issues
search
sherlock-audit
/
2023-04-jojo-judging
7
stars
4
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Delvir0 - _isSafe and _isSolidSafe could become unavailable due to DoS
#432
sherlock-admin
closed
1 year ago
0
ArbitraryExecution - The `abs()` function in `SignedDecimalMath.sol` does not correctly handle the full negative integer range
#431
sherlock-admin
closed
1 year ago
0
m9800 - M-3: Liquidation in case of delisted collateral
#430
sherlock-admin
closed
1 year ago
6
GimelSec - `Funding.requestWithdraw` should add an expiry time. Or the `withdrawTimeLock` can be easily bypassed.
#429
sherlock-admin
closed
1 year ago
1
0x52 - All allowances to DepositStableCoinToDealer and GeneralRepay can be stolen due to unsafe call
#428
sherlock-admin
opened
1 year ago
2
0xhacksmithh - Returned Price could be a stale price in `getMarkPrice()` & `getAssetPrice()`
#427
sherlock-admin
closed
1 year ago
0
MohammedRizwan - anyone can call init() function
#426
sherlock-admin
closed
1 year ago
0
simon135 - If `Trate` is greater then `amount` when the user repays the funds wont be repayed
#425
sherlock-admin
closed
1 year ago
0
Delvir0 - JOJOExternal.approveTrade could be blocked by sending incorrect values
#424
sherlock-admin
closed
1 year ago
0
Delvir0 - JOJOExternal.approveTrade could be blocked by sending incorrect values
#423
sherlock-admin
closed
1 year ago
0
n33k - Nonce is not checked on-chain
#422
sherlock-admin
closed
1 year ago
0
GalloDaSballo - No check for Arbitrum Sequencer being down means stale prices may be accepted
#421
sherlock-admin
closed
1 year ago
0
0x52 - FlashLoanLiquidate#JOJOFlashLoan doesn't allow user to specify any slippage conditions
#420
sherlock-admin
closed
1 year ago
0
simon135 - A an attacker stop the protocol from removing bad debt
#419
sherlock-admin
closed
1 year ago
0
gerdusx - Insufficient JUSD balance in JUSDExchange contract will prevent users to buy JUSD.
#418
sherlock-admin
closed
1 year ago
0
GalloDaSballo - JUSD will depeg with `primaryAsset` (USDC)
#417
sherlock-admin
closed
1 year ago
1
0x52 - Liquidators can profit extra at the expense of those being liquidated
#416
sherlock-admin
closed
1 year ago
1
monrel - Blacklisted users can not be liquidated if liquidateAmount > JUSDBorrowed
#415
sherlock-admin
closed
1 year ago
0
Delvir0 - Insufficient signature data check could lead to signature replay
#414
sherlock-admin
closed
1 year ago
7
simon135 - for exterme leverage positions can't be liquidated
#413
sherlock-admin
closed
1 year ago
0
GimelSec - Doesn't check If Arbitrum sequencer is down in `chainlinkAdaptor`
#412
sherlock-admin
closed
1 year ago
0
n33k - Order sender pays trade gas fee and the cost will be huge
#411
sherlock-admin
closed
1 year ago
0
ChainGuardian - Contract does not account for the possibility of the sequencer being down
#410
sherlock-admin
closed
1 year ago
0
0xhacksmithh - Missing check for active Arbitrum Sequencer in `JOJOOracleAdapter.sol` & `ChainlinkAdapter.sol`
#409
sherlock-admin
closed
1 year ago
0
GalloDaSballo - Safety of `updateReserveParam` is not checked, which can bring the protocol to a risky state
#408
sherlock-admin
closed
1 year ago
6
monrel - Blacklisted user can front-run liquidation and block liquidation of unsafe position
#407
sherlock-admin
closed
1 year ago
0
MohammedRizwan - Single-step process for critical ownership transfer can be dangerous
#406
sherlock-admin
closed
1 year ago
0
Bauer - The price `uniswapPriceFeed` may be inaccurate.
#405
sherlock-admin
closed
1 year ago
1
sinarette - Withdraw Timelock can be easily bypassed
#404
sherlock-admin
closed
1 year ago
0
0x52 - JUSDBank users can bypass individual collateral borrow limits
#403
sherlock-admin
opened
1 year ago
2
GalloDaSballo - DepositStableCoinToDealer and GeneralRepay approval farming allows to steal all approved tokens
#402
sherlock-admin
closed
1 year ago
0
Delvir0 - Provided trade data array is not checked for matching length
#401
sherlock-admin
closed
1 year ago
0
AlexCzm - No check for active Arbitrum Sequencer
#400
sherlock-admin
closed
1 year ago
0
GalloDaSballo - You can only flashLoan up to what you deposited, making levering up more costly
#399
sherlock-admin
closed
1 year ago
0
GalloDaSballo - Lack of Redemptions will cause JUSD to trade below peg until liquidations happen
#398
sherlock-admin
closed
1 year ago
1
GalloDaSballo - Lack of Fee means JUSDExchange is anti-economical
#397
sherlock-admin
closed
1 year ago
1
MohammedRizwan - Chainlink's latestRoundData might return stale or incorrect results
#396
sherlock-admin
closed
1 year ago
0
GalloDaSballo - Attacker can prevent `FlashLoanLiquidate` by buying all JUSD from JUSDExchange
#395
sherlock-admin
closed
1 year ago
1
cccz - When updating the funding rate for the first time, the maxChange will be very large
#394
sherlock-admin
closed
1 year ago
0
m9800 - M-2 : Liquidator could fail to liquidate USDC Blacklisted
#393
sherlock-admin
closed
1 year ago
0
Delvir0 - The waiting time for a withdrawal can be bypassed
#392
sherlock-admin
closed
1 year ago
0
AlexCzm - getMaxWithdrawAmount returns USDC amount not collateral amount
#391
sherlock-admin
closed
1 year ago
0
yixxas - Users can incidentally DOSed themselves if too many positions are opened
#390
sherlock-admin
closed
1 year ago
0
__141345__ - Incentive to self liquidate
#389
sherlock-admin
closed
1 year ago
0
yixxas - `primaryCredit` and `secondaryCredit` are assumed to be 18 decimals in the calculations used but it is not the case
#388
sherlock-admin
closed
1 year ago
6
yixxas - Rich adversary can grief borrowing of all users at no cost
#387
sherlock-admin
closed
1 year ago
5
__141345__ - Incentive to self liquidate JUSD
#386
sherlock-admin
closed
1 year ago
0
yixxas - Missing `payable` in `execute()`
#385
sherlock-admin
closed
1 year ago
0
__141345__ - Better to use rate based fundingRate calculation
#384
sherlock-admin
closed
1 year ago
1
yixxas - Lack of incentives for users to match a trade if order sender fee is negative
#383
sherlock-admin
closed
1 year ago
0
Previous
Next