issues
search
sherlock-audit
/
2023-12-ubiquity-judging
2
stars
2
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
0xadrii - TWAP oracle might return a stale price
#134
sherlock-admin2
closed
7 months ago
2
brgltd - Lack of validation for `latestRoundData`
#133
sherlock-admin
closed
7 months ago
2
brgltd - amoMinterBorrow should check the available pool balance before borrowing
#132
sherlock-admin2
closed
7 months ago
0
brgltd - Attacker can manually transfer collateral amount bigger than `poolCeiling` and prevent any new minting
#131
sherlock-admin
closed
7 months ago
2
0xadrii - Wrong Chainlink staleness check due to hardcoding price feed staleness threshold when adding a new collateral
#130
sherlock-admin2
closed
7 months ago
1
0xadrii - Incentives might be applied twice in certain situations
#129
sherlock-admin
closed
7 months ago
0
0xadrii - An attacker can frontrun setPool() and perform a single-sided deposit into the uAD-3CRV pool to cause a DoS when Ubiquity sets the uAD-3CRV pool
#128
sherlock-admin2
closed
7 months ago
2
0xadrii - amoMinterBorrow() improperly allows borrowing unclaimedPoolCollateral, breaking protocol functionality
#127
sherlock-admin
closed
7 months ago
0
0xadrii - Using a wrong interface breaks uAD token incentivized transfers
#126
sherlock-admin2
closed
7 months ago
9
XDZIBEC - Unrestricted Collateral Borrowing in amoMinterBorrow Function
#125
sherlock-admin
closed
7 months ago
0
boredpukar - SetSymbol function can change during the lifetime of the contract implementation.
#124
sherlock-admin2
closed
7 months ago
3
XDZIBEC - Insufficient Safeguards in Oracle Data Usage
#123
sherlock-admin
closed
7 months ago
3
XDZIBEC - Incorrect Price Threshold Setting in UbiquityPoolFacet
#122
sherlock-admin2
closed
7 months ago
3
r0ck3tz - Missing alignment of storage to 256 may result in excessive gas consumption
#121
sherlock-admin
closed
7 months ago
3
XDZIBEC - Single Owner Account problem in Leading to Potential TWAP Oracle Manipulation"
#120
sherlock-admin2
closed
7 months ago
3
XDZIBEC - Reentrancy Vulnerability in EIP-2535 Diamond Standard Implementation
#119
sherlock-admin
closed
7 months ago
4
iberry - Unrestricted access to the init function in the DiamondInit.sol contract can invalidate all access rights of the contract (LibAccessControl.sol).
#118
sherlock-admin2
closed
7 months ago
3
Coinstein - AMO minter may borrow more funds than pool free balance unintentionally and make pool insolvent
#117
sherlock-admin
closed
7 months ago
0
Coinstein - setRoleAdmin functionality is not supported by the protocol
#116
sherlock-admin2
closed
7 months ago
2
Coinstein - User can frontrun and backrun the price feed update of an collateral price and steal value from the pool
#115
sherlock-admin
closed
7 months ago
2
KupiaSec - Incorrect calculation of collateral amount in mintDollar and redeemDollar at LibUbiquityPool.sol
#114
sherlock-admin2
closed
7 months ago
2
KupiaSec - AmoMinters can borrow collaterals more than freeCollateralAmount and this will make users impossible to collect their unclamied collateral.
#113
sherlock-admin
closed
7 months ago
0
KupiaSec - AmoMinters can borrow collaterals without collateralDollar
#112
sherlock-admin2
closed
7 months ago
2
boredpukar - Chainlink Oracle Data Feed will return the wrong price for asset if underlying aggregator hits minAnswer.
#111
sherlock-admin
closed
7 months ago
2
404Notfound - Unhandled chainlink revert would lock all price oracle access
#110
sherlock-admin2
closed
7 months ago
2
dany.armstrong90 - A user may lose his funds during redeem process by administrator's pausing redeem.
#109
sherlock-admin
closed
7 months ago
0
blutorque - AMO minters borrowing `> unclaimedCollateral` may leave collectors empty handed
#108
sherlock-admin2
closed
7 months ago
0
nirohgo - The TWAPOracleFacet TWAP timeframe depends on the distance from the last update() call, which compromises the price accuracy and enables price manipulation..
#107
sherlock-admin
closed
7 months ago
2
Drynooo - User calls to collectRedemption function may fail
#106
sherlock-admin2
closed
7 months ago
0
cergyk - LibTWAPOracle::update temporary redemption DOS if uAD/3CRV metapool has very low liquidity
#105
sherlock-admin
closed
7 months ago
14
deepplus - When mint/redeem Ubiquity dollar token, the amount of collateral token is calculated incorrectly.
#104
sherlock-admin2
closed
7 months ago
2
nmirchev8 - Pausing redemptions while user is waiting for for `redemptionDelayBlocks` can freeze user's funds for unknown period of time
#103
sherlock-admin
closed
7 months ago
1
nmirchev8 - Curve pool may not be set as oracle, because it perfect 1:1 ratio of uAD, which is hardly possible and anyone can break it depositing/swapping 1 wei
#102
sherlock-admin2
closed
7 months ago
2
Coinstein - TWAP could be easily to be manipulated because the time window could be 1 second
#101
sherlock-admin
closed
7 months ago
2
qmdddd - The function `getDollarPriceUsd` may return expired dollar price.
#100
sherlock-admin2
closed
7 months ago
3
qmdddd - The function `freeCollateralBalance` and `getDollarInCollateral` don't check whether the Collateral is enabled.
#99
sherlock-admin
closed
7 months ago
2
b0g0 - AMO Minter borrowing while there are unclaimed collateral redemptions bricks the pool
#98
sherlock-admin2
closed
7 months ago
0
b0g0 - ChainLink Price feed in Ubiquity pool can be set for the wrong collateral token
#97
sherlock-admin
closed
7 months ago
2
b0g0 - Minting dollars is allowed even when collateral redemption is paused, leading to user collateral getting locked
#96
sherlock-admin2
closed
7 months ago
2
r0ck3tz - Missing checks for chainlink's stale price
#95
sherlock-admin
closed
7 months ago
2
r0ck3tz - Missing check if collateral already exists
#94
sherlock-admin2
closed
7 months ago
2
r0ck3tz - AMO minter can borrow unclaimed collateral
#93
sherlock-admin
closed
7 months ago
0
XDZIBEC - Stale Data issue in Oracle Update and Consult Functions
#92
sherlock-admin2
closed
7 months ago
7
rvierdiiev - No ability to withdraw fees from LibUbiquityPool
#91
sherlock-admin
closed
7 months ago
2
rvierdiiev - AccessControlFacet doesn't have ability to set admin for the role
#90
sherlock-admin2
closed
6 months ago
69
the-first-elder - Diamond Proxy Does not delete added faucet due to wrong implementation.
#89
sherlock-admin
closed
7 months ago
4
DMoore - AMO minters can borrow collateral exceeds freeCollateralBalance limit
#88
sherlock-admin2
closed
7 months ago
0
osmanozdemir1 - The current Curve metapool factory and the metapool implementation contract does not have necessary TWAP functions
#87
sherlock-admin
closed
7 months ago
2
the-first-elder - UbiquityPool susceptible to flash Loan attacks
#86
sherlock-admin2
closed
7 months ago
3
the-first-elder - Possible mev attack
#85
sherlock-admin
closed
7 months ago
3
Previous
Next