sherlock-audit 2023-03-teller-judging issues

sherlock-audit / 2023-03-teller-judging

8 stars 6 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

branch_indigo - Unable to Borrow USDT/USDC with MemeCoin as Collaterals through Lender Commitment Forwarder

#517 sherlock-admin closed 1 year ago
0
ak1 - CollateralEscrowV1.sol: depositAsset is not considered with collateral that would charge fee on transfer

#516 sherlock-admin closed 1 year ago
0
w42d3n - CollateralEscrowV1: ERC20 return values not checked

#515 sherlock-admin closed 1 year ago
0
warRoom - Missing zero address check can set some immutable variables to zero address

#514 sherlock-admin closed 1 year ago
0
whiteh4t9527 - Duplicate Collateral Assets Could Bypass CollateralManager._checkBalances()

#513 sherlock-admin closed 1 year ago
0
carrotsmuggler - Escrow contract uses unsafe transfer method for ERC721

#512 sherlock-admin closed 1 year ago
0
Delvir0 - When repaying close to eachother, due to rounding error, the borrowers repays less than expected

#511 sherlock-admin closed 1 year ago
5
ak1 - CollateralEscrowV1.sol : `_withdrawCollateral` , funds would be lost the some collateral that fails with false return,

#510 sherlock-admin closed 1 year ago
0
carrotsmuggler - Loss of precision during interest calculation

#509 sherlock-admin closed 1 year ago
1
branch_indigo - Required Collateral is over scaled in Lender Commitment Forwarder

#508 sherlock-admin closed 1 year ago
1
warRoom - Bid loanDetails incorrectly updated in a scenario where Bid is being repaid full.

#507 sherlock-admin closed 1 year ago
0
helpMePlease - APR shouldn't be more then 100

#506 sherlock-admin closed 1 year ago
0
w42d3n - Using transferFrom on ERC721 tokens

#505 sherlock-admin closed 1 year ago
0
MohammedRizwan - Use safeMint instead of mint for ERC721Upgradeable

#504 sherlock-admin closed 1 year ago
0
helpMePlease - No condition for erc721 and erc1155 in validateCommitment

#503 sherlock-admin closed 1 year ago
1
giovannidisiena - ERC-721 tokens can be permanently locked if `ERC721::transferFrom()` recipient is an invalid receiver

#502 sherlock-admin closed 1 year ago
0
ArbitraryExecution - ERC20 token transfer can fail

#501 sherlock-admin closed 1 year ago
0
sayan_ - initialize() can be called multiple times

#500 sherlock-admin closed 1 year ago
0
ak1 - absence of minimum borrow amount would lead to loss of funds to borrower unknowingly.

#499 sherlock-admin closed 1 year ago
0
MiloTruck - Protocol functionality will break after 7 February 2106

#498 sherlock-admin closed 1 year ago
0
tallo - A malicious market owner/protocol owner can front-run calls to lenderAcceptBid and change the marketplace fee to steal lender funds

#497 sherlock-admin opened 1 year ago
6
oxcm - Precision Loss in Interest Calculation Due to Frequent Repayments

#496 sherlock-admin closed 1 year ago
0
helpMePlease - Commitment expiration time checking condition is wrong

#495 sherlock-admin closed 1 year ago
1
branch_indigo - Premature Liquidation When a Borrower Pays early

#494 sherlock-admin opened 1 year ago
3
jpserrat - Lender can prevent borrower to pay the loan

#493 sherlock-admin closed 1 year ago
0
whiteh4t9527 - Deflationary lendingToken makes lenders lose money

#492 sherlock-admin closed 1 year ago
0
giovannidisiena - Funds can be locked in `CollateralEscrowV1` if `ERC20::transfer()` fails as the return value is not checked on withdrawal

#491 sherlock-admin closed 1 year ago
0
sayan_ - isContract() can be bypassed

#490 sherlock-admin closed 1 year ago
0
ArbitraryExecution - Reentrancy in `repayLoan`

#489 sherlock-admin closed 1 year ago
4
cccz - lender can front run the liquidator to make the liquidator lose the collateral

#488 sherlock-admin closed 1 year ago
0
peanuts - Borrower can indefinitely extend the liquidation by repaying dust amounts

#487 sherlock-admin closed 1 year ago
0
jasonxiale - A malicious user can steal lender's token by front run TellerV2.lenderAcceptBid with little cost

#486 sherlock-admin closed 1 year ago
0
ak1 - TellerV2.sol : `_repayLoan` is not checking valid `paymentAmount > 0` amount. This would lead to updating the last repaid time though nothing is paid.

#485 sherlock-admin closed 1 year ago
0
MiloTruck - Borrower's reputation mark becomes permanent if his loan is defaulted and claimed by lender

#484 sherlock-admin closed 1 year ago
1
ArbitraryExecution - Shadowed variable

#483 sherlock-admin closed 1 year ago
0
0xAgro - Destined Critical Overflow

#482 sherlock-admin closed 1 year ago
0
evmboi32 - Lender can "steal" the borrowers tokens if they are approved to CollateralManager

#481 sherlock-admin closed 1 year ago
0
saidam017 - Attacker can front run marketplace creation to create malicious borrow offer

#480 sherlock-admin closed 1 year ago
0
giovannidisiena - ERC-20 masquerading as an ERC-721 can result in a loan with very little backing

#479 sherlock-admin closed 1 year ago
0
0x2e - `getLoanSummary` returns the wrong lender address, the lender may lose funds.

#478 sherlock-admin closed 1 year ago
0
0x2e - `validateCommitment` doesn't restrict ERC721 amount to 1.

#477 sherlock-admin closed 1 year ago
0
duc - The malicious owner of TellerV2 contract can steal the funds of user

#476 sherlock-admin closed 1 year ago
0
0x2e - Lenders can take all collaterals when the bid `isLoanDefaulted(bidId) == true`. Borrowers will lose money and all collaterals.

#475 sherlock-admin closed 1 year ago
1
sayan_ - Confusion while calling revokeBorrower() due to functions having same names

#474 sherlock-admin closed 1 year ago
0
0x2e - The protocol should use SafeERC20Upgradeable.safeTransferFrom.

#473 sherlock-admin closed 1 year ago
0
n33k - Lender loses pennies when FEE-ON-TRANSFER tokens are used as lendingToken

#472 sherlock-admin closed 1 year ago
0
0x2e - The protocol should support fee-on-transfer tokens.

#471 sherlock-admin closed 1 year ago
0
0xepley - If Borrower gets liquidate then he could loose all the money he has already paid.

#470 sherlock-admin closed 1 year ago
1
Phantasmagoria - Minter of the NFT can be a contract with no onERC721Received method, which may cause the BorrowTicket NFT to be frozen

#469 sherlock-admin closed 1 year ago
0
carrotsmuggler - Collateral can be locked by sending loan NFT to blacklisted address

#468 sherlock-admin closed 1 year ago
0