Trail of Bits
Audit Open Original ↗

Sherlock Protocol V2

Type

Security review

Client

Sherlock

Date

2021-12

Domain

Blockchain

Effort

4 wks

Section

Ethereum/EVM

Trail of Bits's security review of Sherlock (Dec 2021) identified 9 issues: 2 high, 2 medium, 2 low, 2 informational, and 1 undetermined.

Findings · 9

  1. 1 Solidity compiler optimizations can be problematic Undetermined
  2. 2 Certain functions lack zero address checks Medium
  3. 3 updateYieldStrategy could leave funds in the old strategy High
  4. 4 Pausing and unpausing the system may not be possible when removing or replacing connected contracts Low
  5. 5 SHER reward calculation uses confusing six-decimal SHER reward rate Informational
  6. 6 A claim cannot be paid out or escalated if the protocol agent changes after the claim has been initialized Medium
  7. 7 Missing input validation in setMinActiveBalance could cause a confusing event to be emitted Informational
  8. 8 payoutClaim’s calling of external contracts in a loop could cause a denial of service Low
  9. 9 pullReward could silently fail and cause stakers to lose all earned SHER rewards High

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related