sherlock-audit 2024-05-midas-judging issues

sherlock-audit / 2024-05-midas-judging

13 stars 6 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

coffiasd - The heartbeat interval is too large, leading to the use of stale prices

#96 sherlock-admin2 closed 6 months ago
1
joicygiore - Due to the token decimal conversion involved, `mTBILL::mint()` and `mTBILL::mint()` should add additional checks, otherwise the 1:1 price ratio will be broken

#95 sherlock-admin4 closed 6 months ago
0
y0ng0p3 - Chainlink oracle will return a wrong price if the aggregator hits minAnswer

#94 sherlock-admin3 closed 6 months ago
0
y0ng0p3 - Lack of fallbacks for price feed oracle

#93 sherlock-admin2 closed 6 months ago
3
y0ng0p3 - The Midas protocol can consume stale price data or cannot operate on some EVM chains

#92 sherlock-admin4 closed 6 months ago
2
y0ng0p3 - Depositors can be prevented from depositing an amount below the minimum deposit threshold even if it's not their first deposit

#91 sherlock-admin3 closed 6 months ago
3
T_F_E - User can Front Run BlackListing

#90 sherlock-admin2 closed 6 months ago
0
Kalogerone - IBO1/USD aggregator is not available in Arbitrum Network

#89 sherlock-admin4 closed 6 months ago
0
valentin2304 - Chainlink's `latestRoundData` might return stale results

#88 sherlock-admin3 closed 6 months ago
6
valentin2304 - Front-running attack on `initialize` functions

#87 sherlock-admin2 closed 6 months ago
0
darkart - Missing Pause Admin Role Implementation in ManagableVault.sol

#86 sherlock-admin4 closed 6 months ago
0
Kalogerone - Decimals mishandling allows for first deposit to be less than the minimum amount to deposit

#85 sherlock-admin3 closed 6 months ago
0
tpiliposian - Insecure Role Checks in MidasAccessControl

#84 sherlock-admin2 closed 6 months ago
33
tpiliposian - Independent Pause Functionality Issue in Vault Contracts

#83 sherlock-admin4 closed 6 months ago
8
radin200 - No check if Arbitrum L2 sequencer is down in Chainlink feeds

#82 sherlock-admin3 closed 6 months ago
0
charles__cheerful - Medium3-Corruptable storage gaps on upgrade

#81 sherlock-admin2 closed 6 months ago
0
Kirkeelee - Incorrect decimal handling leads to wrong amount of tokens transferred from the users while depositing and redeeming.

#80 sherlock-admin4 closed 6 months ago
0
Kirkeelee - M_TBILL_BURN_OPERATOR_ROLE can't burn mTBILL tokens if the user is blacklisted.

#79 sherlock-admin3 closed 6 months ago
0
Bluedragon - The `BLACKLISTED_ROLE` user can still have all the previleges of a green listed user, which is not intended by the protocol.

#78 sherlock-admin2 closed 6 months ago
1
blutorque - The `mTBill` tokens involved in illicit activities cannot be burnt,

#77 sherlock-admin4 closed 6 months ago
1
Josh4324 - IB01 / USD chainlink data feed is not deployed Arbitrium

#76 sherlock-admin3 closed 6 months ago
0
Josh4324 - _getDataInBase18() doesn't check If Arbitrum sequencer is down in Chainlink feeds

#75 sherlock-admin2 closed 6 months ago
0
fandonov - The user can call the redeem function with any token he wants which can be bad for the protocol in some cases

#74 sherlock-admin4 closed 6 months ago
0
Timenov - Admin can not burn tokens from blacklisted addresses.

#73 sherlock-admin3 closed 6 months ago
0
Josh4324 - Inconsistent Heartbeat Configuration and Potential Data Staleness in Chainlink Feeds

#72 sherlock-admin2 closed 6 months ago
1
MrMorningstar - Users can be BLACKLISTED and GREENLISTED at the same time, making them unable to receive and redeem tokens

#71 sherlock-admin4 closed 6 months ago
2
Bauchibred - Depositing logic coupled with it's validation is broken in multiple ramifications

#70 sherlock-admin3 closed 6 months ago
1
Audinarey - Users deposit state is not updated when `mTBill` is redeemed breaking core protocol functionality

#69 sherlock-admin2 closed 6 months ago
0
Kalogerone - Corruptible Upgradability Pattern

#68 sherlock-admin4 closed 6 months ago
0
nfmelendez - Corruptible Upgradability Pattern

#67 sherlock-admin3 closed 6 months ago
0
Audinarey - green listed users who are not free from minimum deposit cannot increase their deposit position

#66 sherlock-admin2 closed 6 months ago
0
KiroBrejka - User can grief the deposit function, without loosing any tokens

#65 sherlock-admin4 closed 6 months ago
0
blutorque - Missing circuit breaker checks in `DataFeeds.sol`

#64 sherlock-admin3 closed 6 months ago
0
blutorque - Chainlink refresh check is too long

#63 sherlock-admin2 closed 6 months ago
1
KungFuPanda - DepositVault:: There's a method to enable `isFreeFromMinDeposit` for a particular user, but there's no way to disable that option for that user later, if needed

#62 sherlock-admin4 closed 6 months ago
1
KiroBrejka - `_HEALTHY_DIFF` gap is too huge in the `DataFeed` contract

#61 sherlock-admin3 closed 6 months ago
1
deepkin - Blacklist functionality of MTBill can be bypassed

#60 sherlock-admin2 closed 6 months ago
0
KiroBrejka - No check if Arbitrum sequencer is down or not

#59 sherlock-admin4 closed 6 months ago
2
blutorque - Users can renounce their `BLACKLISTED_ROLE` to freely exchange mtBill in the secondary market.

#58 sherlock-admin3 closed 6 months ago
0
goluu - Chainlink's latestRoundData return stale or incorrect result

#57 sherlock-admin2 closed 6 months ago
1
gajiknownnothing - Lack of access control over off-chain withdrawals

#56 sherlock-admin4 closed 6 months ago
0
gajiknownnothing - The ability to add or remove payment tokens does not align with the requirement

#55 sherlock-admin3 closed 6 months ago
0
tpiliposian - Lack of Tracking for Redeemed mTBILL Tokens in RedemptionVault Contract

#54 sherlock-admin2 closed 6 months ago
1
vangrim - `_getDataInBase18()` could return the wrong price in case of a sudden price crash between EUR/USD pricing

#53 sherlock-admin4 closed 6 months ago
0
maushish - Unhandled Chainlink revert would lock access to Oracle Price feeds.

#52 sherlock-admin3 closed 6 months ago
26
y4y - It's possible to deposit/redeem without completing the KYC process with abstract wallets

#51 sherlock-admin2 closed 6 months ago
0
Timenov - User can transfer tokens before being blacklisted.

#50 sherlock-admin4 closed 6 months ago
0
maushish - Risk of Incorrect Asset Pricing by Datafeed in Case of Underlying Aggregator Reaching minAnswer.

#49 sherlock-admin3 closed 6 months ago
8
0xjarix - No Storage Gap For Upgradeable Contracts

#48 sherlock-admin2 closed 6 months ago
0
goluu - `removePaymentToken` function doesn't check Balance exist

#47 sherlock-admin4 closed 6 months ago
1

Previous Next