issues
search
sherlock-audit
/
2023-12-ubiquity-judging
2
stars
2
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
cducrest-brainbot - TWAPOracle price can be manipulated by depositing / withdrawing from the underlying pool
#184
sherlock-admin2
closed
10 months ago
0
unforgiven - attacker can bypass function whitelist in Diamond pattern and call fallback() function because code doesn't check data.length>=4
#183
sherlock-admin
closed
10 months ago
2
cducrest-brainbot - Protocol may become insolvent
#182
sherlock-admin2
closed
10 months ago
6
osmanozdemir1 - The TWAP logic is incorrect and even the updated prices are not actually up to date
#181
sherlock-admin
closed
10 months ago
2
Dliteofficial - Increase in the Redemption Delay Blocks postpones the redemption of the user beyond necessary
#180
sherlock-admin2
closed
10 months ago
2
bareli - _newOwner can be equal to current owner.
#179
sherlock-admin
closed
10 months ago
3
infect3d - Wrong rouding direction in mintDollar make it possible to mint Dollars against 0 collateral
#178
sherlock-admin2
closed
10 months ago
2
bareli - Access Control
#177
sherlock-admin
closed
10 months ago
3
infect3d - LibTWAPOracle.setPool can be DoS'd by sending 1 wei to imbalance pools reserves
#176
sherlock-admin2
closed
10 months ago
2
infect3d - TWAP oracle is manipulable as the only time-window requirement is `blockTimestamp
#175
sherlock-admin
closed
10 months ago
2
cducrest-brainbot - Pool ceiling check does not take into account AMO
#174
sherlock-admin2
closed
10 months ago
2
infect3d - AmoMinterBorrow can DoS the pool by causing an underflow state
#173
sherlock-admin
closed
10 months ago
0
bareli - Input Validation:
#172
sherlock-admin2
closed
10 months ago
3
cducrest-brainbot - Chainlink oracle prices can be stale or incorrect
#171
sherlock-admin
closed
10 months ago
2
hancook - TWAPOracleDollar3poolFacet contract owner can't set pool success by 1 wei attack
#170
sherlock-admin2
closed
10 months ago
2
Arz - The TWAP interval is too short which makes manipulating the price easier
#169
sherlock-admin
closed
10 months ago
2
rvdemonk - updateChainLinkCollateralPrice() can return wrong price if underlying aggregator hits minAnswer or maxAnswer
#168
sherlock-admin2
closed
10 months ago
2
XDZIBEC - Oracle Price Manipulation in MintDollar and redeemDollar Functions
#167
sherlock-admin
closed
10 months ago
3
blutorque - Underflow in `freeCollateralBalance()` may possibly DoS the AMO minters contract,
#166
sherlock-admin2
closed
10 months ago
0
Arz - The TWAP oracle uses 3CRV which is not exactly pegged to $1.00
#165
sherlock-admin
closed
10 months ago
2
shubhzDev - User is able to give allowance of tokens while Contract UbiquityDollarToken.sol is paused
#164
sherlock-admin2
closed
10 months ago
3
Krace - Users could mint and redeem Ubiquity Dollar with a more favorable Dollar price
#163
sherlock-admin
closed
10 months ago
2
GatewayGuardians - UbiquityPool: Full collateral withdrawal during redemption delay can leave users without the collateral or uAD
#162
sherlock-admin2
closed
10 months ago
0
Bauchibred - Issue with current external integration in regards to the availability of querying prices
#161
sherlock-admin
closed
10 months ago
2
Bauchibred - Diamond.sol's `fallback()` seems to be erroneously implemented
#160
sherlock-admin2
closed
10 months ago
3
Bauchibred - Slippage check in `redeemDollar` is wrongly applied
#159
sherlock-admin
closed
10 months ago
3
Bauchibred - Issue with current external integration in regards to the accuracy of prices gotten
#158
sherlock-admin2
closed
10 months ago
2
blutorque - Theft of dollar token
#157
sherlock-admin
closed
10 months ago
8
popelev - Anyone can deposit to protocol tokens of other users without approve
#156
sherlock-admin2
closed
10 months ago
3
UbiquitousComputing - `UbiquityDollarToken`: Incentives will get applied twice if the sender is the same as the recipient
#155
sherlock-admin
closed
10 months ago
0
0xLogos - Time weighted average price is wrongly implemented
#154
sherlock-admin2
closed
10 months ago
2
boredpukar - Unhandled chainlink revert would lock all price oracle access.
#153
sherlock-admin
closed
10 months ago
2
eta - Unhandled Return Data in `Delegatecall`, Memory Optimization, Unused Parameter and Unsafe Code Cast
#152
sherlock-admin2
closed
10 months ago
3
Drynooo - There may be room for arbitrage beyond poolCeiling
#151
sherlock-admin
closed
10 months ago
2
Bauer - Possible arbitrage from Chainlink price discrepancy
#150
sherlock-admin2
closed
10 months ago
2
tsueti_ - Arbitrary from passed to transferFrom (or safeTransferFrom)
#149
sherlock-admin
closed
10 months ago
3
ilchovski - Incorrect pricing of the Dollar token
#148
sherlock-admin2
closed
10 months ago
2
ilchovski - AmoMinter is able to borrow unclaimed user collateral
#147
sherlock-admin
closed
10 months ago
0
ilchovski - Protocol incorrectly calculates how much collateral is needed for minting Dollar tokens
#146
sherlock-admin2
closed
10 months ago
2
ilchovski - Admin can break the protocol logic irreversibly by adding the same collateral twice
#145
sherlock-admin
closed
10 months ago
2
evmboi32 - Oracle price boundaries not checked
#144
sherlock-admin2
closed
10 months ago
9
evmboi32 - Users can mint or burn too much tokens.
#143
sherlock-admin
closed
10 months ago
2
0xchromatin - Precision Loss/Incorrect return value
#142
sherlock-admin2
closed
10 months ago
3
evmboi32 - Dollar token won't be pegged to 1 USD.
#141
sherlock-admin
closed
10 months ago
2
evmboi32 - The same (incorrect) `heartbeat` is used for multiple price feeds.
#140
sherlock-admin2
closed
10 months ago
2
evmboi32 - Calling `collateralUsdBalance()` can return the wrong value.
#139
sherlock-admin
closed
10 months ago
2
evmboi32 - TWAP oracle can be easily manipulated
#138
sherlock-admin2
closed
10 months ago
2
0xchromatin - Lack of Zero-Address Validation
#137
sherlock-admin
closed
10 months ago
3
b0g0 - User can mint dollars even if the price is beyond the mintPriceThreshold
#136
sherlock-admin2
closed
10 months ago
2
0xadrii - Redeem pausing should not be checked when collecting redemptions
#135
sherlock-admin
closed
10 months ago
0
Previous
Next