sherlock-audit 2023-05-USSD-judging issues

sherlock-audit / 2023-05-USSD-judging

9 stars 7 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

0xpinky - USSDRebalancer.sol : flutterRatios is not used properly.

#970 sherlock-admin closed 1 year ago
0
SensoYard - Wrong addresses in the StableOracleDAI contract

#969 sherlock-admin closed 1 year ago
0
BugBusters - Precision loss in `rebalance()` function

#968 sherlock-admin closed 1 year ago
6
simon135 - DAI can be overshoot causing a USSD depegg

#967 sherlock-admin closed 1 year ago
0
qpzm - `USSDRebalancer.getOwnValuation()` is vulnerable to flashswap attack.

#966 sherlock-admin closed 1 year ago
0
ni8mare - Using `slot0` to calculate prices can be manipulated.

#965 sherlock-admin closed 1 year ago
0
theOwl - Wrong Uniswap pool reserve calculation can affect rebalance process

#964 sherlock-admin closed 1 year ago
0
0xpinky - Do not allow rebalance when getOwnValuation returns zero price value

#963 sherlock-admin closed 1 year ago
0
simon135 - Werid edge case that causes flutters not to work like the whitepaper says

#962 sherlock-admin closed 1 year ago
0
mahdikarimi - Inflation attack to rebalance

#961 sherlock-admin closed 1 year ago
5
PNS - No permissions in mintRebalancer/burnRebalancer

#960 sherlock-admin closed 1 year ago
0
whiteh4t9527 - rebalance() could be manipulated by flash loan

#959 sherlock-admin closed 1 year ago
0
WATCHPUG - Lack of Redeem Feature

#958 sherlock-admin opened 1 year ago
8
simon135 - We can profit from public and burn mint function

#957 sherlock-admin closed 1 year ago
0
m4ttm - Missing `onlyBalancer` modifier on `mintRebalancer` and `burnRebalancer`

#956 sherlock-admin closed 1 year ago
0
berlin-101 - Initializing of implementation contracts is missing

#955 sherlock-admin closed 1 year ago
0
m4ttm - Incorrect assumption on call reverting when DAI is not purchased

#954 sherlock-admin closed 1 year ago
0
Cryptor - Tokens left in the USSD contract is vulnerable to flash loan griefing attack

#953 sherlock-admin closed 1 year ago
0
m4ttm - Trading on Uniswap is done without slippage protection

#952 sherlock-admin closed 1 year ago
0
simon135 - WEIRD edge case by same dai and USSD amount

#951 sherlock-admin closed 1 year ago
0
simon135 - Attackers can control how rebalance happens by changing balances

#950 sherlock-admin closed 1 year ago
6
Avci - The mint amount may be wrong calculate due to division before multiplication precision issues.

#949 sherlock-admin closed 1 year ago
0
BugBusters - There isn't any redeem function in the code

#948 sherlock-admin closed 1 year ago
0
0xRan4212 - Swaps have unbounded slippage.

#947 sherlock-admin closed 1 year ago
0
0xpinky - USSDRebalancer.sol#L109 : BuyUSSDSellCollateral does not check whether valid amount of DAI is obtained during swapping

#946 sherlock-admin closed 1 year ago
0
JohnnyTime - Admin can RUG all collateral assets in a not obvious sneaky way #1

#945 sherlock-admin closed 1 year ago
0
SensoYard - getSupplyProportion() is not suited for uniswap V3 - could lead to a DOS

#944 sherlock-admin closed 1 year ago
0
CodeFoxInc - Oracle manipulation is possible if the pool’s liquidity is low and TVL of USSD is high

#943 sherlock-admin closed 1 year ago
0
simon135 - If `token1=Dai` the rebalance mostly wont work with high USSD value

#942 sherlock-admin closed 1 year ago
0
mahdikarimi - lack of removing approvals after set a new router

#941 sherlock-admin closed 1 year ago
5
GimelSec - `USSDRebalancer.SellUSSDBuyCollateral` should revert if `flutter == flutterRatios.length`

#940 sherlock-admin closed 1 year ago
1
AlexCzm - Wrong price calculation

#939 sherlock-admin closed 1 year ago
0
Avci - the project says never sell too much ussd for collateral but doesnt have any logic to mitigate this.

#938 sherlock-admin closed 1 year ago
0
simon135 - in `getOwnValution` we dont use a twap variable but instead use a not protected manipulates price

#937 sherlock-admin closed 1 year ago
0
sam_gmk - Price returned is always zero

#936 sherlock-admin closed 1 year ago
0
PNS - Lack of checking whether the calculations are based on fresh data from chainlink.

#935 sherlock-admin closed 1 year ago
0
theOwl - Uniswap pool fee is hardcoded which can lead to price manipulation problems

#934 sherlock-admin closed 1 year ago
0
MohammedRizwan - Missing deadline checks allow pending transactions to be maliciously executed

#933 sherlock-admin closed 1 year ago
0
simon135 - Sandwitch attack will happen because no check on slippage

#932 sherlock-admin closed 1 year ago
0
0xRan4212 - Out-of-range liquidity can be used to manipulate the USSD automated rebalances

#931 sherlock-admin closed 1 year ago
1
0xpinky - USSD.sol : Lack of slippage protection for swap to buy collateral by selling the USSD or to buy USSD by selling collateral

#930 sherlock-admin closed 1 year ago
0
BugBusters - `calculateMint` isn't taking `collateralFactor` in Account causing loss of funds for user

#929 sherlock-admin closed 1 year ago
0
simon135 - If the first rebalance dosnt have collateral for each token it will revert

#928 sherlock-admin closed 1 year ago
0
innertia - When invoking SellUSSDBuyCollateral, if CollateralList is being edited, the function may exit without achieving its objective.

#927 sherlock-admin closed 1 year ago
0
w42d3n - Chainlink's latestRoundData might return stale price

#926 sherlock-admin closed 1 year ago
0
theOwl - Price manipulation through open minting and rebalancing of assets to steal USSD collaterals

#925 sherlock-admin closed 1 year ago
0
evilakela - No slippage protection in USSD#UniV3SwapInput

#924 sherlock-admin closed 1 year ago
0
SensoYard - getOwnValuation() of the USSDRebalancer is easily manipulated (Uniswap V3 spot price)

#923 sherlock-admin closed 1 year ago
0
innertia - Under the condition that collateralval > amountToBuyLeftUSD, the calculation of amountToSellUnits is always zero.

#922 sherlock-admin closed 1 year ago
0
HonorLt - Uniswap 0 deadline

#921 sherlock-admin closed 1 year ago
0