sherlock-audit 2023-02-kairos-judging issues

sherlock-audit / 2023-02-kairos-judging

2 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

schrodinger - Users can dust the external `buy` function leading to drain all the gas

#182 sherlock-admin closed 1 year ago
0
w42d3n - The protocol is not protected against Signature malleability

#181 sherlock-admin closed 1 year ago
0
curiousapple - The liquidation payout could be considered unfair for lenders with higher LTV.

#180 sherlock-admin closed 1 year ago
0
Go-langer - A control flow decision is made based on The block.timestamp environment variable.

#179 sherlock-admin closed 1 year ago
0
chaduke - ``mul(Ray a, Ray b)`` might overflow unnecessarily due to its multiplication-before-division pattern of implementation.

#178 sherlock-admin closed 1 year ago
0
w42d3n - BorrowFacet.sol: Using transferFrom on ERC721 tokens could lead users fund to be locked

#177 sherlock-admin closed 1 year ago
0
chainNue - Adversary can pollute supply loan offers without any ERC20 balance or transfer their balance before the offer is accepted

#176 sherlock-admin closed 1 year ago
0
curiousapple - The derivation of all supply position IDs for a given loan from `supplyPositionIndex` and `nbOfOffers` can be manipulated.

#175 sherlock-admin closed 1 year ago
0
w42d3n - Use safeTransfer/safeTransferFrom instead of transfer/transferFrom

#174 sherlock-admin closed 1 year ago
0
peanuts - After liquidations, lender should still get their interest back instead of just the lent amount

#173 sherlock-admin closed 1 year ago
0
duc - Borrower can reduce the interest of shortly loans

#172 sherlock-admin closed 1 year ago
1
0xd1r4cde17a - lender gets minInterestsToRepay / loan.nbOfPositions

#171 sherlock-admin closed 1 year ago
0
0Kage - If market price of collateral falls drastically over short time, existing offers can be exploited by a malicious borrower

#170 sherlock-admin closed 1 year ago
0
pavankv241 - borrow() function have unbounded loop leads to dos of gas.limit

#169 sherlock-admin closed 1 year ago
0
w42d3n - Usage of deprecated transfer() can result in revert

#168 sherlock-admin closed 1 year ago
0
joestakey - `Erc20CheckedTransfer` functions do not work with `USDT` and `BNB`, which leads to frozen funds of lenders in the case of `BNB`.

#167 sherlock-admin closed 1 year ago
0
peanuts - ClaimFacet#claim burns the positionId NFT before updating the state

#166 sherlock-admin closed 1 year ago
0
Nadin - [M] Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom

#165 sherlock-admin closed 1 year ago
0
sayan_ - Unbounded loop in functions can Lead To DoS

#164 sherlock-admin closed 1 year ago
0
curiousapple - Lenders can add conditional logic inside safeMint callback to decide if they should lend or not

#163 sherlock-admin closed 1 year ago
0
peanuts - Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom for ERC20 tokens

#162 sherlock-admin closed 1 year ago
0
gryphon - Buyer may not be able to liquidate the loan

#161 sherlock-admin closed 1 year ago
1
peanuts - NFTs are not stored in the appropriate contracts

#160 sherlock-admin closed 1 year ago
1
peanuts - Some NFTs like CryptoKitty and CryptoFighter can be paused, which block repaying/liquidation actions

#159 sherlock-admin closed 1 year ago
1
gryphon - Risk of borrower not being able to pay back

#158 sherlock-admin closed 1 year ago
0
Jaraxxus - Lack of nonce and domain separator in signature

#157 sherlock-admin closed 1 year ago
0
SPYBOY - safeTransfer is recommended instead of transfer

#156 sherlock-admin closed 1 year ago
0
chainNue - Some tokens doesn't return boolean value on ERC20 methods (transfer / transferFrom) resulting in revert a transfer

#155 sherlock-admin closed 1 year ago
0
SPYBOY - Reentrancy in AuctionFacet.sol will manipulate order of emit

#154 sherlock-admin closed 1 year ago
0
Go-langer - Init function left open for anyone to call and initialize the protocol.

#153 sherlock-admin closed 1 year ago
0
Go-langer - Invalid loanID passed in to function resulting in a user losing funds on transaction

#152 sherlock-admin closed 1 year ago
0
tsvetanovv - ECDSA.recover Signature Malleability

#151 sherlock-admin closed 1 year ago
1
SPYBOY - A malicious signer can exploite reentrancy while Borrowing

#150 sherlock-admin closed 1 year ago
0
Go-langer - Precision loss in Function can lead to loss of funds or unfair market price of loan

#149 sherlock-admin closed 1 year ago
0
tsvetanovv - Unsafe ERC20.transferFrom()

#148 sherlock-admin closed 1 year ago
0
tsvetanovv - It is possible Reentrancy in `safeMint()` function

#147 sherlock-admin closed 1 year ago
0
ADM - Signature malleability vulnerability in openZeppelin contracts library version < 4.7.3.

#146 sherlock-admin closed 1 year ago
0
Koolex - Inconsistent handling of ERC20 tokens transferring

#145 sherlock-admin closed 1 year ago
0
csanuragjain - Liquidation occur at incorrect time

#144 sherlock-admin closed 1 year ago
2
pavankv241 - price() will return large number when shares and loan.lent is smaller.

#143 sherlock-admin closed 1 year ago
0
csanuragjain - ACL missing on init function

#142 sherlock-admin closed 1 year ago
6
Go-langer - Unsafe usage of ERC20 transferFrom

#141 sherlock-admin closed 1 year ago
0
glcanvas - Possible reentrancy which allows to write incorrect supplyPositionIndex

#140 sherlock-admin closed 1 year ago
0
0xmrhoodie - Lenders signature reusage in the same Loan

#139 sherlock-admin closed 1 year ago
0
sashik_eth - Lenders risk losing interest when loanToValue equals the fair market price of NFTs

#138 sherlock-admin closed 1 year ago
6
Koolex - The NFT (collateral) could possibly get stuck in the protocol in some cases

#137 sherlock-admin closed 1 year ago
0
Go-langer - Unimported libraries for initialization

#136 sherlock-admin closed 1 year ago
0
evo - A Borrower (attacker) can steal money from lenders

#135 sherlock-admin closed 1 year ago
0
0xlmanini - Erc20CheckedTransfer library doesn't handle non-standard tokens correctly

#134 sherlock-admin closed 1 year ago
0
innertia - Borrower's NFTs taken by lender by malicious ERC20 created

#133 sherlock-admin closed 1 year ago
0