issues
search
sherlock-audit
/
2023-04-unitasprotocol-judging
4
stars
3
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Avci - addBlackList() function doesn't check evilUser is already blacklisted
#164
sherlock-admin
closed
1 year ago
0
stopthecap - The reserve ratio can be pushed even lower than a 100% by front-running "pause" EMC minting
#163
sherlock-admin
closed
1 year ago
0
Avci - _receivePortfolio function will not be able to operate at first
#162
sherlock-admin
closed
1 year ago
0
Avci - a malicious user can front-run of addBlackList() function
#161
sherlock-admin
closed
1 year ago
0
radev_sw - Missing Slippage protection
#160
sherlock-admin
closed
1 year ago
0
Avci - lack of receive _Balance logic in contract PoolBalances.sol
#159
sherlock-admin
closed
1 year ago
0
mau - Lack of reserve ratio check in sendPortfolio/receivePortfolio allows undercollateralized transfers
#158
sherlock-admin
closed
1 year ago
0
circlelooper - `Swap` function exposes users to unlimited slippage
#157
sherlock-admin
closed
1 year ago
0
0xDjango - Lack of Input Validation can Permanently DOS Oracle
#156
sherlock-admin
closed
1 year ago
7
stopthecap - Unconditional EMC => usd1 swap will fail if reserve ratio ≤ 100%
#155
sherlock-admin
closed
1 year ago
0
oxcm - Potential Future Timestamp Manipulation in the XOracle Contract
#154
sherlock-admin
closed
1 year ago
0
chainNue - Naive Price oracle design with a simple `putPrice` doesn't have any mechanism to protect from any abnormalities
#153
sherlock-admin
closed
1 year ago
2
kutugu - ReserveRatio calculation has precision error
#152
sherlock-admin
closed
1 year ago
5
mau - TimeController contract enables inappropriate adjustment of minimum delay
#151
sherlock-admin
closed
1 year ago
0
stopthecap - No clear threshold on when the oracle is updated will cause stale prices to be accepted
#150
sherlock-admin
opened
1 year ago
2
chainNue - In case Unitas removing token/pair then user's minted EMC token can't redeem back to USD1 then USDT
#149
sherlock-admin
closed
1 year ago
0
ctf_sec - Does not validate price freshness when using the oracle price, allowing stale oracle price to be used
#148
sherlock-admin
closed
1 year ago
0
0xyPhilic - Incorrect math causes loss for the user
#147
sherlock-admin
closed
1 year ago
14
mau - Stale price data can result in inaccurate token calculations
#146
sherlock-admin
closed
1 year ago
0
stopthecap - If any stable depegs, oracle will fail, disabling swaps
#145
sherlock-admin
opened
1 year ago
12
ctf_sec - No slippage protection and deadline check when swapping
#144
sherlock-admin
closed
1 year ago
0
radev_sw - Blacklisted accounts can DoS the withdraw collateral system
#143
sherlock-admin
closed
1 year ago
0
dipp - ```_getTotalReservesAndCollaterals``` may not account for all tokens deposited as collateral in the ```InsurancePool``` contract
#142
sherlock-admin
closed
1 year ago
0
carrotsmuggler - Incorrect pricing of tokens
#141
sherlock-admin
closed
1 year ago
0
qpzm - `XOracle` update is vulnerable to sandwich attack.
#140
sherlock-admin
closed
1 year ago
0
mrpathfindr - _getTotalLiabilities does not check if baseToken has been set yet leading to _checkReserveRatio failing.
#139
sherlock-admin
closed
1 year ago
0
carrotsmuggler - Insufficient checks on oracle price
#138
sherlock-admin
closed
1 year ago
0
mrpathfindr - Dangerous arbitrary timestamp parameters may lead to inaccurate results.
#137
sherlock-admin
closed
1 year ago
7
carrotsmuggler - Timelock cannot run repeated operations
#136
sherlock-admin
closed
1 year ago
1
okolicodes - Stale Prices could be returned due to lack of rounding chek on the getLatestPrie Function.
#135
sherlock-admin
closed
1 year ago
0
vagrant - Sandwiching price updates for profit
#134
sherlock-admin
closed
1 year ago
0
okolicodes - `Initializers` could be `frontrun`.
#133
sherlock-admin
closed
1 year ago
0
vagrant - Front Run of addBlackList() function
#132
sherlock-admin
closed
1 year ago
0
okolicodes - No Slippage Parameter where the `Minimum of tokens` to get after a `swap` is done is set to `zero` by default, `swaps` are prone to `sandwich attacks`.
#131
sherlock-admin
closed
1 year ago
0
Kaiziron - Front-running of addBlackList() function
#130
sherlock-admin
closed
1 year ago
0
capy_ - Reserve ratio not considered when sending amounts to portfolio
#129
sherlock-admin
closed
1 year ago
0
BugHunter101 - A malicious `Timelock` executor can launch an in-front attack by calling the `sendPortfolio()` function when attacker discover the user calling `withdrawCollateral()` . This will cause user calling `withdrawCollateral()` revert and DoS.
#128
sherlock-admin
closed
1 year ago
0
capy_ - Double accounting of `_getPortfolio` amounts
#127
sherlock-admin
closed
1 year ago
0
twcctop - _revokeRole may cause access control problem .
#126
sherlock-admin
closed
1 year ago
0
PokemonAuditSimulator - Accounting for fee-on-transfer tokens like USDT, can mess up the internal balances
#125
sherlock-admin
closed
1 year ago
0
twcctop - removeBlackList() may emit error message
#124
sherlock-admin
closed
1 year ago
0
DevABDee - Protocol can face consequences of No Oracle Usage: Frontrunning Attacks, USDT Depeg, and Center Point of Failure Vulnerabilities
#123
sherlock-admin
closed
1 year ago
0
PokemonAuditSimulator - `executeBatch()` could fail due to unbounded array
#122
sherlock-admin
closed
1 year ago
0
PokemonAuditSimulator - Protocol mints fee, instead of subtracting it from the user, causing infaltion
#121
sherlock-admin
closed
1 year ago
0
lokstory - Overflow when calculating the reserve ratio
#120
sherlock-admin
closed
1 year ago
0
YakuzaKiawe - Minting inconsistencies on ERC20Token
#119
sherlock-admin
closed
1 year ago
0
0x00ffDa - Swap of USD1 to USDT can revert due to portfolio usage
#118
sherlock-admin
closed
1 year ago
0
jprod15 - Swap could revert
#117
sherlock-admin
closed
1 year ago
0
tsueti_ - _safeMint() Should Be Used Rather Than _mint() Wherever Possible
#116
sherlock-admin
closed
1 year ago
0
PRAISE - Wrong logic in _sendPortfolio() found in PoolBalances.sol will cause illicit gain of tokens
#115
sherlock-admin
closed
1 year ago
0
Next