issues
search
sherlock-audit
/
2023-05-ironbank-judging
2
stars
2
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
0xpinky - `ironBank.accrueInterest` is not called when calling the `getSupplyBalance` and `getBorrowBalance`
#499
sherlock-admin
closed
1 year ago
7
simon135 - An attacker can borrow with out collateral and gain free tokens through reentrancy
#498
sherlock-admin
closed
1 year ago
0
josephdara - Market Config
#497
sherlock-admin
closed
1 year ago
0
jayphbee - System parameter change could make user's position unexpectedly liquidatable.
#496
sherlock-admin
closed
1 year ago
0
zklim - interestRateModelAddress is not checked during listMarket() in MarketConfigurator.sol
#495
sherlock-admin
closed
1 year ago
0
evilakela - UniswapV2Utils library uses pool reserve to determine asset price
#494
sherlock-admin
closed
1 year ago
0
josephdara - Critical Bug in Delisting
#493
sherlock-admin
closed
1 year ago
0
ni8mare - `accrueInterest` method is not called before updating `reserveFactor` of a market
#492
sherlock-admin
closed
1 year ago
0
josephdara - Storage Slot Collision Due to Contracts Upgrade
#491
sherlock-admin
closed
1 year ago
0
anthony - Price oracle could get a stale price
#490
sherlock-admin
closed
1 year ago
0
0xpinky - TxBuilderExtension.sol : `repayNativeToken` does not return the excess funds to the user.
#489
sherlock-admin
closed
1 year ago
8
josephdara - Precision Loss causing loss of funds to the liquidator
#488
sherlock-admin
closed
1 year ago
0
evilakela - IronBank::_getExchangeRate doesn't account for market decimals
#487
sherlock-admin
closed
1 year ago
0
gkrastenov - Delisting market will not delete userBorrows and userSupplies
#486
sherlock-admin
closed
1 year ago
0
ni8mare - Hard-coded Slippage May Freeze User Funds
#485
sherlock-admin
closed
1 year ago
0
GimelSec - `PToken.absorb` should have access control.
#484
sherlock-admin
closed
1 year ago
0
0xpinky - PToken.sol : `function absorb` is public and it can be called by anyone
#483
sherlock-admin
closed
1 year ago
11
anthony - User can prevent liquidations by frontrunning the tx and slightly increasing their collateral
#482
sherlock-admin
closed
1 year ago
0
josephdara - Liquidation Failure
#481
sherlock-admin
closed
1 year ago
0
simon135 - oracle has no check if the sequencer is alive
#480
sherlock-admin
closed
1 year ago
0
evilakela - InterestRateModelInterface::getBorrowRate doesn't account for market decimals
#479
sherlock-admin
closed
1 year ago
0
simon135 - no check on timestamp for latestRoundData
#478
sherlock-admin
closed
1 year ago
0
ni8mare - No slippage protection in swap functions of UniswapExtension.sol
#477
sherlock-admin
closed
1 year ago
0
0xpinky - PriceOracle.sol#L66 : Freshness of asset price is not checked when using the chainlink's `latestRoundData`
#476
sherlock-admin
closed
1 year ago
0
jayphbee - getPriceFromChainlink() could get stale price.
#475
sherlock-admin
closed
1 year ago
0
josephdara - L2 sequencer Downtime
#474
sherlock-admin
closed
1 year ago
0
Arz - Setting the liquidationThreshold to 0 puts some users at risk of getting liquidated
#473
sherlock-admin
closed
1 year ago
7
0xMAKEOUTHILL - No checks if an Arbitrum L2 sequencer is down
#472
sherlock-admin
closed
1 year ago
0
josephdara - Stale Price from Oracle
#471
sherlock-admin
closed
1 year ago
0
evilakela - Chainlink's latestRoundData return no checks for stale or incorrect result
#470
sherlock-admin
closed
1 year ago
0
gkrastenov - Returned values of Chainlink Oracle are not verified
#469
sherlock-admin
closed
1 year ago
0
ni8mare - No checks for whether Arbitrum sequencer is down
#468
sherlock-admin
closed
1 year ago
0
evilakela - Anyone can steal ETH in TxBuilderExtension contract that should be seized by the owner
#467
sherlock-admin
closed
1 year ago
0
Kose - Check for stale data before trusting Chainlink's response
#466
sherlock-admin
closed
1 year ago
0
evilakela - Loss of msg.value sended with TxBuilderExtension::execute in certain cases
#465
sherlock-admin
closed
1 year ago
0
0xMosh - Attacker can frontrun and mint user's token to his address
#464
sherlock-admin
closed
1 year ago
0
Nyx - Users wont exit market correctly when input amount is not uint256.max
#463
sherlock-admin
closed
1 year ago
0
holyhansss - Not Checking for stale data in PriceOracle.sol
#462
sherlock-admin
closed
1 year ago
0
0xMAKEOUTHILL - Can't unpause a listed PToken market
#461
sherlock-admin
closed
1 year ago
0
ni8mare - Oracle return values are not being checked.
#460
sherlock-admin
closed
1 year ago
0
kn0t - Oracle data feed is insufficiently validated.
#459
sherlock-admin
closed
1 year ago
0
bin2chen - liquidate() Lack of restriction that liquidator cannot be a CreditAccount
#458
sherlock-admin
closed
1 year ago
4
0xMAKEOUTHILL - Market not delisted properly
#457
sherlock-admin
closed
1 year ago
0
qbs - Lack of proper gap between maximal LTV and liquidation LTV ratios
#456
sherlock-admin
closed
1 year ago
0
Aymen0909 - Many functions will fail because they runs out of gas if a user has entered many markets
#455
sherlock-admin
closed
1 year ago
0
martin - `getPriceFromChainlink` function might return stale results
#454
sherlock-admin
closed
1 year ago
0
saidam017 - Chainlink oracle data is not validated, could return unwanted price value.
#453
sherlock-admin
closed
1 year ago
0
bin2chen - setCreditLimit() CreditAccount may can't be canceled
#452
sherlock-admin
closed
1 year ago
2
saidam017 - `TripleSlopeRateModel` and accrue interest, could get unexpected behavior with WBTC
#451
sherlock-admin
closed
1 year ago
0
Aymen0909 - Missing checks for whether Arbitrum Sequencer is active
#450
sherlock-admin
closed
1 year ago
0
Next