issues
search
sherlock-audit
/
2023-05-ironbank-judging
2
stars
2
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
santipu_ - Owner can steal all `underlying` tokens of `PToken` if used a proxied token
#449
sherlock-admin
closed
1 year ago
0
R-Nemes - IBTokens will be locked in market account if the oracle goes down
#448
sherlock-admin
closed
1 year ago
0
Aymen0909 - Chainlink's `latestRoundData()` can return stale or incorrect result
#447
sherlock-admin
closed
1 year ago
0
bin2chen - maxFlashLoan() when isBorrowPaused() should return 0
#446
sherlock-admin
closed
1 year ago
0
R-Nemes - No check of sequencer uptime
#445
sherlock-admin
closed
1 year ago
0
santipu_ - Lack of checks to avoid stale prices from Chainlink oracle
#444
sherlock-admin
closed
1 year ago
0
Hama - inIncorrect Normalization of Prices for Tokens with More Than 18 Decimals
#443
sherlock-admin
closed
1 year ago
0
bin2chen - Chainlink's latestRoundData return stale or incorrect result
#442
sherlock-admin
closed
1 year ago
0
santipu_ - Lack of sequencer uptime check when getting oracle data for Arbitrum or Optimism
#441
sherlock-admin
closed
1 year ago
0
bin2chen - getPriceFromChainlink() doesn't check If Arbitrum sequencer is down in Chainlink feeds
#440
sherlock-admin
opened
1 year ago
5
Arz - A Flash Loan can supply the borrowed amount instead of repaying it
#439
sherlock-admin
closed
1 year ago
5
bitsurfer - Missing Slippage and Deadline control on `Supply` and `Redeem` function
#438
sherlock-admin
closed
1 year ago
0
bitsurfer - `repay()` and `redeem()` functions are accessible at all times, even when borrowing, supplying and IB token Transfer functionalities may be in a paused state.
#437
sherlock-admin
closed
1 year ago
0
bitsurfer - `PriceOracle.getPriceFromChainlink()` will return the incorrect price for asset if underlying aggregator hits `minAnswer` or `maxAnswer`
#436
sherlock-admin
closed
1 year ago
0
bitsurfer - Oracle is not checking for sequencer uptime when IronBank deployed on Arbitrum
#435
sherlock-admin
closed
1 year ago
0
bitsurfer - Chainlink's latestRoundData might return stale or incorrect results
#434
sherlock-admin
closed
1 year ago
0
bitsurfer - Liquidations will be frozen, when the oracle go offline or a token's price dropping to zero
#433
sherlock-admin
closed
1 year ago
14
bitsurfer - `_getBorrowBalance()` returning the amount in favor for borrower, protocol will get less amount interest
#432
sherlock-admin
closed
1 year ago
0
bitsurfer - IronBank exchange rate is susceptible to significant manipulation due to the calculation method on the `_getExchangeRate` function
#431
sherlock-admin
closed
1 year ago
0
bitsurfer - Borrowers can manipulate the protocol in order to minimize the interest accrued on their borrow balance
#430
sherlock-admin
closed
1 year ago
0
slightscan - Flashloan received tokens amount isn't controlled
#429
sherlock-admin
closed
1 year ago
0
Hama - Chainlink’s latestRoundData Might Return Stale Results
#428
sherlock-admin
closed
1 year ago
0
innertia - May not be able to remove the market
#427
sherlock-admin
closed
1 year ago
0
saidam017 - delist market not clearing user borrows and user supplies mapping, could cause issue if market listed again
#426
sherlock-admin
closed
1 year ago
7
innertia - precision loss in some formulas
#425
sherlock-admin
closed
1 year ago
0
innertia - Lack of access control for absorb function
#424
sherlock-admin
closed
1 year ago
0
innertia - If users enter too many markets, they will not be able to exit.
#423
sherlock-admin
closed
1 year ago
0
innertia - Flash loan feature not available on some tokens
#422
sherlock-admin
closed
1 year ago
0
innertia - Disable Liquidate function
#421
sherlock-admin
closed
1 year ago
0
devScrooge - DOS for supplyPToken due to not approving 0 amount first
#420
sherlock-admin
closed
1 year ago
5
devScrooge - Anyone can defer liquidity for other users
#419
sherlock-admin
closed
1 year ago
0
devScrooge - User can be liquidable in one market but avoid being set as 'liquidable'
#418
sherlock-admin
closed
1 year ago
0
devScrooge - `collateralFactor` can be set to `0` leading to allowing any user to execute actions on IronBank
#417
sherlock-admin
closed
1 year ago
0
innertia - Even if market information is deleted, the user's borrowing and supply data will remain.
#416
sherlock-admin
closed
1 year ago
0
devScrooge - Any user is able to mint PTokens for free
#415
sherlock-admin
closed
1 year ago
0
devScrooge - It is possible to set invalid aggregators
#414
sherlock-admin
closed
1 year ago
0
devScrooge - It is not checked if sequencer is down in Chainlink feeds
#413
sherlock-admin
closed
1 year ago
0
innertia - Attackers can front-run credit limit settings to spend amounts not intended by the setter
#412
sherlock-admin
closed
1 year ago
0
devScrooge - No check if Chainlink's function `.latestsRoundData` returns stale prices.
#411
sherlock-admin
closed
1 year ago
0
devScrooge - Borrower can not be seized even if a liquidation occurs
#410
sherlock-admin
closed
1 year ago
0
devScrooge - Interest is not accrued in crucial parts
#409
sherlock-admin
closed
1 year ago
0
innertia - IBToken cannot be transferred.
#408
sherlock-admin
closed
1 year ago
0
0x3b - Funds could be stolen from `TxBuilderExtension.sol` and `UniswapExtension.sol` due to improper use of `msg.value`
#407
sherlock-admin
closed
1 year ago
0
Pheonix - Lack of freshness check while retrieving price from oracle
#406
sherlock-admin
closed
1 year ago
0
Auditwolf - Excess funds after a swap are not returned to the user.
#405
sherlock-admin
closed
1 year ago
8
innertia - CreditLimit cannot be set to zero.
#404
sherlock-admin
closed
1 year ago
0
innertia - If the user enters the market too much, the borrow function will be disabled.
#403
sherlock-admin
closed
1 year ago
0
Ocean_Sky - If Price falls to zero, liquidations will be frozen
#402
sherlock-admin
closed
1 year ago
0
innertia - Transfer fails in ERC20 with Revert on Large Transfers feature
#401
sherlock-admin
closed
1 year ago
0
innertia - The redeem function is disabled.
#400
sherlock-admin
closed
1 year ago
0
Previous
Next