issues
search
sherlock-audit
/
2024-06-makerdao-endgame-judging
1
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Interesting Blood Aardvark - Authorized updates will not tracked over some version field
#132
sherlock-admin4
closed
1 month ago
0
Overt Garnet Dog - MakerDAO allows users to fill in someone's delegate vote address on `selectVoteDelegate`. As a result, the user cannot perform `vote`.
#131
sherlock-admin2
closed
1 month ago
0
Droll Corduroy Monkey - Missing events
#130
sherlock-admin3
closed
1 month ago
0
Droll Corduroy Monkey - `_disableInitializers` is no longer needed
#129
sherlock-admin4
closed
1 month ago
0
Albort - The implementation of ward/rely/deny in the project may cause administrators to lose their privileges and could also result in malicious grantees having permanent access.
#128
sherlock-admin3
closed
1 month ago
1
Albort - The implementation of ward/rely/deny in the project may cause administrators to lose their privileges and could also result in malicious grantees having permanent access.
#127
sherlock-admin2
closed
1 month ago
1
Deivitto - A compromissed ward can take over all Nst contract
#126
sherlock-admin4
closed
1 month ago
1
Random_dude - wipe function will use stale rate when ilk in the engine is not updated through Jug.drip()
#125
sherlock-admin3
closed
1 month ago
1
Deivitto - Old and malicious wards can take over other wards privileges
#124
sherlock-admin2
closed
1 month ago
1
DenTonylifer - Permissionless distribute() function can extend the period finish time
#123
sherlock-admin4
closed
1 month ago
1
Mansa11 - System cannot be turned back on after shutdown Period
#122
sherlock-admin3
closed
1 month ago
1
branch_indigo - Overflow risk not handled in SNst::drip, which might DOS SNst
#121
sherlock-admin2
closed
1 month ago
1
Mansa11 - Contract is bricked after calling `stop`
#120
sherlock-admin4
closed
1 month ago
1
hash - Lack of deadline parameter in `take` can cause losses for the taker
#119
sherlock-admin3
closed
1 month ago
1
Audittens - LockstakeEngine users can avoid paying exit fees
#118
sherlock-admin2
closed
1 month ago
1
Mansa11 - `distribute` can be DOSed by an attacker
#117
sherlock-admin4
closed
1 month ago
1
chaduke - SNst.drip() will eventually stop working due to overflow of totalSupply_ * nChi as nChi will growing exponentially large.
#116
sherlock-admin3
closed
1 month ago
1
mrhudson890 - Liquidation auctions for MKR are unnecessary, leak value, and increases bad debt accumulation
#115
sherlock-admin2
closed
1 month ago
1
Audittens - Acquiring large amounts of MKR via leverage allows to unfairly utilize it
#114
sherlock-admin4
closed
1 month ago
26
John_Femi - Elevated Permission is required for rely and deny administration
#113
sherlock-admin3
closed
1 month ago
1
Audittens - NGT minting is not possible via DssVest
#112
sherlock-admin2
closed
1 month ago
1
hash - Oracle manipulation can affect flapper since OSM is not used
#111
sherlock-admin4
closed
1 month ago
1
ZeroTrust - Authorizing malicious users through rely() may lead to the protocol being compromised.
#110
sherlock-admin3
closed
1 month ago
1
hash - create2 collision can break urn's ilk balance assumption causing unliquidateable/withdrawable positions
#109
sherlock-admin2
closed
1 month ago
0
hash - Lack of time gap restrictions on the `distribute` call allows for sizeable loss on the rewarded distribution
#108
sherlock-admin4
closed
1 month ago
1
hash - Leftover dust debt can cause liquidation auction to occur at significantly lowered price
#107
sherlock-admin3
closed
1 week ago
71
nirohgo - LockStakeEngine::OnRemove wrong fee amount calculation
#106
sherlock-admin2
closed
1 month ago
13
nirohgo - The LockStakeClipper Take function prices the Dutch auction incorrectly based on a stale market price
#105
sherlock-admin4
closed
1 month ago
7
Random_dude - tampering NST-NGT TWAP price during migration
#104
sherlock-admin3
closed
1 month ago
1
Laksmana - Cache issue, user's funds are sent to the unintended ``urnFarm`` and ``voteDelegate``.
#103
sherlock-admin2
closed
1 month ago
1
juaan - If a reward is distributed while there are no stakers, the reward is permanently lost.
#102
sherlock-admin4
closed
1 month ago
0
ZeroTrust - An attacker can prevent liquidation by using the frontfun voteDelegate::lock() function when their position is being liquidated.
#101
sherlock-admin3
closed
1 month ago
1
bareli - No check for transfer function.
#100
sherlock-admin2
closed
1 month ago
1
mrhudson890 - Permanently unliquidatable unhealthy positions can be spoofed to grief keepers and disrupt liquidations
#99
sherlock-admin4
closed
1 month ago
1
GalloDaSballo - Liquidation withdrawal fee is wrong, overcharging users by a factor of 1/(1-fee)
#98
sherlock-admin3
closed
1 month ago
1
pwning_dev - unchecked transfers in the `_mint` and `_burn` functions
#97
sherlock-admin2
closed
1 month ago
1
chaduke - Rewards accrued during the period of _totalSupply = 0 will get lost forever.
#96
sherlock-admin4
closed
1 month ago
1
mrhudson890 - `VoteDelegate`'s `reserveHatch` allows multi-block MEV to grief LSE users during time-sensitive voting periods
#95
sherlock-admin3
closed
1 month ago
45
Squilliam - Incorrect DAI Transfer in `LockstakeClipper` will Drain Funds from Keepers
#94
sherlock-admin2
closed
1 month ago
1
JuggerNaut63 - Unrestricted Function Access Leading to Denial of Service (DoS)
#93
sherlock-admin4
closed
1 month ago
1
4b - `SubProxy::exec()` does not handle return data
#92
sherlock-admin3
closed
1 month ago
1
zhoo - Attackers can prevent liquidation
#91
sherlock-admin2
closed
1 month ago
1
0x52 - Splitter deployment methodology will lead to race conditions for large portions of intial DAI distributions
#90
sherlock-admin4
closed
1 month ago
1
Squilliam - Malicious users will drain excessive MKR collateral from `LockstakeEngine`
#89
sherlock-admin3
closed
1 month ago
1
0x52 - Utilizing LockStateClipper#yank will result in DOS of collateral being liquidated
#88
sherlock-admin2
closed
1 month ago
1
JuggerNaut63 - Unrestricted Token Exchange Functionality in MkrNgt Contract
#87
sherlock-admin4
closed
1 month ago
1
JuggerNaut63 - Reentrancy Exploit in Yield Accumulation Mechanism of SNst Contract
#86
sherlock-admin3
closed
1 month ago
1
mrhudson890 - `SNst.drip()`'s incremental NST minting causes compounding asset shortfall and withdrawer losses
#85
sherlock-admin2
closed
1 month ago
1
ZeroTrust - In LockstakeEngine.sol, the functions wipe(), wipeAll(), and free() lack the call to jug.drip(ilk)
#84
sherlock-admin4
closed
1 month ago
1
ZeroTrust - The administrator calling yank() will result in MKR being permanently locked in the LockstakeEngine.
#83
sherlock-admin3
closed
1 month ago
1
Next