sherlock-audit 2023-12-jojo-exchange-update-judging issues

sherlock-audit / 2023-12-jojo-exchange-update-judging

10 stars 6 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

`Function` is not good

#91 0xflare2684 closed 7 months ago
0
millietez - Unprotected call to a custom contract

#90 sherlock-admin closed 9 months ago
2
404Notfound - Incorrect `withdrawEarnUSDCAmount` is returned in function `FundingRateArbitrage.sol#requestWithdraw`

#89 sherlock-admin2 closed 9 months ago
4
giraffe - Gas griefing of Owner through requestWithdraw

#88 sherlock-admin closed 9 months ago
13
millietez - Sent native ether will not be recorded in the contract

#87 sherlock-admin2 closed 9 months ago
2
millietez - No validation of the address parameter value in the contract constructor

#86 sherlock-admin closed 9 months ago
2
0xC - Ignoring the Return Value of `IJUSDBank(jusdBank).repay(JUSDAmount, to)` in the `GeneralRepay` Contract

#85 sherlock-admin2 closed 9 months ago
1
dany.armstrong90 - There is no consideration about difference of decimals of JUSD and collaterals in JUSDBank.

#84 sherlock-admin closed 9 months ago
2
dany.armstrong90 - Administrator could initialize bad debt by mistake.

#83 sherlock-admin2 closed 9 months ago
2
FastTiger - Due to an error in the `Funding.sol#requestWithdraw` function, legal `withdraw` fails.

#82 sherlock-admin closed 9 months ago
1
dany.armstrong90 - JUSDOperation.sol#initReserve function misses the check of _initialMortgageRate < _liquidationMortgageRate.

#81 sherlock-admin2 closed 9 months ago
2
FastTiger - `tRate` was calculated incorrectly in the `JUSDBankStorage.sol#accrueRate` function.

#80 sherlock-admin closed 9 months ago
1
404Notfound - Lack of access control in `BotSubaccountFactory.sol#newSubaccount()`

#79 sherlock-admin2 closed 9 months ago
2
lil.eth - Users can still avoid to be liquidated

#78 sherlock-admin closed 9 months ago
3
giraffe - Donation attack can steal other user's funds in FundingRateArbitrage

#77 sherlock-admin2 closed 9 months ago
1
giraffe - Lack of input validation for executeWithdraw leads to total loss of funds

#76 sherlock-admin closed 9 months ago
1
OrderSol - User can DDOS withdrawal of funds for other user

#75 sherlock-admin2 closed 9 months ago
2
Irissme - Lack of nonReentrant Modifier in External Contract Interactions

#74 sherlock-admin closed 9 months ago
2
Irissme - Missing nonReentrant Modifier in repayJUSD Function

#73 sherlock-admin2 closed 9 months ago
2
OrderSol - User can circumvent withdrawTimeLock by using several accounts

#72 sherlock-admin closed 9 months ago
4
Varun_05 - Lack of slippage check when a user requests a withdraw in FundingRateArbitrage.sol

#71 sherlock-admin2 closed 9 months ago
1
Varun_05 - A spender(operator) cannot request withdraw on behalf of the client due to a error in values

#70 sherlock-admin closed 9 months ago
1
lil.eth - Instant Liquidation Risk Due to maxColBorrowPerAccount Reduction in Smart Contract

#69 sherlock-admin2 closed 9 months ago
2
giraffe - Missing fallback oracle in OracleAdaptorWstETH

#68 sherlock-admin closed 9 months ago
9
giraffe - Missing Sequencer uptime feed check in Oracles can cause unfair liquidations and other issues

#67 sherlock-admin2 closed 9 months ago
1
giraffe - Users receive less than expected due to lack of slippage and deadline controls for requestWithdraw

#66 sherlock-admin closed 9 months ago
7
giraffe - Unsafe casting of Int256 perpNetValue leads to DOS

#65 sherlock-admin2 closed 9 months ago
17
bitsurfer - `pendingPrimaryWithdraw`, `pendingSecondaryWithdraw` is not cleared out on `_withdraw` resulting user can have instant withdrawal when `fastWithdraw` is disabled

#64 sherlock-admin closed 9 months ago
2
bareli - No Validation of Input

#63 sherlock-admin2 closed 9 months ago
2
bareli - validate the from address.

#62 sherlock-admin closed 9 months ago
2
bitsurfer - Checking whether account safe is not using correct rate on JUSDBank withdraw function

#61 sherlock-admin2 closed 9 months ago
1
bareli - Gas Limit

#60 sherlock-admin closed 9 months ago
2
bitsurfer - No way to take out USDC from JUSDBank

#59 sherlock-admin closed 9 months ago
2
detectiveking - Discrepancy between accrueRate and getTRate in `JUSDBankStorage` leads to issues

#58 sherlock-admin closed 9 months ago
1
detectiveking - FundingRateArbitrage contract can be drained due to rounding error

#57 sherlock-admin opened 9 months ago
13
detectiveking - FundingRateArbitrage suffers same share-inflation issues as ERC4626 vaults

#56 sherlock-admin closed 9 months ago
1
detectiveking - Fee skirting in FundingRateArbitrage

#55 sherlock-admin closed 9 months ago
2
0x52 - FundRateArbitrage is vulnerable to inflation attacks

#54 sherlock-admin opened 9 months ago
71
0x52 - Funding#requestWithdraw uses incorrect withdraw address

#53 sherlock-admin opened 9 months ago
5
0x52 - Liquidator can extract additional value from liquidations by selling more collateral than necessary

#52 sherlock-admin closed 9 months ago
10
0x52 - Arbitrary call in Funding#_withdraw can be used to drain all contract balances

#51 sherlock-admin closed 9 months ago
1
bareli - borrowFeeRate is never initialized

#50 sherlock-admin closed 9 months ago
2
0xC - Unhandled return values of `transfer` and `transferFrom` functions

#49 sherlock-admin closed 9 months ago
3
bareli - no check for same decimal for primary and secondary.

#48 sherlock-admin closed 9 months ago
2
bareli - Missing JOJOStorage Import:

#47 sherlock-admin closed 9 months ago
2
bareli - Gas Limitations

#46 sherlock-admin closed 9 months ago
2
0xC - Lack of validation for negative values in the `deposit` function within the `FundingRateArbitrage` contract

#45 sherlock-admin closed 9 months ago
2
bareli - Input Validation

#44 sherlock-admin closed 9 months ago
2
bareli - use safetransferfrom and safetransfer instead of transferfrom and transfer

#43 sherlock-admin closed 9 months ago
1
bareli - check the return value of function

#42 sherlock-admin closed 9 months ago
1