code-423n4 2024-03-ondo-finance-findings issues

code-423n4 / 2024-03-ondo-finance-findings

4 stars 5 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> 2 from #279 [1712826884962]

#347 c4-judge closed 2 months ago
2
Upgraded Q -> 3 from #294 [1712734349540]

#345 c4-judge closed 3 months ago
5
Upgraded Q -> 2 from #162 [1712733003220]

#344 c4-judge closed 3 months ago
4
Upgraded Q -> 2 from #279 [1712732625766]

#343 c4-judge opened 3 months ago
3
Upgraded Q -> 2 from #307 [1712677172484]

#342 c4-judge closed 3 months ago
4
Upgraded Q -> 3 from #328 [1712676676155]

#341 c4-judge closed 3 months ago
5
Contract logic for instant redemptions is not functioning as expected due to Redemption Limit Exceedance in OUSGInstantManager Contract.

#340 c4-bot-7 closed 3 months ago
4
Analysis

#339 c4-bot-9 closed 3 months ago
3
Oracle sanity check incorrectly uses > instead of >=

#338 c4-bot-4 closed 2 months ago
6
No oracle sanity check in ROUSG getOUSGPrice function

#337 c4-bot-2 closed 3 months ago
5
Fee on Transfer

#336 c4-bot-8 closed 3 months ago
3
No oracle staleness checks

#335 c4-bot-8 closed 3 months ago
4
QA Report

#334 c4-bot-8 closed 3 months ago
2
QA Report

#333 c4-bot-6 opened 3 months ago
2
Missing Checks during Rates/Emission Setting

#332 c4-bot-5 opened 3 months ago
3
Errors can occur when users redeem their assets.

#331 c4-bot-4 closed 3 months ago
3
Stuck `OUSG` tokens at `rOUSG` contract due to rounding down operations

#330 c4-bot-4 closed 3 months ago
3
It is not possible to burn the tokens of a user who was removed from KYC registry.

#329 c4-bot-6 closed 3 months ago
2
QA Report

#328 c4-bot-1 closed 3 months ago
4
Intended interaction with a contract will fail, leading to potential loss of funds

#327 c4-bot-1 closed 3 months ago
4
QA Report

#326 c4-bot-10 closed 3 months ago
2
msg.sender get approval of token when it is being transferred from _sender to _recipient

#325 c4-bot-8 closed 3 months ago
3
QA Report

#324 c4-bot-4 closed 3 months ago
3
QA Report

#323 c4-bot-4 opened 3 months ago
3
QA Report

#322 c4-bot-6 closed 3 months ago
2
QA Report

#321 c4-bot-8 closed 3 months ago
1
`Users` cannot redeem their shares if either `unwrap` or `burnShares` is paused

#320 c4-bot-3 closed 3 months ago
3
QA Report

#319 c4-bot-7 opened 3 months ago
7
Users can increase their balances by transfering shares

#318 c4-bot-7 closed 3 months ago
3
Partial Pausing of either mint or redeem can lead to arbitrage opportunities for users

#317 c4-bot-5 closed 3 months ago
10
No slippage protection in `_mintRebasingOUSG`

#316 c4-bot-10 opened 3 months ago
7
QA Report

#315 c4-bot-1 closed 3 months ago
1
Admin can’t burn tokens from either revoked KYC addresses or KYC addresses added to sanction list due to a check in _beforeTokenTransfer

#314 c4-bot-5 closed 3 months ago
2
Gas Optimizations

#313 c4-bot-4 closed 3 months ago
1
Potential Reduction in Instant Minting and Redemption Limits due to Fee Incorporation

#312 c4-bot-7 opened 3 months ago
3
DoS of most function if oracle returns too low price

#311 c4-bot-3 closed 3 months ago
3
QA Report

#310 c4-bot-3 closed 3 months ago
2
Integration issue in ousgInstantManager with BUILD if minUSTokens is set by blackrock.

#309 c4-bot-10 opened 3 months ago
24
The oracle price fetch in `OUSGInstantManager::getOUSGPrice()` does not have sanity check if the price is unexpectedly high

#308 c4-bot-1 closed 3 months ago
5
QA Report

#307 c4-bot-1 opened 3 months ago
4
Inadequate Handling of BUIDL Redemption Limit in OUSG Instant Manager

#306 c4-bot-6 opened 3 months ago
20
BURNER has permission to burn any amount from any account.

#305 c4-bot-2 closed 3 months ago
2
QA Report

#304 c4-bot-4 closed 3 months ago
2
QA Report

#303 c4-bot-7 closed 3 months ago
2
Missing Declaration of Return Value from rousg.transferFrom

#302 c4-bot-7 closed 3 months ago
2
QA Report

#301 c4-bot-2 opened 3 months ago
2
Rate limit will be updated every transaction instead of every block

#300 c4-bot-2 closed 2 months ago
12
absence of Validation of Fee Receiver Address Leading to Loss of Funds

#299 c4-bot-6 closed 3 months ago
5
QA Report

#298 c4-bot-10 closed 3 months ago
2
The contract assumes that the price of USDC is always $1.00 which will be a problem if the price depegs

#297 c4-bot-8 closed 3 months ago
9