issues
search
sherlock-audit
/
2023-04-ajna-judging
4
stars
3
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Oxhunter526 - [High] Integer Overflow Vulnerability in _calculateAndClaimAllRewards Function #4
#63
sherlock-admin
closed
1 year ago
0
seerether - Borrowers can pull more collateral than they actually have
#62
sherlock-admin
closed
1 year ago
0
GimelSec - `PermitERC721.sol` should implement `supportsInterface`
#61
sherlock-admin
closed
1 year ago
8
Oxhunter526 - Precision Loss #3
#60
sherlock-admin
closed
1 year ago
0
Oxhunter526 - Title: Potential Inconsistencies in Collateralization and Debt Repayment within Auction Mechanism
#59
sherlock-admin
closed
1 year ago
1
GimelSec - `GrantFund._state` returns the wrong state
#58
sherlock-admin
closed
1 year ago
0
Oxhunter526 - Zero Access Control
#57
sherlock-admin
closed
1 year ago
0
0xG0P1 - Anyone can mint the NFTs in the PositionManager.sol contract, Stake them and can earn ajna tokens
#56
sherlock-admin
closed
1 year ago
0
0xeix - Pool collateral can be incorrectly calculated if collateralReceiver == address(this) in ERC20Pool.sol
#55
sherlock-admin
closed
1 year ago
2
0xeix - collateralReceiver can be address(this) in ERC721Pool.sol
#54
sherlock-admin
closed
1 year ago
0
seerether - addQuoteToken function does not handle cases where the bucket becomes insolvent between transactions
#53
sherlock-admin
closed
1 year ago
0
XDZIBEC - XO-`repayDebt() ` function does not check ` limitIndex_ parameter ` for validity.
#52
sherlock-admin
closed
1 year ago
0
stopthecap - GrantFund storage variables will not work in chains which block time is not 12 seconds
#51
sherlock-admin
closed
1 year ago
0
0xeix - User will not be able to redeem his LPs as his position is deleted
#50
sherlock-admin
closed
1 year ago
0
0xeix - increaseLPAllowance() mistakenly calls for the owner of the lpAmounts
#49
sherlock-admin
closed
1 year ago
0
0xeix - transferLP() call without calling increaseLPAllowance() in PositionManager.sol
#48
sherlock-admin
closed
1 year ago
0
Ruhum - `kickReserveAuction()` uses outdated pool data
#47
sherlock-admin
closed
1 year ago
5
stopthecap - `permit` signatures can be replayed if approval is revoked during valid timestamp
#46
sherlock-admin
closed
1 year ago
20
stopthecap - Using `create` for cloning in factory makes it susceptible to re-org attacks
#45
sherlock-admin
closed
1 year ago
2
stopthecap - Users are unable to `unstake` and `emergencyUnstake`
#44
sherlock-admin
closed
1 year ago
3
stopthecap - `take` function does not work due to missing approvals
#43
sherlock-admin
closed
1 year ago
2
ctf_sec - User can vote a dust amount to pass proposal as long as the voting power is positive and steal fund from the GrantFund contract
#42
sherlock-admin
closed
1 year ago
2
ctf_sec - position is kicked in a outdated / stale neutral price, result in unfair liquidation
#41
sherlock-admin
closed
1 year ago
2
Ruhum - `_roundToScale()` limits usage of low decimal tokens
#40
sherlock-admin
closed
1 year ago
8
ctf_sec - Lose of unclaimed rewards in case a bucket goes bankrupt
#39
sherlock-admin
closed
1 year ago
0
ctf_sec - Malicious user can steal delegate rewards in grant voting
#38
sherlock-admin
closed
1 year ago
2
ctf_sec - User can claim reward more than once
#37
sherlock-admin
closed
1 year ago
2
ctf_sec - Lose of reward from user very easily
#36
sherlock-admin
closed
1 year ago
3
ctf_sec - Nonce is not incremented, leading to signature replay
#35
sherlock-admin
closed
1 year ago
0
Bauchibred - Adopting the EIP-4494 Standard, Currently in its Draft Stage, May Lead to Potential Compatibility Challenges
#34
sherlock-admin
closed
1 year ago
0
Bauchibred - Users Would Lose Their Rewards in the Case where They call `unstake()` more than once within a Single Epoch
#33
sherlock-admin
closed
1 year ago
3
Bauchibred - Lack of Frontrun Protection in the `updateBucketExchangeRatesAndClaim` Function Could Disadvantage Honest Users
#32
sherlock-admin
closed
1 year ago
0
Bauchibred - PositionManager & PermitERC721 do not comply with EIP-4494
#31
sherlock-admin
closed
1 year ago
12
Bauchibred - Hard-coded Slippage Value in Unstaking Function Can Result in Denial-of-Service
#30
sherlock-admin
closed
1 year ago
11
Bauchibred - User's Unclaimed Rewards Could be Lost Due to Position Zeroing Out
#29
sherlock-admin
closed
1 year ago
0
Bauchibred - Flawed Logic in MemorializePositions Update Requires Full LP Balance Approval
#28
sherlock-admin
closed
1 year ago
0
Bauchibred - Potential Loss of Bucket Rewards due to Missing Slippage Control in the Staking Function
#27
sherlock-admin
closed
1 year ago
0
XDZIBEC - XO-`bucketCollateralDust()` function does not check for overflows
#26
sherlock-admin
closed
1 year ago
0
XDZIBEC - XO-`atomicSwapCallback()` function does not check for empty `data` parameter Severity: High
#25
sherlock-admin
closed
1 year ago
0
seerether - totalDelegateRewards is less than the actual fraction of funds that should have been allocated
#24
sherlock-admin
closed
1 year ago
0
XDZIBEC - XO-`Unbounded Debt` Settlement Vulnerability in `Pool Settler` Actions Contract
#23
sherlock-admin
closed
1 year ago
0
XDZIBEC - XO-`stampLoan()` function does not require `msg.sender` to be the `owner` of the `loan`.
#22
sherlock-admin
closed
1 year ago
0
tsvetanovv - It's impossible to unstake tokens if the rewards is more than Ajna balance
#21
sherlock-admin
closed
1 year ago
10
0xeix - ERC721Pool.sol doesn't implement onERC721Received()
#20
sherlock-admin
closed
1 year ago
4
seerether - Users can claim rewards for past epochs at any time, even after a long period has passed since the epoch ended.
#19
sherlock-admin
closed
1 year ago
0
MohammedRizwan - Minting NFTs to contract address will fail(Missing issue in documentation too)
#18
sherlock-admin
closed
1 year ago
11
MohammedRizwan - NFTs can be permanently locked or frozen if transferred to non-implemented onERC721Received support contract address(Missing issue in documentation too)
#17
sherlock-admin
closed
1 year ago
8
seerether - Invalid pool address will lead to transferring funds to an incorrect or non-existent pool
#16
sherlock-admin
closed
1 year ago
0
XDZIBEC - XO-`flashLoan()` function does not check `borrower` balance
#15
sherlock-admin
closed
1 year ago
0
XDZIBEC - XO-`_checkTokenIdSortOrder` Function in `ERC721PoolFactory` Does Not Check for Duplicate Token `IDs`
#14
sherlock-admin
closed
1 year ago
0
Previous
Next