issues
search
sherlock-audit
/
2023-01-uxd-judging
3
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
berndartmueller - Inaccurate Perp debt calculation
#346
github-actions[bot]
opened
1 year ago
2
berndartmueller - Fee accounting for Perp positions is incorrect
#345
github-actions[bot]
closed
1 year ago
0
berndartmueller - Tokens not compliant with ERC-20 will cause transfers and approvals to revert unexpectedly
#344
github-actions[bot]
closed
1 year ago
0
berndartmueller - Calculating the Perp short position value uses a potentially unsafe TWAP interval
#343
github-actions[bot]
closed
1 year ago
0
berndartmueller - ERC-20 tokens with different decimals than 18 break the protocol
#342
github-actions[bot]
closed
1 year ago
2
berndartmueller - Anyone can use the token spending allowance from another address to rebalance negative Perp PnL
#341
github-actions[bot]
closed
1 year ago
0
berndartmueller - Rebalancing a negative Perp PnL will fail to deposit to the vault due to decimal precision inconsistencies
#340
github-actions[bot]
closed
1 year ago
0
berndartmueller - Rebalancing a negative Perp PnL via a Uniswap V3 token swap is broken due to the lack of token spending allowance
#339
github-actions[bot]
opened
1 year ago
2
berndartmueller - Redeeming all UXD tokens is not possible if some have been minted via Perp quote minting
#338
github-actions[bot]
opened
1 year ago
6
imare - optimism funds are at greater risk because depository has the ability to change controller address
#337
github-actions[bot]
closed
1 year ago
2
JohnnyTime - Commented code in `PerpDepository.sol`
#336
github-actions[bot]
closed
1 year ago
0
BubblyOrca - UXDRouter.sol, Line 68-73
#335
github-actions[bot]
closed
1 year ago
0
JohnnyTime - Missing event for critical onlyOwner Functions
#334
github-actions[bot]
closed
1 year ago
0
HonorLt - Permissionless receive ETH
#333
github-actions[bot]
closed
1 year ago
0
Mukund - Unsafe ERC20 methods
#332
github-actions[bot]
closed
1 year ago
0
HonorLt - Rebalance with any account
#331
github-actions[bot]
closed
1 year ago
0
Mukund - Unbound loop enables denial of service
#330
github-actions[bot]
closed
1 year ago
0
Bahurum - UXD is pegged to USDC, not to USD
#329
github-actions[bot]
closed
1 year ago
3
Bahurum - `quoteAmount` with incorrect number of decimals passed to `vault.deposit()` in `PerpDepository._rebalanceNegativePnlWithSwap()`
#328
github-actions[bot]
closed
1 year ago
0
Mukund - Unused/empty `receive()` function
#327
github-actions[bot]
closed
1 year ago
0
Bahurum - Missing approval of `quoteToken` to `vault` in `PerpDepository._rebalanceNegativePnlWithSwap()`
#326
github-actions[bot]
closed
1 year ago
0
Bahurum - Missing approval of `assetToken` to `spotSwapper` in `PerpDepository._rebalanceNegativePnlWithSwap()`
#325
github-actions[bot]
closed
1 year ago
0
Bahurum - `PerpDepository` not compatible with `assetToken` with decimals different from 18
#324
github-actions[bot]
closed
1 year ago
0
HonorLt - TWAP value is not reliable
#323
github-actions[bot]
closed
1 year ago
0
Bahurum - Funds can be stolen if non-reverting ERC20 `quoteToken` is used
#322
github-actions[bot]
closed
1 year ago
0
Bahurum - Missing check on `account` in `PerpDepository.rebalanceLite()`
#321
github-actions[bot]
closed
1 year ago
0
Bahurum - Missing check on `account` in `PerpDepository.rebalance()`
#320
github-actions[bot]
closed
1 year ago
0
HonorLt - Transfer return values
#319
github-actions[bot]
closed
1 year ago
0
neumo - Protocol assumes UXD is pegged to USDC
#318
github-actions[bot]
closed
1 year ago
2
kaysoft - Lack of 2 Step Ownership change for the `transferOwnership` function
#317
github-actions[bot]
closed
1 year ago
0
DecorativePineapple - An attacker can frontrun the call to the `rebalanceLite` function and steal the amount to be rebalanced by sandwiching the long position that is opened
#316
github-actions[bot]
closed
1 year ago
0
DecorativePineapple - The periodSize of the oracle is very low allowing the TWAP price to be easily manipulated
#315
github-actions[bot]
closed
1 year ago
0
duc - Inconsistent decimals of the param `amount` of function `_placePerpOrder` in contract `PerpDepository`
#314
github-actions[bot]
closed
1 year ago
0
0xmuxyz - A `storage` pointer is used instead of a `memory` pointer despite there is no state change
#313
github-actions[bot]
closed
1 year ago
0
DecorativePineapple - No slippage protection when opening short or long position
#312
github-actions[bot]
closed
1 year ago
2
ck - The protocol lacks contract/function pause safeguards
#311
github-actions[bot]
closed
1 year ago
0
ck - `UXDRouter::unregisterDepository` does not implement critical safeguards
#310
github-actions[bot]
closed
1 year ago
0
hl_ - Users unable to withdraw asset if asset is removed
#309
github-actions[bot]
closed
1 year ago
0
hl_ - getDebtValue function not used
#308
github-actions[bot]
closed
1 year ago
0
hl_ - Users able to deposit, but unable to redeem quoteToken
#307
github-actions[bot]
closed
1 year ago
0
chiranz - Anyone can call `PerpDepository.sol#rebalance()` on behalf of account that has pre-approved the contract by passing bad swap paramaters.
#306
github-actions[bot]
closed
1 year ago
0
0x52 - Price disparities between spot and perpetual pricing can heavily destabilize UXD
#305
github-actions[bot]
opened
1 year ago
4
aviggiano - `UXDTimelockController.approveERC20` can be frontrun and attacker can spend more allowance than expected
#304
github-actions[bot]
closed
1 year ago
0
hl_ - Possible attacks on users for fees paid
#303
github-actions[bot]
closed
1 year ago
1
aviggiano - UXDTimelockController timelock can be bypassed by contract deployer
#302
github-actions[bot]
closed
1 year ago
0
aviggiano - Users cannot redeem assets if the first depository is out of funds, even if other depositories have enough tokens
#301
github-actions[bot]
closed
1 year ago
0
aviggiano - Unbounded loops over `UXDController.assetList` and `UXDRouter._depositoriesForAsset`
#300
github-actions[bot]
closed
1 year ago
0
koxuan - return value of transferFrom not checked can cause loss of funds for user
#299
github-actions[bot]
closed
1 year ago
0
aviggiano - Return value of ERC-20 functions are not validated
#298
github-actions[bot]
closed
1 year ago
0
aviggiano - UXD protocol does not support fee on transfer/rebasing/deflationary tokens
#297
github-actions[bot]
closed
1 year ago
0
Previous
Next