Giters
sherlock-audit
/
2023-06-dodo-judging
Geek Repo:
Geek Repo
Github PK Tool:
Github PK Tool
Stargazers:
7
Watchers:
1
Issues:
249
Forks:
7
sherlock-audit/2023-06-dodo-judging Issues
0x52 - Protocol is completely incompatible with USDT due to lack of 0 approval
Updated
a year ago
Comments count
8
BugBusters - Potential FlashLoan attack in _getExchangeRate function
Closed
a year ago
Comments count
14
shogoki - DoS - Vault Deposits can be blocked
Closed
a year ago
Comments count
1
0xdice91 - Missing `onlyRouter` modifier in `D3VaultLiquidation.liquidateByDODO`.
Closed
a year ago
Comments count
1
traceurl - Need check inLiquidation status in liquidateByDODO()
Closed
a year ago
Comments count
2
attens - RemovePool event duplicated
Closed
a year ago
Comments count
3
lemonmon - A user can get more dTokens than they should get via `D3VaultFunding.userDeposit()`, due to accounting issues in `D3VaultLiquidation.liquidate()`
Updated
a year ago
Comments count
2
attens - When swapping 18-decimal token to 8-decimal token , user could buy decimal-18-token with 0 amount of decimal-8-token
Updated
a year ago
Comments count
3
attens - It's dangerous for makers to set token decimal by manual
Updated
a year ago
Comments count
3
attens - Calculation B0 meets devision 0 error when a token has small decimal and high price with a small kBid
Updated
a year ago
Comments count
3
HALITUS - When a D3MM pool repays all of the borrowed funds to vault using `D3Funding.sol repayAll`, an attacker can steal double the amount of those funds from vault
Updated
a year ago
Comments count
2
traceurl - vault balance not updated in withdrawReserves()
Updated
a year ago
Comments count
3
traceurl - borrow amount recorded in AssetInfo and BorrowRecord unmatched due to the precision loss
Updated
a year ago
Comments count
2
traceurl - miss updating pool's token balance after finishLiquidation()
Updated
a year ago
Comments count
2
attens - liquidationTarget is not set when removing pool.
Updated
a year ago
Comments count
2
ww4tson - Lack of input validation in D3Proxy::userWithdraw
Closed
a year ago
ww4tson - Arbitrary external call in D3MMLiquidationRouter::D3Callee
Closed
a year ago
josephdara - Liquidation reverts when it should rewrite values
Closed
a year ago
0xrobsol - Potential Underflow in getPrice function due to inadequate checking of token price decimal
Closed
a year ago
Comments count
2
shogoki - Oracle getPrice will not work for Tokens with high decimals
Closed
a year ago
Avci - Certain users cant call liquidate() function
Closed
a year ago
seerether - Contract's transaction will revert due to divide-by-zero error
Closed
a year ago
0xrobsol - Global Quota Exceeded due to Price Changes
Closed
a year ago
Comments count
4
josephdara - Liquidation undercuts the liquidator
Closed
a year ago
Comments count
4
MohammedRizwan - In D3Trading.sol, Missing deadline checks for sellToken() and buyToken() function allow pending transactions to be maliciously executed
Closed
a year ago
Avci - Using userDeposit() function can lead to lost funds
Closed
a year ago
shogoki - Loss of funds - anybody can withdraw ETH/WETH from D3Proxy
Closed
a year ago
seerether - The pool can borrow more tokens than the available quota.
Closed
a year ago
BugBusters - Typographical Error in Element Swapping in `removeD3Pool` Function
Closed
a year ago
Kalyan-Singh - Malicious Pool owner/maker can add any token with chainlink price feed and break pool liquidation + steal vault
Closed
a year ago
Comments count
3
seerether - The pool attempts to repay more than it has actually borrowed.
Closed
a year ago
R-Nemes - Anyone can drain ETH balance of D3Proxy
Closed
a year ago
0xdice91 - Hardcoded minimum amount will cause issues for some ERC20 tokens
Closed
a year ago
V1235813 - D3Vault removeLiquidator and removeRouter function remove an address which does not even exist in List. And does not give back any emit for error
Closed
a year ago
0xdice91 - Out of gas issue if `tokenList` grows too large.
Closed
a year ago
0xdice91 - D3Vault.sol `owner` not explicitly set
Closed
a year ago
seerether - Corrupted or inconsistent price data due to full slot or incorrect addition of new data to slot
Closed
a year ago
0x52 - D3VaultFunding#getCompoundInterestRate is incorrect at lower interest rates
Closed
a year ago
Comments count
4
shealtielanz - Approve to zero First
Closed
a year ago
Avci - Using unsafe ERC20 methods can revert the transaction for some tokens.
Closed
a year ago
HALITUS - On liquidation, an attacker can get collateral tokens without paying debt tokens to vault, or a user can end up paying debt tokens without getting collateral back in return
Closed
a year ago
shealtielanz - Use of Unsafe ERC20 Operations
Closed
a year ago
Avci - There is no slippage control for trading functions at all
Closed
a year ago
Comments count
2
shogoki - Missing Check for Arbitrum Sequencer
Closed
a year ago
PNS - Missing checks for whether arbitrum, optimism or polygon Sequencer is active
Closed
a year ago
Avci - getPrice() function doesn't check If Arbitrum sequencer is down in Chainlink feeds.
Closed
a year ago
0xdice91 - No check if Arbitrum/Optimism L2 sequencer is `down` in Chainlink feeds
Closed
a year ago
BugBusters - Potential Precision Loss in `poolBorrow` function
Closed
a year ago
0xdice91 - Loss of Precision in ` usedQuota` .
Closed
a year ago
Kalyan-Singh - Precision Loss
Closed
a year ago
Previous
Next