issues
search
code-423n4
/
2024-03-ondo-finance-findings
5
stars
6
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
multiexcall on empty array can result in loss of funds
#296
c4-bot-5
closed
6 months ago
4
Bad smart contract could cause whole transaction to revert
#295
c4-bot-10
closed
6 months ago
3
QA Report
#294
c4-bot-9
opened
6 months ago
2
The Protocol will doesn't work as whole, because `USDC` and `BUIDL` token implementations doesn't inherit `IERC20Metadata` interface.
#293
c4-bot-5
closed
6 months ago
3
The oracle price fetch in `ROUSG::getOUSGPrice()` lacks sanity / validity checks
#292
c4-bot-1
closed
6 months ago
4
Unlimited Wrapping of OUSG
#291
c4-bot-6
closed
6 months ago
3
No slippage control in `mint` and `mintRebasingOUSG` function !
#290
c4-bot-4
opened
6 months ago
7
OUSGInstantManager.sol incorrectly assumes value of USDC is always $1 f
#289
c4-bot-1
closed
6 months ago
2
`ROUSG` Contract's `getOUSGPrice` Lacks Protection Against Erroneous Oracle Data
#288
c4-bot-10
closed
6 months ago
4
QA Report
#287
c4-bot-8
opened
6 months ago
2
QA Report
#286
c4-bot-2
closed
6 months ago
1
QA Report
#285
c4-bot-2
opened
6 months ago
2
users will loose their deposited USDC when redeeming due to rounding issues
#284
c4-bot-7
opened
6 months ago
4
QA Report
#283
c4-bot-7
closed
6 months ago
5
Oracle feed can become obsolete due to lack of checks when using `Oracle feeds.`
#282
c4-bot-7
closed
6 months ago
7
QA Report
#281
c4-bot-7
closed
6 months ago
2
Approval race condition vulnerability in `rOUSG` token implementation
#280
c4-bot-7
closed
6 months ago
3
QA Report
#279
c4-bot-5
opened
6 months ago
8
`OUSGInstantManager` will allow Excessive OUSG Token Minting During USDC Depeg Event
#278
c4-bot-3
opened
6 months ago
11
Malicious investors can use redemptions to convert mostly all of Ondo's BUIDL tokens to USDC sitting in the `OUSGInstantManager` contract.
#277
c4-bot-2
closed
6 months ago
2
Users are able to pay no fees for both minting and redeeming
#276
c4-bot-2
opened
6 months ago
8
redeemPaused and mintPaused could be out of sync causing users to be able to mint tokens but not be able to redeem them afterwards
#275
c4-bot-3
closed
6 months ago
3
Incompatibility with Account Abstraction Wallets Due to USDC Fee Deduction
#274
c4-bot-1
closed
6 months ago
3
An upgrade in the USDC contract renders the whole ousgInstantManager contract unusable
#273
c4-bot-4
closed
6 months ago
5
"minimumRedemptionAmount" and "minimumDepositAmount" can be set low.
#272
c4-bot-3
closed
6 months ago
3
Frontrunning the fee setter functions allows for users to pay less fees
#271
c4-bot-4
closed
6 months ago
6
Redemption Limitation Issue in ousgInstantManager.sol that Could Lead to Investors' OUSG Stuck in the Contract
#270
c4-bot-3
closed
6 months ago
5
QA Report
#269
c4-bot-2
closed
6 months ago
3
`OUSGInstantManager::mintRebasingOUSG()` lacks slippage protection
#268
c4-bot-9
opened
6 months ago
7
Balance check in `_redeemBUIDL()` can cause `redeem()` to fail
#267
c4-bot-10
closed
6 months ago
7
Malicious KYC’d Users can Front-run Wrap/Unwrap Transactions in Their Favour
#266
c4-bot-10
closed
6 months ago
8
Function `rOUSG.burn` cannot burn tokens from sanctioned addresses.
#265
c4-bot-1
closed
6 months ago
2
Early investors can frontrun the setFee function to mint without fees
#264
c4-bot-2
closed
6 months ago
3
mint/redeem limit can't be reached when the unminted/unredeemed tokens < minimumDepositAmount/minimumRedemptionAmount
#263
c4-bot-5
closed
6 months ago
6
OUSGInstantManager.sol incorrectly assumes 18 decimal from oracle
#262
c4-bot-5
closed
6 months ago
4
Lack of Sanity Check at `rOUSG::getOUSGPrice` in Case of Oracle Malfunction
#261
c4-bot-3
closed
6 months ago
4
The `mutiexcall` let the arbitrary external call to load a huge data in memory.
#260
c4-bot-3
closed
6 months ago
4
In function mintRebasingOUSG()::approve can be exploited by once approval granted. [ FILE NAME : ousgInstantManager.sol ]
#259
c4-bot-4
closed
6 months ago
4
In function mintRebasingOUSG()::transfer() false returns are not able to be handled by this function.
#258
c4-bot-10
closed
6 months ago
2
`OUSGInstantManager::mint()` lacks slippage protection
#257
c4-bot-4
closed
6 months ago
7
Incorrect Balance Check for BUIDL Redemptions Will Lead to Reverts and Partial Redemption Fulfillments
#256
c4-bot-1
closed
6 months ago
7
Reentrancy Vulnerability in multiexcall Function Due to Lack of Target Whitelisting
#255
c4-bot-7
closed
6 months ago
3
An arbitrary external call can gas grief the admin.
#254
c4-bot-7
closed
6 months ago
2
QA Report
#253
c4-bot-5
closed
6 months ago
2
QA Report
#252
c4-bot-5
closed
6 months ago
1
getOUSGPrice() functions don't care about price timestamp and are vulnerable to oracle malfunctions
#251
c4-bot-4
closed
6 months ago
6
OUSG Price slippage is not taken into account on mint/redeem
#250
c4-bot-1
opened
6 months ago
10
QA Report
#249
c4-bot-1
closed
6 months ago
1
transferFrom uses allowance even if _sender == _recipient
#248
c4-bot-10
closed
6 months ago
4
Incorrect Decimals Comparison in constructor
#247
c4-bot-9
closed
6 months ago
3
Previous
Next