code-423n4 2024-03-ondo-finance-findings issues

code-423n4 / 2024-03-ondo-finance-findings

5 stars 6 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

multiexcall on empty array can result in loss of funds

#296 c4-bot-5 closed 6 months ago
4
Bad smart contract could cause whole transaction to revert

#295 c4-bot-10 closed 6 months ago
3
QA Report

#294 c4-bot-9 opened 6 months ago
2
The Protocol will doesn't work as whole, because `USDC` and `BUIDL` token implementations doesn't inherit `IERC20Metadata` interface.

#293 c4-bot-5 closed 6 months ago
3
The oracle price fetch in `ROUSG::getOUSGPrice()` lacks sanity / validity checks

#292 c4-bot-1 closed 6 months ago
4
Unlimited Wrapping of OUSG

#291 c4-bot-6 closed 6 months ago
3
No slippage control in `mint` and `mintRebasingOUSG` function !

#290 c4-bot-4 opened 6 months ago
7
OUSGInstantManager.sol incorrectly assumes value of USDC is always $1 f

#289 c4-bot-1 closed 6 months ago
2
`ROUSG` Contract's `getOUSGPrice` Lacks Protection Against Erroneous Oracle Data

#288 c4-bot-10 closed 6 months ago
4
QA Report

#287 c4-bot-8 opened 6 months ago
2
QA Report

#286 c4-bot-2 closed 6 months ago
1
QA Report

#285 c4-bot-2 opened 6 months ago
2
users will loose their deposited USDC when redeeming due to rounding issues

#284 c4-bot-7 opened 6 months ago
4
QA Report

#283 c4-bot-7 closed 6 months ago
5
Oracle feed can become obsolete due to lack of checks when using `Oracle feeds.`

#282 c4-bot-7 closed 6 months ago
7
QA Report

#281 c4-bot-7 closed 6 months ago
2
Approval race condition vulnerability in `rOUSG` token implementation

#280 c4-bot-7 closed 6 months ago
3
QA Report

#279 c4-bot-5 opened 6 months ago
8
`OUSGInstantManager` will allow Excessive OUSG Token Minting During USDC Depeg Event

#278 c4-bot-3 opened 6 months ago
11
Malicious investors can use redemptions to convert mostly all of Ondo's BUIDL tokens to USDC sitting in the `OUSGInstantManager` contract.

#277 c4-bot-2 closed 6 months ago
2
Users are able to pay no fees for both minting and redeeming

#276 c4-bot-2 opened 6 months ago
8
redeemPaused and mintPaused could be out of sync causing users to be able to mint tokens but not be able to redeem them afterwards

#275 c4-bot-3 closed 6 months ago
3
Incompatibility with Account Abstraction Wallets Due to USDC Fee Deduction

#274 c4-bot-1 closed 6 months ago
3
An upgrade in the USDC contract renders the whole ousgInstantManager contract unusable

#273 c4-bot-4 closed 6 months ago
5
"minimumRedemptionAmount" and "minimumDepositAmount" can be set low.

#272 c4-bot-3 closed 6 months ago
3
Frontrunning the fee setter functions allows for users to pay less fees

#271 c4-bot-4 closed 6 months ago
6
Redemption Limitation Issue in ousgInstantManager.sol that Could Lead to Investors' OUSG Stuck in the Contract

#270 c4-bot-3 closed 6 months ago
5
QA Report

#269 c4-bot-2 closed 6 months ago
3
`OUSGInstantManager::mintRebasingOUSG()` lacks slippage protection

#268 c4-bot-9 opened 6 months ago
7
Balance check in `_redeemBUIDL()` can cause `redeem()` to fail

#267 c4-bot-10 closed 6 months ago
7
Malicious KYC’d Users can Front-run Wrap/Unwrap Transactions in Their Favour

#266 c4-bot-10 closed 6 months ago
8
Function `rOUSG.burn` cannot burn tokens from sanctioned addresses.

#265 c4-bot-1 closed 6 months ago
2
Early investors can frontrun the setFee function to mint without fees

#264 c4-bot-2 closed 6 months ago
3
mint/redeem limit can't be reached when the unminted/unredeemed tokens < minimumDepositAmount/minimumRedemptionAmount

#263 c4-bot-5 closed 6 months ago
6
OUSGInstantManager.sol incorrectly assumes 18 decimal from oracle

#262 c4-bot-5 closed 6 months ago
4
Lack of Sanity Check at `rOUSG::getOUSGPrice` in Case of Oracle Malfunction

#261 c4-bot-3 closed 6 months ago
4
The `mutiexcall` let the arbitrary external call to load a huge data in memory.

#260 c4-bot-3 closed 6 months ago
4
In function mintRebasingOUSG()::approve can be exploited by once approval granted. [ FILE NAME : ousgInstantManager.sol ]

#259 c4-bot-4 closed 6 months ago
4
In function mintRebasingOUSG()::transfer() false returns are not able to be handled by this function.

#258 c4-bot-10 closed 6 months ago
2
`OUSGInstantManager::mint()` lacks slippage protection

#257 c4-bot-4 closed 6 months ago
7
Incorrect Balance Check for BUIDL Redemptions Will Lead to Reverts and Partial Redemption Fulfillments

#256 c4-bot-1 closed 6 months ago
7
Reentrancy Vulnerability in multiexcall Function Due to Lack of Target Whitelisting

#255 c4-bot-7 closed 6 months ago
3
An arbitrary external call can gas grief the admin.

#254 c4-bot-7 closed 6 months ago
2
QA Report

#253 c4-bot-5 closed 6 months ago
2
QA Report

#252 c4-bot-5 closed 6 months ago
1
getOUSGPrice() functions don't care about price timestamp and are vulnerable to oracle malfunctions

#251 c4-bot-4 closed 6 months ago
6
OUSG Price slippage is not taken into account on mint/redeem

#250 c4-bot-1 opened 6 months ago
10
QA Report

#249 c4-bot-1 closed 6 months ago
1
transferFrom uses allowance even if _sender == _recipient

#248 c4-bot-10 closed 6 months ago
4
Incorrect Decimals Comparison in constructor

#247 c4-bot-9 closed 6 months ago
3

Previous Next