

PositionTokens violates one of the MUST rules defined in EIP-1155. The rule states: However, in the current implementation, the URI is set to an empty string, violating this requirement. Alpha: on Sherlock, this doesn't always apply, and may be low. Read the readme to make sure, just like in...

When matching an order using swapping (either by matching two users or matching a user versus a market maker), a trade fee is charged. This fee is taken from the collateral amount traded. We show that, for the same desired outcome, there are two trade paths leading to them, where fee structure...