sherlock-audit 2023-04-ajna-judging issues

sherlock-audit / 2023-04-ajna-judging

4 stars 3 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Oxhunter526 - [High] Integer Overflow Vulnerability in _calculateAndClaimAllRewards Function #4

#63 sherlock-admin closed 1 year ago
0
seerether - Borrowers can pull more collateral than they actually have

#62 sherlock-admin closed 1 year ago
0
GimelSec - `PermitERC721.sol` should implement `supportsInterface`

#61 sherlock-admin closed 1 year ago
8
Oxhunter526 - Precision Loss #3

#60 sherlock-admin closed 1 year ago
0
Oxhunter526 - Title: Potential Inconsistencies in Collateralization and Debt Repayment within Auction Mechanism

#59 sherlock-admin closed 1 year ago
1
GimelSec - `GrantFund._state` returns the wrong state

#58 sherlock-admin closed 1 year ago
0
Oxhunter526 - Zero Access Control

#57 sherlock-admin closed 1 year ago
0
0xG0P1 - Anyone can mint the NFTs in the PositionManager.sol contract, Stake them and can earn ajna tokens

#56 sherlock-admin closed 1 year ago
0
0xeix - Pool collateral can be incorrectly calculated if collateralReceiver == address(this) in ERC20Pool.sol

#55 sherlock-admin closed 1 year ago
2
0xeix - collateralReceiver can be address(this) in ERC721Pool.sol

#54 sherlock-admin closed 1 year ago
0
seerether - addQuoteToken function does not handle cases where the bucket becomes insolvent between transactions

#53 sherlock-admin closed 1 year ago
0
XDZIBEC - XO-`repayDebt() ` function does not check ` limitIndex_ parameter ` for validity.

#52 sherlock-admin closed 1 year ago
0
stopthecap - GrantFund storage variables will not work in chains which block time is not 12 seconds

#51 sherlock-admin closed 1 year ago
0
0xeix - User will not be able to redeem his LPs as his position is deleted

#50 sherlock-admin closed 1 year ago
0
0xeix - increaseLPAllowance() mistakenly calls for the owner of the lpAmounts

#49 sherlock-admin closed 1 year ago
0
0xeix - transferLP() call without calling increaseLPAllowance() in PositionManager.sol

#48 sherlock-admin closed 1 year ago
0
Ruhum - `kickReserveAuction()` uses outdated pool data

#47 sherlock-admin closed 1 year ago
5
stopthecap - `permit` signatures can be replayed if approval is revoked during valid timestamp

#46 sherlock-admin closed 1 year ago
20
stopthecap - Using `create` for cloning in factory makes it susceptible to re-org attacks

#45 sherlock-admin closed 1 year ago
2
stopthecap - Users are unable to `unstake` and `emergencyUnstake`

#44 sherlock-admin closed 1 year ago
3
stopthecap - `take` function does not work due to missing approvals

#43 sherlock-admin closed 1 year ago
2
ctf_sec - User can vote a dust amount to pass proposal as long as the voting power is positive and steal fund from the GrantFund contract

#42 sherlock-admin closed 1 year ago
2
ctf_sec - position is kicked in a outdated / stale neutral price, result in unfair liquidation

#41 sherlock-admin closed 1 year ago
2
Ruhum - `_roundToScale()` limits usage of low decimal tokens

#40 sherlock-admin closed 1 year ago
8
ctf_sec - Lose of unclaimed rewards in case a bucket goes bankrupt

#39 sherlock-admin closed 1 year ago
0
ctf_sec - Malicious user can steal delegate rewards in grant voting

#38 sherlock-admin closed 1 year ago
2
ctf_sec - User can claim reward more than once

#37 sherlock-admin closed 1 year ago
2
ctf_sec - Lose of reward from user very easily

#36 sherlock-admin closed 1 year ago
3
ctf_sec - Nonce is not incremented, leading to signature replay

#35 sherlock-admin closed 1 year ago
0
Bauchibred - Adopting the EIP-4494 Standard, Currently in its Draft Stage, May Lead to Potential Compatibility Challenges

#34 sherlock-admin closed 1 year ago
0
Bauchibred - Users Would Lose Their Rewards in the Case where They call `unstake()` more than once within a Single Epoch

#33 sherlock-admin closed 1 year ago
3
Bauchibred - Lack of Frontrun Protection in the `updateBucketExchangeRatesAndClaim` Function Could Disadvantage Honest Users

#32 sherlock-admin closed 1 year ago
0
Bauchibred - PositionManager & PermitERC721 do not comply with EIP-4494

#31 sherlock-admin closed 1 year ago
12
Bauchibred - Hard-coded Slippage Value in Unstaking Function Can Result in Denial-of-Service

#30 sherlock-admin closed 1 year ago
11
Bauchibred - User's Unclaimed Rewards Could be Lost Due to Position Zeroing Out

#29 sherlock-admin closed 1 year ago
0
Bauchibred - Flawed Logic in MemorializePositions Update Requires Full LP Balance Approval

#28 sherlock-admin closed 1 year ago
0
Bauchibred - Potential Loss of Bucket Rewards due to Missing Slippage Control in the Staking Function

#27 sherlock-admin closed 1 year ago
0
XDZIBEC - XO-`bucketCollateralDust()` function does not check for overflows

#26 sherlock-admin closed 1 year ago
0
XDZIBEC - XO-`atomicSwapCallback()` function does not check for empty `data` parameter Severity: High

#25 sherlock-admin closed 1 year ago
0
seerether - totalDelegateRewards is less than the actual fraction of funds that should have been allocated

#24 sherlock-admin closed 1 year ago
0
XDZIBEC - XO-`Unbounded Debt` Settlement Vulnerability in `Pool Settler` Actions Contract

#23 sherlock-admin closed 1 year ago
0
XDZIBEC - XO-`stampLoan()` function does not require `msg.sender` to be the `owner` of the `loan`.

#22 sherlock-admin closed 1 year ago
0
tsvetanovv - It's impossible to unstake tokens if the rewards is more than Ajna balance

#21 sherlock-admin closed 1 year ago
10
0xeix - ERC721Pool.sol doesn't implement onERC721Received()

#20 sherlock-admin closed 1 year ago
4
seerether - Users can claim rewards for past epochs at any time, even after a long period has passed since the epoch ended.

#19 sherlock-admin closed 1 year ago
0
MohammedRizwan - Minting NFTs to contract address will fail(Missing issue in documentation too)

#18 sherlock-admin closed 1 year ago
11
MohammedRizwan - NFTs can be permanently locked or frozen if transferred to non-implemented onERC721Received support contract address(Missing issue in documentation too)

#17 sherlock-admin closed 1 year ago
8
seerether - Invalid pool address will lead to transferring funds to an incorrect or non-existent pool

#16 sherlock-admin closed 1 year ago
0
XDZIBEC - XO-`flashLoan()` function does not check `borrower` balance

#15 sherlock-admin closed 1 year ago
0
XDZIBEC - XO-`_checkTokenIdSortOrder` Function in `ERC721PoolFactory` Does Not Check for Duplicate Token `IDs`

#14 sherlock-admin closed 1 year ago
0

Previous Next