sherlock-audit 2024-05-midas-judging issues

sherlock-audit / 2024-05-midas-judging

13 stars 6 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

0xhacksmithh - HEARTBEAT_TIME gap(`_HEALTHY_DIFF`) is too huge

#146 sherlock-admin4 closed 5 months ago
1
0xhacksmithh - Chainlink's latestRoundData return stale or incorrect result

#145 sherlock-admin3 closed 5 months ago
0
ZdravkoHr. - Incorrect implementation of storage gaps in Midas contracts

#144 sherlock-admin2 closed 5 months ago
0
krot-0025 - Incorrect Decimal Conversion in `function deposit()` .

#143 sherlock-admin4 closed 5 months ago
0
0xhacksmithh - DataFeed will use the wrong price if the Chainlink aggregator returns price outside min/max range

#142 sherlock-admin3 closed 5 months ago
3
deepkin - Lack of checks in DepositValue.deposit() and decimals conversion logic can cause deposits with zero assets transfer value

#141 sherlock-admin2 closed 5 months ago
0
turvec - _getDataInBase18() doesn't check If Arbitrum sequencer is down in Chainlink feeds

#140 sherlock-admin4 closed 5 months ago
0
vangrim - User could get their funds stuck if they get blacklisted while also being greenlisted

#139 sherlock-admin3 closed 5 months ago
0
meltedblocks - Inadequate Blacklist Implementation Affecting Token Burns

#138 sherlock-admin2 closed 5 months ago
0
meltedblocks - Risk of USDC Blacklisting Breaking Protocol Flow

#137 sherlock-admin4 closed 5 months ago
0
meltedblocks - Risk of Fee-on-Transfer Tokens in Deposit Function

#136 sherlock-admin3 closed 5 months ago
0
turvec - Users can increase their totalDeposited count without actually depositing any amount

#135 sherlock-admin2 closed 5 months ago
0
meltedblocks - Conflicting Access Control: Greenlist and Blacklist

#134 sherlock-admin4 closed 5 months ago
1
meltedblocks - Incorrect Storage Gap Placement in Inheritance Chain

#133 sherlock-admin3 closed 5 months ago
0
samuraii77 - Malicious users can still participate in the protocol even after getting blacklisted

#132 sherlock-admin2 closed 5 months ago
0
yovchev_yoan - [H-1] `ManageableVault` contract is missing storage gaps, potentially leading to storage collision

#131 sherlock-admin4 closed 5 months ago
0
meltedblocks - Precision Loss in Deposit Function Leading to Integrity and Compliance Risks

#130 sherlock-admin3 closed 5 months ago
0
samuraii77 - Blacklisted users can still deposit into the system

#129 sherlock-admin2 closed 5 months ago
0
Bigsam - Deposit will revert in a special case (possibly-high) : Potential Deposit Failures for New Users

#128 sherlock-admin4 closed 5 months ago
1
T_F_E - There is a precision error when depositing tokens.

#127 sherlock-admin3 closed 5 months ago
0
Sabit - The `freeFromMinDeposit` function and the code generally lacks the ability to set a user as not free from the minimum deposit requirement

#126 sherlock-admin2 closed 5 months ago
0
Sabit - Deposit of users who are not free from minimum deposit will always revert when the deposit functio is called

#125 sherlock-admin4 closed 5 months ago
0
bhilare_ - A user can bypass minimum deposit requirement, which breaks protocol's requirement/functionality.

#124 sherlock-admin3 closed 5 months ago
0
MrMorningstar - Some users may pay `minAmountToDepositInEuro` when they should be exempt from minimum deposit

#123 sherlock-admin2 closed 5 months ago
3
niluk - An user who is `freeFromMinDeposit` can increase the `totalDeposited` amount without depositing tokens due to a rounding error

#122 sherlock-admin4 closed 5 months ago
0
darkart - Non-Compliance with ERC-20 Standard

#121 sherlock-admin3 closed 5 months ago
0
pkqs90 - `getPaymentTokens()` function has no access control which contradicts with code comments

#120 sherlock-admin2 closed 5 months ago
0
mgf15 - No check if L2 Sequencer is active or down

#119 sherlock-admin4 closed 5 months ago
0
Sabit - The `initialize` function can be frontrun

#118 sherlock-admin3 closed 5 months ago
0
0xC - Insecure Role Assignment in MidasAccessControl Smart Contract

#117 sherlock-admin2 closed 5 months ago
0
14si2o_Flint - Incorrect understanding of Chainlink heartbeat can lead to stale prices

#116 sherlock-admin4 closed 5 months ago
1
djaner - Upgradable contract not initialized

#115 sherlock-admin3 closed 5 months ago
1
0xAleko - _getDataInBase18() doesn't check If Arbitrum sequencer is down in Chainlink feeds

#114 sherlock-admin2 closed 5 months ago
0
14si2o_Flint - Allowing a Blacklisted user to call deposit in DepositVault will allow him to ignore minAmountToDepositInUsd when his blacklisted is revoked.

#113 sherlock-admin4 closed 5 months ago
0
pkqs90 - DEPOSIT_VAULT_ADMIN_ROLE/REDEMPTION_VAULT_ADMIN_ROLE have larger permission than expected: they shouldn't be able to pause vaults

#112 sherlock-admin3 opened 6 months ago
18
h2134 - Staleness checking larger than price feeds heartbeat intervals may lead to stale or incorrect prices

#111 sherlock-admin2 closed 5 months ago
1
pkqs90 - Chainlink datafeed may be stale and incorrect

#110 sherlock-admin4 closed 5 months ago
39
pkqs90 - Corruptible Upgradability Pattern

#109 sherlock-admin3 opened 6 months ago
11
pkqs90 - Rounding direction for the amount of stablecoin user deposit is incorrect

#108 sherlock-admin2 closed 5 months ago
36
pkqs90 - `M_TBILL_BURN_OPERATOR_ROLE` cannot burn `mTBILL` tokens from users who are blacklisted.

#107 sherlock-admin4 closed 5 months ago
15
pkqs90 - `mTBILL` blacklisted users can still successfully call the `transferFrom()` function

#106 sherlock-admin3 closed 5 months ago
0
pkqs90 - `mTBILL` blacklisted users can successfully deposit in `DepositVault` despite not being able to receive mTBILL at all.

#105 sherlock-admin2 closed 5 months ago
0
0xloscar01 - `MidasAccessControl` allows blacklisted users to bypass `mTBILL` ban by renouncing the `BLACKLISTED_ROLE`

#104 sherlock-admin4 closed 5 months ago
0
Bluedragon - Parallel Access Control

#103 sherlock-admin3 closed 5 months ago
0
14si2o_Flint - If the minAmountToDepositInUsd is increased by the VaultAdmin, existing users can deposit amounts smaller than the minimum amount

#102 sherlock-admin2 closed 5 months ago
0
14si2o_Flint - mTBILL implements Pausable but no function can be paused, making the implementation and the PAUSE_OPERATOR useless.

#101 sherlock-admin4 closed 5 months ago
0
maushish - Deposit.sol#deposit is prone to reentrant attacks leading to multiple impacts.

#100 sherlock-admin3 closed 5 months ago
0
14si2o_Flint - The eurUsd Chainlink datafeed is cast directly as IDataFeed, breaking all deposits.

#99 sherlock-admin2 closed 5 months ago
0
T_F_E - User can be redeemed more tokens than they deposited.

#98 sherlock-admin4 closed 5 months ago
0
dvyneEth - TOKEN MISHANDLING

#97 sherlock-admin3 closed 5 months ago
0

Previous Next