issues
search
sherlock-audit
/
2023-02-kairos-judging
2
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
schrodinger - Users can dust the external `buy` function leading to drain all the gas
#182
sherlock-admin
closed
1 year ago
0
w42d3n - The protocol is not protected against Signature malleability
#181
sherlock-admin
closed
1 year ago
0
curiousapple - The liquidation payout could be considered unfair for lenders with higher LTV.
#180
sherlock-admin
closed
1 year ago
0
Go-langer - A control flow decision is made based on The block.timestamp environment variable.
#179
sherlock-admin
closed
1 year ago
0
chaduke - ``mul(Ray a, Ray b)`` might overflow unnecessarily due to its multiplication-before-division pattern of implementation.
#178
sherlock-admin
closed
1 year ago
0
w42d3n - BorrowFacet.sol: Using transferFrom on ERC721 tokens could lead users fund to be locked
#177
sherlock-admin
closed
1 year ago
0
chainNue - Adversary can pollute supply loan offers without any ERC20 balance or transfer their balance before the offer is accepted
#176
sherlock-admin
closed
1 year ago
0
curiousapple - The derivation of all supply position IDs for a given loan from `supplyPositionIndex` and `nbOfOffers` can be manipulated.
#175
sherlock-admin
closed
1 year ago
0
w42d3n - Use safeTransfer/safeTransferFrom instead of transfer/transferFrom
#174
sherlock-admin
closed
1 year ago
0
peanuts - After liquidations, lender should still get their interest back instead of just the lent amount
#173
sherlock-admin
closed
1 year ago
0
duc - Borrower can reduce the interest of shortly loans
#172
sherlock-admin
closed
1 year ago
1
0xd1r4cde17a - lender gets minInterestsToRepay / loan.nbOfPositions
#171
sherlock-admin
closed
1 year ago
0
0Kage - If market price of collateral falls drastically over short time, existing offers can be exploited by a malicious borrower
#170
sherlock-admin
closed
1 year ago
0
pavankv241 - borrow() function have unbounded loop leads to dos of gas.limit
#169
sherlock-admin
closed
1 year ago
0
w42d3n - Usage of deprecated transfer() can result in revert
#168
sherlock-admin
closed
1 year ago
0
joestakey - `Erc20CheckedTransfer` functions do not work with `USDT` and `BNB`, which leads to frozen funds of lenders in the case of `BNB`.
#167
sherlock-admin
closed
1 year ago
0
peanuts - ClaimFacet#claim burns the positionId NFT before updating the state
#166
sherlock-admin
closed
1 year ago
0
Nadin - [M] Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom
#165
sherlock-admin
closed
1 year ago
0
sayan_ - Unbounded loop in functions can Lead To DoS
#164
sherlock-admin
closed
1 year ago
0
curiousapple - Lenders can add conditional logic inside safeMint callback to decide if they should lend or not
#163
sherlock-admin
closed
1 year ago
0
peanuts - Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom for ERC20 tokens
#162
sherlock-admin
closed
1 year ago
0
gryphon - Buyer may not be able to liquidate the loan
#161
sherlock-admin
closed
1 year ago
1
peanuts - NFTs are not stored in the appropriate contracts
#160
sherlock-admin
closed
1 year ago
1
peanuts - Some NFTs like CryptoKitty and CryptoFighter can be paused, which block repaying/liquidation actions
#159
sherlock-admin
closed
1 year ago
1
gryphon - Risk of borrower not being able to pay back
#158
sherlock-admin
closed
1 year ago
0
Jaraxxus - Lack of nonce and domain separator in signature
#157
sherlock-admin
closed
1 year ago
0
SPYBOY - safeTransfer is recommended instead of transfer
#156
sherlock-admin
closed
1 year ago
0
chainNue - Some tokens doesn't return boolean value on ERC20 methods (transfer / transferFrom) resulting in revert a transfer
#155
sherlock-admin
closed
1 year ago
0
SPYBOY - Reentrancy in AuctionFacet.sol will manipulate order of emit
#154
sherlock-admin
closed
1 year ago
0
Go-langer - Init function left open for anyone to call and initialize the protocol.
#153
sherlock-admin
closed
1 year ago
0
Go-langer - Invalid loanID passed in to function resulting in a user losing funds on transaction
#152
sherlock-admin
closed
1 year ago
0
tsvetanovv - ECDSA.recover Signature Malleability
#151
sherlock-admin
closed
1 year ago
1
SPYBOY - A malicious signer can exploite reentrancy while Borrowing
#150
sherlock-admin
closed
1 year ago
0
Go-langer - Precision loss in Function can lead to loss of funds or unfair market price of loan
#149
sherlock-admin
closed
1 year ago
0
tsvetanovv - Unsafe ERC20.transferFrom()
#148
sherlock-admin
closed
1 year ago
0
tsvetanovv - It is possible Reentrancy in `safeMint()` function
#147
sherlock-admin
closed
1 year ago
0
ADM - Signature malleability vulnerability in openZeppelin contracts library version < 4.7.3.
#146
sherlock-admin
closed
1 year ago
0
Koolex - Inconsistent handling of ERC20 tokens transferring
#145
sherlock-admin
closed
1 year ago
0
csanuragjain - Liquidation occur at incorrect time
#144
sherlock-admin
closed
1 year ago
2
pavankv241 - price() will return large number when shares and loan.lent is smaller.
#143
sherlock-admin
closed
1 year ago
0
csanuragjain - ACL missing on init function
#142
sherlock-admin
closed
1 year ago
6
Go-langer - Unsafe usage of ERC20 transferFrom
#141
sherlock-admin
closed
1 year ago
0
glcanvas - Possible reentrancy which allows to write incorrect supplyPositionIndex
#140
sherlock-admin
closed
1 year ago
0
0xmrhoodie - Lenders signature reusage in the same Loan
#139
sherlock-admin
closed
1 year ago
0
sashik_eth - Lenders risk losing interest when loanToValue equals the fair market price of NFTs
#138
sherlock-admin
closed
1 year ago
6
Koolex - The NFT (collateral) could possibly get stuck in the protocol in some cases
#137
sherlock-admin
closed
1 year ago
0
Go-langer - Unimported libraries for initialization
#136
sherlock-admin
closed
1 year ago
0
evo - A Borrower (attacker) can steal money from lenders
#135
sherlock-admin
closed
1 year ago
0
0xlmanini - Erc20CheckedTransfer library doesn't handle non-standard tokens correctly
#134
sherlock-admin
closed
1 year ago
0
innertia - Borrower's NFTs taken by lender by malicious ERC20 created
#133
sherlock-admin
closed
1 year ago
0
Next