sherlock-audit 2023-05-dodo-judging issues

sherlock-audit / 2023-05-dodo-judging

6 stars 2 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

ak1 - MarginTrading.sol#L365 : Not checking the valid amount of transfer is not safe.

#194 sherlock-admin closed 1 year ago
0
J4de - [H] Approve is not cleared to `0` after `_lendingPoolDeposit` ends

#193 sherlock-admin closed 1 year ago
0
alexzoid - ERC20 transfer and approval return value not managed

#192 sherlock-admin closed 1 year ago
0
alexzoid - A Potential "Griefing" Attack Could Drain Funds from `MarginTrading` Contract

#191 sherlock-admin closed 1 year ago
0
Tendency - Users Are Forced To Give Maximum Allowance to Aave lendingPool

#190 sherlock-admin closed 1 year ago
0
J4de - Malicious `_swapAddress` could steal all user funds

#189 sherlock-admin closed 1 year ago
0
sam_gmk - USER CANNOT INCREASE MARGIN

#188 sherlock-admin closed 1 year ago
2
J4de - No slippage protection for each swap

#187 sherlock-admin closed 1 year ago
0
J4de - `MarginTrading.sol` contract defaults to approve `type(uint256).max`

#186 sherlock-admin closed 1 year ago
0
J4de - Some token do not support approve `type(uint256).max`

#185 sherlock-admin closed 1 year ago
0
J4de - Does not use `safeApprove`

#184 sherlock-admin closed 1 year ago
0
J4de - Does not use `safeTransfer`

#183 sherlock-admin closed 1 year ago
0
J4de - `MarginTrading.sol` has unnecessary approve

#182 sherlock-admin closed 1 year ago
0
Quantish - Consider using `safeTransfer` instead of `transfer`

#181 sherlock-admin closed 1 year ago
0
GimelSec - `MarginTrading.withdrawERC20` may not receive the correct amount from `_lendingPoolWithdraw`

#180 sherlock-admin closed 1 year ago
1
ak1 - MarginTradingFactory.sol : Contract does not user the SafeERC20, though it is inherited

#179 sherlock-admin closed 1 year ago
0
sam_gmk - MISSING CONTRACT CHECK

#178 sherlock-admin closed 1 year ago
0
Quantish - Token approvals (and the further code) may revert sometimes

#177 sherlock-admin closed 1 year ago
0
GimelSec - Unnecessary `_approveToken` in `MarginTrading._lendingPoolWithdraw()`.

#176 sherlock-admin closed 1 year ago
0
simon135 - An attacker can reenter with `multicall->depositMarginTradingETH` and cause loss of funds

#175 sherlock-admin closed 1 year ago
0
simon135 - Matic doent work in this contract

#174 sherlock-admin closed 1 year ago
0
simon135 - An attacker might be able to to greif users on variable rate and causing dos

#173 sherlock-admin closed 1 year ago
0
Tendency - MarginTradingFactory#createMarginTrading Hardcodes the Wrong _depositFlag for Eth Deposits

#172 sherlock-admin closed 1 year ago
0
SanketKogekar - `abi.encodePacked` should stop to be used since there are conversions around to deprecate it in future versions of Solidity

#171 sherlock-admin closed 1 year ago
0
SanketKogekar - Use `safeTransfer` consistently instead of `transfer`

#170 sherlock-admin closed 1 year ago
0
SanketKogekar - Transaction will revert when using USDT tokens (or other non-compliant ERC20 tokens)

#169 sherlock-admin closed 1 year ago
0
qpzm - `MarginTrading._lendingPoolWithdraw` approves unnecessarily.

#168 sherlock-admin closed 1 year ago
0
simon135 - If a user gets blacklisted from usdc,they wont be able to withdraw usdc

#167 sherlock-admin closed 1 year ago
0
simon135 - When proxy/owner call `executeFlashLoans` they can steal funds

#166 sherlock-admin closed 1 year ago
0
circlelooper - MarginTrading could be drained of funds by malicious user

#165 sherlock-admin closed 1 year ago
0
Quantish - `MarginTrading.executeOperation` misses the flashloan initiator check so anyone can get access to user's funds

#164 sherlock-admin closed 1 year ago
0
sam_gmk - `executeFlashLoans` does not verify that assets and amounts are the same length

#163 sherlock-admin closed 1 year ago
0
0xGusMcCrae - Unchecked ERC20 token transfer can cause locking of funds.

#162 sherlock-admin closed 1 year ago
0
BowTiedOriole - Payable multicall function in MarginTradingFactory can result in misused funds

#161 sherlock-admin closed 1 year ago
0
sam_gmk - INFINTE APPROVALS ARE GRANTED

#160 sherlock-admin closed 1 year ago
0
SaharDevep - Unrecoverable Ether locking in contracts

#159 sherlock-admin closed 1 year ago
0
GimelSec - `Margin.withdrawETH` shouldn't be payable

#158 sherlock-admin closed 1 year ago
0
SaharDevep - Unchecked return value of transfer()

#157 sherlock-admin closed 1 year ago
0
Jiamin - User's Debt Positions could be manipulated by Attacker

#156 sherlock-admin closed 1 year ago
0
chainNue - Allowance is not set to zero first before approving

#155 sherlock-admin closed 1 year ago
0
0xrobsol - No address(0) check or return check.

#154 sherlock-admin closed 1 year ago
0
Tendency - An Attacker can Perform a DoS Attack on The Contract Using MarginTradingFactory multiCall function

#153 sherlock-admin closed 1 year ago
0
GimelSec - `MarginTrading.sol` can't be upgradable.

#152 sherlock-admin closed 1 year ago
17
ctf_sec - Owner of the factory should be able to take fund when isAllowedProxy set is on

#151 sherlock-admin closed 1 year ago
1
BowTiedOriole - All tokens can be stolen from MarginTrading due to unsafe executeOperation

#150 sherlock-admin closed 1 year ago
0
ctf_sec - Lack of consideration when liquidation happens, there is no check about the collateral ratio when doing lend token withdraw

#149 sherlock-admin closed 1 year ago
2
0xAsen - Giving infinite approvals is dangerous

#148 sherlock-admin closed 1 year ago
0
paspe - Token should be approved with zero amount first and then uint.max

#147 sherlock-admin closed 1 year ago
0
Juntao - Attacker can drain assets from MarginTrading by greifing attack

#146 sherlock-admin closed 1 year ago
0
ctf_sec - Lack of token whitelisting

#145 sherlock-admin closed 1 year ago
2