sherlock-audit 2023-12-ubiquity-judging issues

sherlock-audit / 2023-12-ubiquity-judging

2 stars 2 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Issue test Ubiquity Bot

#235 molecula451 closed 9 months ago
3
Update ubiquibot-config.yml

#234 0x4007 closed 9 months ago
2
Issue Test Ubiquity Bot

#233 molecula451 closed 9 months ago
14
Create ubiquibot-config.yml

#232 0x4007 closed 9 months ago
1
0xnirlin - Wrong number for blocks in a week

#230 sherlock-admin2 closed 10 months ago
3
ge6a - The 'Dollar price too low' check may be insufficient under certain circumstances

#229 sherlock-admin closed 10 months ago
2
0xnirlin - User cannot collect redemption even if called the redeem function while redeem was not paused.

#228 sherlock-admin2 closed 10 months ago
1
FastTiger - In case the EOA and contract who redeemed Dollar and have not collected redemption yet makes a loss, the unclaimedPoolCollateral will be not changed.

#227 sherlock-admin closed 10 months ago
3
bareli - Stale Price Data:

#226 sherlock-admin2 closed 10 months ago
2
FastTiger - In LibUbiquityPool.sol, it is not right to not be able to call LibUbiquityPool.sol::collectRedemption() when the user has isRedeemPaused=true.

#225 sherlock-admin closed 10 months ago
0
FastTiger - If a user predicts that the ChainLinkPrice price will fall, he or she may preserve the value of his collateral and the protocol may suffer damages.

#224 sherlock-admin2 closed 10 months ago
2
bareli - Assumption of Equal Reserves

#223 sherlock-admin closed 10 months ago
2
bareli - Centralization Risk:

#222 sherlock-admin2 closed 10 months ago
3
GatewayGuardians - Incorrect peg for uAD when protocol is deployed

#221 sherlock-admin closed 10 months ago
2
0xnirlin - Mint and Redeem function don't have the functionality of adding deadline check.

#220 sherlock-admin2 closed 10 months ago
2
bareli - Function Selector Clashes:

#219 sherlock-admin closed 10 months ago
4
0xmystery - Users could run into DoS when calling collectRedemption() due to increased change of redemptionDelayBlocks

#218 sherlock-admin2 closed 10 months ago
3
ge6a - Protocol insolvency and the user's inability to redeem their tokens

#217 sherlock-admin closed 10 months ago
2
0xnirlin - Loss of fee in `ubiquity.sol`

#216 sherlock-admin2 closed 10 months ago
2
Varun_05 - Price should be checked after it has been reduced to e6 precision

#215 sherlock-admin closed 10 months ago
3
fugazzi - Collect redemption doesn't check if the collateral is enabled

#214 sherlock-admin2 closed 10 months ago
2
0xnirlin - Calling redeem before claiming previous redeem tokens delay previous redeem batches too.

#213 sherlock-admin closed 10 months ago
2
GatewayGuardians - Ubiquity Pool: TWAP price oracle manipulation to steal collateral tokens

#212 sherlock-admin2 closed 10 months ago
2
unforgiven - function _checkAndApplyIncentives() would call `incentivize()` for same address multiple times if sender==recipient

#211 sherlock-admin closed 10 months ago
0
0xnirlin - `addAmoMinter` cannot be used in current state and will always revert

#210 sherlock-admin2 closed 10 months ago
3
cducrest-brainbot - TWAPOracle price are calculated on very small windows

#209 sherlock-admin closed 10 months ago
2
0xmystery - Protocol could run into incurring losses due to incorrect collateral pricing if when Chainlink Aggregator is reaching minAnswer/maxAnswer

#208 sherlock-admin2 closed 10 months ago
2
Varun_05 - Should not be allowed to mint dollar when collateral needed to mint dollar is equal to zero.

#207 sherlock-admin closed 10 months ago
2
ydlee - The collateral redeemed but not collected yet may be borrowed by AMO minter, causing user to fail to collect them.

#206 sherlock-admin2 closed 10 months ago
0
0xnirlin - Issue in access controls leads to not being able to create pool at all or pool loses it's mint and burning functionality

#205 sherlock-admin closed 10 months ago
2
fugazzi - UbiquityPool implementation doesn't support tokens with more than 18 decimals

#204 sherlock-admin2 closed 10 months ago
3
fugazzi - Precision loss while downscaling Chainlink price feed

#203 sherlock-admin closed 10 months ago
3
fugazzi - Missing circuit breaker and deviations check in Chainlink price feed

#202 sherlock-admin2 closed 10 months ago
2
fugazzi - TWAP oracle is incompatible with current Curve metapool implementation

#201 sherlock-admin closed 10 months ago
4
fugazzi - Strict check in TWAP Oracle set up can be easily griefed

#200 sherlock-admin2 closed 10 months ago
2
bareli - new admin role can be same as old admin

#199 sherlock-admin closed 10 months ago
3
fugazzi - Calldata length is not validated in Diamond dispatch logic

#198 sherlock-admin2 closed 10 months ago
2
cducrest-brainbot - LibTWAPOracle price can be manipualted through falsh loans

#197 sherlock-admin closed 10 months ago
2
bitsurfer - `setPool` open for front-run issue (swap, add liquidity), resulting TWAP oracle failed to initialized

#196 sherlock-admin2 closed 10 months ago
2
fugazzi - Collateral balance in USD may use stale oracle price

#195 sherlock-admin closed 10 months ago
2
fugazzi - Fragile collateralization model will likely cause bad debt

#194 sherlock-admin2 closed 10 months ago
2
fugazzi - Intrinsic arbitrage in UbiquityPool could be used to steal value from the pool

#193 sherlock-admin closed 10 months ago
2
fugazzi - TWAP oracle returns incorrect price

#192 sherlock-admin2 closed 10 months ago
2
bareli - No access control

#191 sherlock-admin closed 10 months ago
3
dany.armstrong90 - The collateralToken can be duplicated in LibUbiquityPool.

#190 sherlock-admin2 closed 10 months ago
2
Varun_05 - Any collateral index can be passed by the user which can cause loss of funds

#189 sherlock-admin closed 10 months ago
2
bareli - Update Frequency

#188 sherlock-admin2 closed 10 months ago
3
osmanozdemir1 - `LibTWAPOracle::consult()` function should update prices before returning

#187 sherlock-admin closed 10 months ago
2
bareli - Oracle Manipulation

#186 sherlock-admin2 closed 10 months ago
3
unforgiven - attacker can DOS admins calls to setPool and prevent protocol from updating

#185 sherlock-admin closed 10 months ago
2