sherlock-audit 2024-02-telcoin-platform-audit-update-judging issues

sherlock-audit / 2024-02-telcoin-platform-audit-update-judging

3 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

turvec - Protocol forces initiator of the swap to take in slippage without chance of reverting

#88 sherlock-admin2 closed 8 months ago
1
bigbick123456789000 - Lack of Slippage Control in swapAndSend Function

#87 sherlock-admin4 closed 8 months ago
1
turvec - Stablecoin currency can still be used by blacklisted users

#86 sherlock-admin2 closed 8 months ago
1
turvec - Stablecoin currency can still be used by blacklisted users

#85 sherlock-admin4 closed 8 months ago
1
sa9933 - NO check for blacklist contract in bridge contract

#84 sherlock-admin2 closed 8 months ago
13
sweetjimmy - The supply functions of the StablecoinHandler should be marked as internal as it allows the swapper to mint and burn invalid tokens directly

#83 sherlock-admin4 closed 8 months ago
1
Ironsidesec - Updating to new proxies can affect old proxies due to the same implemnatation pointed by beacon

#82 sherlock-admin2 closed 8 months ago
1
cheatcode - Sandwich Attack Vulnerability in AmirX::stablecoinSwap function

#81 sherlock-admin4 closed 8 months ago
1
sa9933 - rescue of Crypto in AmirX contract will be at risk.

#80 sherlock-admin2 closed 8 months ago
10
bareli - Unclaimed or front-runnable proxy implementations

#79 sherlock-admin4 closed 8 months ago
1
bigbick123456789000 - BURNER_ROLE can burn an arbitrary amount of tokens from any address.

#78 sherlock-admin2 closed 8 months ago
1
cheatcode - Unsafe use of low-level calls in AmirX::defiSwap function

#77 sherlock-admin4 closed 8 months ago
1
smbv-1923 - No checks to prevent Blacklisted user from using protocol's function

#76 sherlock-admin2 closed 8 months ago
0
Aamirusmani1552 - `AmirX::stablecoinSwap(...)` can cause de-peg of the StableCoin.

#75 sherlock-admin4 closed 8 months ago
1
turvec - The `convertToEXYZ` and `convertFromEXYZ` functions doesn't check if the stablecoin is indeed still a valid eXYZ token

#74 sherlock-admin2 closed 8 months ago
1
mgf15 - Owner can steal user funds

#73 sherlock-admin4 closed 8 months ago
1
ZdravkoHr. - `AmirX.stablecoinSwap` will always revert when `ss.origin == address(0)`

#72 sherlock-admin2 closed 8 months ago
5
Tendency - StableCoin BlackListing Feature is Ineffective

#71 sherlock-admin4 closed 8 months ago
1
turvec - Doesn't check if both target and origin token to be swap are the same causing inaccurate minting of the stablecoin

#70 sherlock-admin2 closed 8 months ago
1
Ironsidesec - Tokens that revert on zero amount approval cannot be used as fee token or bridge to Polygon

#69 sherlock-admin4 closed 8 months ago
1
prettychimes - [M-01] Use safeTransfer() instead of _transfer

#68 sherlock-admin2 closed 8 months ago
1
turvec - Protocol will behave unexpectedly if ss.origin is also the fee token

#67 sherlock-admin4 closed 8 months ago
1
sweetjimmy - Not disabling the initializer in `ClonableBeaconProxy` allows an attacker to destroy the beacon proxy

#66 sherlock-admin2 closed 8 months ago
23
0xKartikgiri00 - `initialize` function not disabled in `AmirX` contract.

#65 sherlock-admin4 closed 8 months ago
2
0xhashiman - Execution of arbitrary swap using bad arguments

#64 sherlock-admin2 closed 8 months ago
1
Ironsidesec - Bridged tokens cannot be handled on the child chain

#63 sherlock-admin4 closed 8 months ago
1
ZdravkoHr. - Wrong funds allocation because of a discrepancy between the original `oAmount` and the actual one

#62 sherlock-admin2 closed 8 months ago
1
turvec - Address initiating the swap can manipulate transfers to their favor due to overriding oAmount without adjusting tAmount

#61 sherlock-admin4 closed 8 months ago
1
Aamirusmani1552 - `_disableInitializers()` is not called in constructor of `AmirX.sol`

#60 sherlock-admin2 closed 8 months ago
1
neocrao - A blacklisted address can still hold privileged role such as MINTER, BURNER, SUPPORT, and BLACKLISTER, and still act maliciously

#59 sherlock-admin4 closed 8 months ago
1
0xkmg - Function in StablecoinHandler may revert on underflow and malfunction the contract

#58 sherlock-admin2 closed 8 months ago
1
0xKartikgiri00 - Missing _disableInitializers() Call in `Stablecoin` constructor. leads to the calling of `initialize` function inside the implementation contract.

#57 sherlock-admin4 closed 8 months ago
2
turvec - swapper can still execute deFi swaps even when the contract is paused

#56 sherlock-admin2 closed 8 months ago
1
0xkmg - Incorrect Implementation of Blacklist

#55 sherlock-admin4 closed 8 months ago
1
ZdravkoHr. - Swaps that include referrals cannot be executed when the defi plugin is deactivated

#54 sherlock-admin2 closed 8 months ago
1
neocrao - Blacklisted User can still interact with Stablecoin

#53 sherlock-admin4 closed 8 months ago
1
0xkmg - No Storage Gap for Upgradeable Contracts

#52 sherlock-admin2 closed 8 months ago
1
0xKartikgiri00 - Lack of Zero Amount Check in `Stablecoin::erc20Rescue`function, leads the loss of user funds.

#51 sherlock-admin4 closed 8 months ago
2
0rpse - addBlackList function can be front-run

#50 sherlock-admin2 closed 8 months ago
1
bareli - No Storage Gap for Upgradeable Contract Might Lead to Storage Slot Collision

#49 sherlock-admin4 closed 8 months ago
1
0xKartikgiri00 - Not Calling _disableInitializers() in `ProxyFactory` contract constructor can lead to exploit.

#48 sherlock-admin2 closed 8 months ago
1
mgf15 - Protocol will not work on Polygon blockchains due to hardcoded WETH contract address.

#47 sherlock-admin4 closed 8 months ago
1
Arabadzhiev - Assets bridged using the `BridgeRelay` contract will be lost forever

#46 sherlock-admin2 closed 8 months ago
1
0xKartikgiri00 - Not Calling _disableInitializers() function in `ClonableBeaconProxy` contract will lead to exploit.

#45 sherlock-admin4 closed 8 months ago
2
ydlee - Blacklist users cannot get their tokens back when they are removed from blacklist.

#44 sherlock-admin2 closed 8 months ago
1
merlin - EOA cannot fully interact with the AmirX smart contract

#43 sherlock-admin4 closed 8 months ago
1
ZanyBonzy - Restriction on bridging polygon tokens not fully effective

#42 sherlock-admin2 closed 8 months ago
13
blutorque - Missing blacklist check beforeTokenTransfer allows anyone to bypass the blacklist mechanism

#41 sherlock-admin4 closed 8 months ago
1
bughuntoor - `BridgeRelay` makes an approval to the same `predicate` address, despite different tokens/ eth having different predicates.

#40 sherlock-admin2 closed 8 months ago
1
Nyxaris - Potential Reentrancy Risk in Internal _buyBack Function of AmirX Contract

#39 sherlock-admin4 closed 8 months ago
1