issues
search
sherlock-audit
/
2024-02-telcoin-platform-audit-update-judging
3
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
turvec - Protocol forces initiator of the swap to take in slippage without chance of reverting
#88
sherlock-admin2
closed
7 months ago
1
bigbick123456789000 - Lack of Slippage Control in swapAndSend Function
#87
sherlock-admin4
closed
7 months ago
1
turvec - Stablecoin currency can still be used by blacklisted users
#86
sherlock-admin2
closed
7 months ago
1
turvec - Stablecoin currency can still be used by blacklisted users
#85
sherlock-admin4
closed
7 months ago
1
sa9933 - NO check for blacklist contract in bridge contract
#84
sherlock-admin2
closed
7 months ago
13
sweetjimmy - The supply functions of the StablecoinHandler should be marked as internal as it allows the swapper to mint and burn invalid tokens directly
#83
sherlock-admin4
closed
7 months ago
1
Ironsidesec - Updating to new proxies can affect old proxies due to the same implemnatation pointed by beacon
#82
sherlock-admin2
closed
7 months ago
1
cheatcode - Sandwich Attack Vulnerability in AmirX::stablecoinSwap function
#81
sherlock-admin4
closed
7 months ago
1
sa9933 - rescue of Crypto in AmirX contract will be at risk.
#80
sherlock-admin2
closed
7 months ago
10
bareli - Unclaimed or front-runnable proxy implementations
#79
sherlock-admin4
closed
7 months ago
1
bigbick123456789000 - BURNER_ROLE can burn an arbitrary amount of tokens from any address.
#78
sherlock-admin2
closed
7 months ago
1
cheatcode - Unsafe use of low-level calls in AmirX::defiSwap function
#77
sherlock-admin4
closed
7 months ago
1
smbv-1923 - No checks to prevent Blacklisted user from using protocol's function
#76
sherlock-admin2
closed
7 months ago
0
Aamirusmani1552 - `AmirX::stablecoinSwap(...)` can cause de-peg of the StableCoin.
#75
sherlock-admin4
closed
7 months ago
1
turvec - The `convertToEXYZ` and `convertFromEXYZ` functions doesn't check if the stablecoin is indeed still a valid eXYZ token
#74
sherlock-admin2
closed
7 months ago
1
mgf15 - Owner can steal user funds
#73
sherlock-admin4
closed
7 months ago
1
ZdravkoHr. - `AmirX.stablecoinSwap` will always revert when `ss.origin == address(0)`
#72
sherlock-admin2
closed
7 months ago
5
Tendency - StableCoin BlackListing Feature is Ineffective
#71
sherlock-admin4
closed
7 months ago
1
turvec - Doesn't check if both target and origin token to be swap are the same causing inaccurate minting of the stablecoin
#70
sherlock-admin2
closed
7 months ago
1
Ironsidesec - Tokens that revert on zero amount approval cannot be used as fee token or bridge to Polygon
#69
sherlock-admin4
closed
7 months ago
1
prettychimes - [M-01] Use safeTransfer() instead of _transfer
#68
sherlock-admin2
closed
7 months ago
1
turvec - Protocol will behave unexpectedly if ss.origin is also the fee token
#67
sherlock-admin4
closed
7 months ago
1
sweetjimmy - Not disabling the initializer in `ClonableBeaconProxy` allows an attacker to destroy the beacon proxy
#66
sherlock-admin2
closed
7 months ago
23
0xKartikgiri00 - `initialize` function not disabled in `AmirX` contract.
#65
sherlock-admin4
closed
7 months ago
2
0xhashiman - Execution of arbitrary swap using bad arguments
#64
sherlock-admin2
closed
7 months ago
1
Ironsidesec - Bridged tokens cannot be handled on the child chain
#63
sherlock-admin4
closed
7 months ago
1
ZdravkoHr. - Wrong funds allocation because of a discrepancy between the original `oAmount` and the actual one
#62
sherlock-admin2
closed
7 months ago
1
turvec - Address initiating the swap can manipulate transfers to their favor due to overriding oAmount without adjusting tAmount
#61
sherlock-admin4
closed
7 months ago
1
Aamirusmani1552 - `_disableInitializers()` is not called in constructor of `AmirX.sol`
#60
sherlock-admin2
closed
7 months ago
1
neocrao - A blacklisted address can still hold privileged role such as MINTER, BURNER, SUPPORT, and BLACKLISTER, and still act maliciously
#59
sherlock-admin4
closed
7 months ago
1
0xkmg - Function in StablecoinHandler may revert on underflow and malfunction the contract
#58
sherlock-admin2
closed
7 months ago
1
0xKartikgiri00 - Missing _disableInitializers() Call in `Stablecoin` constructor. leads to the calling of `initialize` function inside the implementation contract.
#57
sherlock-admin4
closed
7 months ago
2
turvec - swapper can still execute deFi swaps even when the contract is paused
#56
sherlock-admin2
closed
7 months ago
1
0xkmg - Incorrect Implementation of Blacklist
#55
sherlock-admin4
closed
7 months ago
1
ZdravkoHr. - Swaps that include referrals cannot be executed when the defi plugin is deactivated
#54
sherlock-admin2
closed
7 months ago
1
neocrao - Blacklisted User can still interact with Stablecoin
#53
sherlock-admin4
closed
7 months ago
1
0xkmg - No Storage Gap for Upgradeable Contracts
#52
sherlock-admin2
closed
7 months ago
1
0xKartikgiri00 - Lack of Zero Amount Check in `Stablecoin::erc20Rescue`function, leads the loss of user funds.
#51
sherlock-admin4
closed
7 months ago
2
0rpse - addBlackList function can be front-run
#50
sherlock-admin2
closed
7 months ago
1
bareli - No Storage Gap for Upgradeable Contract Might Lead to Storage Slot Collision
#49
sherlock-admin4
closed
7 months ago
1
0xKartikgiri00 - Not Calling _disableInitializers() in `ProxyFactory` contract constructor can lead to exploit.
#48
sherlock-admin2
closed
7 months ago
1
mgf15 - Protocol will not work on Polygon blockchains due to hardcoded WETH contract address.
#47
sherlock-admin4
closed
7 months ago
1
Arabadzhiev - Assets bridged using the `BridgeRelay` contract will be lost forever
#46
sherlock-admin2
closed
7 months ago
1
0xKartikgiri00 - Not Calling _disableInitializers() function in `ClonableBeaconProxy` contract will lead to exploit.
#45
sherlock-admin4
closed
7 months ago
2
ydlee - Blacklist users cannot get their tokens back when they are removed from blacklist.
#44
sherlock-admin2
closed
7 months ago
1
merlin - EOA cannot fully interact with the AmirX smart contract
#43
sherlock-admin4
closed
7 months ago
1
ZanyBonzy - Restriction on bridging polygon tokens not fully effective
#42
sherlock-admin2
closed
7 months ago
13
blutorque - Missing blacklist check beforeTokenTransfer allows anyone to bypass the blacklist mechanism
#41
sherlock-admin4
closed
7 months ago
1
bughuntoor - `BridgeRelay` makes an approval to the same `predicate` address, despite different tokens/ eth having different predicates.
#40
sherlock-admin2
closed
7 months ago
1
Nyxaris - Potential Reentrancy Risk in Internal _buyBack Function of AmirX Contract
#39
sherlock-admin4
closed
7 months ago
1
Next