sherlock-audit 2023-04-jojo-judging issues

sherlock-audit / 2023-04-jojo-judging

7 stars 4 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

0xPkhatri - Overwriting of Pending Withdrawals in Funding.sol

#482 sherlock-admin closed 1 year ago
0
Avci - getAssetPrice() missed to check If Arbitrum sequencer is down

#481 sherlock-admin closed 1 year ago
0
Aymen0909 - Chainlink's `latestRoundData()` can return stale or incorrect result

#480 sherlock-admin closed 1 year ago
0
monrel - Liquidator can steal collateral by issuing a loan to liquidated user

#479 sherlock-admin closed 1 year ago
0
ak1 - JUSDBank.sol#L93 : isFinalLiquidation is not checked during deposit.

#478 sherlock-admin closed 1 year ago
0
0xPkhatri - Incorrect Credit Calculation in Perpetual#_settle: Price of Asset Overlooked

#477 sherlock-admin closed 1 year ago
0
w42d3n - chainlinkAdaptor.getMarkPrice() Price oracle could get a stale price

#476 sherlock-admin closed 1 year ago
0
Avci - the Funding.sol contract:executeWithdraw function has some problems in logic

#475 sherlock-admin closed 1 year ago
0
m9800 - M-4: withdrawTimeLock can be avoided

#474 sherlock-admin closed 1 year ago
0
monrel - Liquidator can steal collateral by taking a loan from the liquidated user.

#473 sherlock-admin closed 1 year ago
7
0xrobsol - Offline sequencer can potentially cause stale and outdated price. (Medium)

#472 sherlock-admin closed 1 year ago
0
monrel - Liquidator can steal collateral by buying NFTs from a liquidated user

#471 sherlock-admin closed 1 year ago
0
SanketKogekar - The `safeTransferFrom` and `safeTransfer` could fail silently.

#470 sherlock-admin closed 1 year ago
0
ak1 - JUSDBank.sol : borrow does not ensure `isBorrowAllowed` enabled.

#469 sherlock-admin closed 1 year ago
1
0x52 - uniswapPriceAdaptor will function incorrectly if quote token isn't 18 dp

#468 sherlock-admin closed 1 year ago
1
GimelSec - Solidity 0.8.9 has a potential issue.

#467 sherlock-admin closed 1 year ago
0
Aymen0909 - No slippage protection in `FlashLoanLiquidate`

#466 sherlock-admin closed 1 year ago
0
peakbolt - Lack of balance check for `requestWithdraw()`

#465 sherlock-admin closed 1 year ago
0
peakbolt - JUSD depeg could prevent liquidation of unhealthy positions in JOJODealer causing it to accumulate large amount of bad debts

#464 sherlock-admin closed 1 year ago
5
y1cunhui - JUSD borrow rate calculation error

#463 sherlock-admin closed 1 year ago
0
ArbitraryExecution - `buyJUSD` trades USDC for JUSD in a 1-to-1 transaction regardless of the actual price of JUSD

#462 sherlock-admin closed 1 year ago
0
ArbitraryExecution - The calculation of `timeDifference` in `getTRate` is incorrect

#461 sherlock-admin closed 1 year ago
1
ArbitraryExecution - `updateBorrowFeeRate` may erase the interest accrual from the previous `lastUpdateTimestamp` to the current `block.timestamp`

#460 sherlock-admin closed 1 year ago
1
0x52 - GeneralRepay#repayJUSD returns excess USDC to `to` address rather than msg.sender

#459 sherlock-admin opened 1 year ago
2
ArbitraryExecution - Assets in `FlashLoanLiquidate`, `FlashLoanRepay`, and `GeneralRepay` can be stolen

#458 sherlock-admin closed 1 year ago
0
Bauer - The `approve()` function of certain ERC20 tokens does not return a boolean value, resulting in transaction revert.

#457 sherlock-admin closed 1 year ago
0
ArbitraryExecution - A liquidated trader's new credit balance is calculated incorrectly during liquidation

#456 sherlock-admin closed 1 year ago
10
carrotsmuggler - Delisted collaterals are also liquidated

#455 sherlock-admin closed 1 year ago
2
carrotsmuggler - Free tokens can be borrowed in dust amounts

#454 sherlock-admin closed 1 year ago
0
carrotsmuggler - Interest rate drifts over time, upto 5% in the first year

#453 sherlock-admin closed 1 year ago
0
ArbitraryExecution - `markPrice` decimals are expected in several instances to be 18 but are 6 instead

#452 sherlock-admin closed 1 year ago
9
carrotsmuggler - Token borrow limits can be violated with withdrawals

#451 sherlock-admin closed 1 year ago
0
carrotsmuggler - Liquidations can be DOSd

#450 sherlock-admin closed 1 year ago
5
0x52 - chainlinkAdaptor uses the same heartbeat for both feeds which is highly dangerous

#449 sherlock-admin opened 1 year ago
7
GalloDaSballo - `updateFundingRate` is not accruing previous changes

#448 sherlock-admin closed 1 year ago
1
ArbitraryExecution - `_isAllSafe` can derive a `markPrice` of zero for any perpetual if a trader has more open positions than active perpetuals

#447 sherlock-admin closed 1 year ago
8
carrotsmuggler - Users can deposited delisted assets

#446 sherlock-admin closed 1 year ago
0
Delvir0 - Checking if an account is safe (e.g. after borrow) could provide wrong collateral value

#445 sherlock-admin closed 1 year ago
0
n33k - Funding rate can be manipulated

#444 sherlock-admin closed 1 year ago
0
GIGI - Faulty Logic in Trader Sorting

#443 sherlock-admin closed 1 year ago
0
GalloDaSballo - `uniswapPriceAdaptor` may check quotes on low liquidity pairs as not all tokens are directly liquid

#442 sherlock-admin closed 1 year ago
0
ArbitraryExecution - Users that have open positions in perpetuals that have been unregistered can never have their bad debt handled

#441 sherlock-admin closed 1 year ago
6
GimelSec - `Operation.setInsurance` should also move the credit.

#440 sherlock-admin closed 1 year ago
0
0x52 - chainlinkAdaptor#getMarkPrice doesn't check if the sequencer is up

#439 sherlock-admin closed 1 year ago
0
ArbitraryExecution - `quoteAllAvailablePoolsWithTimePeriod` can be manipulated with low liquidity pools

#438 sherlock-admin opened 1 year ago
2
ArbitraryExecution - A Uniswap V3 pool's observation cardinality may not be set for the specified period

#437 sherlock-admin closed 1 year ago
0
0x52 - Multiple contracts utilize swaps which can leave assets stranded in the contract

#436 sherlock-admin closed 1 year ago
2
ArbitraryExecution - `newEmergencyOracle` can be called by anyone

#435 sherlock-admin closed 1 year ago
1
GIGI - Faulty Logic in Trader Sorting (Medium severity issue)

#434 sherlock-admin closed 1 year ago
0
ArbitraryExecution - The `emergencyOracle` contract can be turned on without setting the price first

#433 sherlock-admin closed 1 year ago
0