Giters
sherlock-audit
/
2024-04-alchemix-judging
Geek Repo:
Geek Repo
Github PK Tool:
Github PK Tool
Stargazers:
6
Watchers:
0
Issues:
178
Forks:
3
sherlock-audit/2024-04-alchemix-judging Issues
`setLimits` Function Does Not Immediately Update the Current Limit to the Limit Just Set By Admin.
Closed
3 months ago
Incorrect Naming Convention Utilization
Closed
3 months ago
Asset token contract can't initialize
Closed
3 months ago
Lack of SPDX-LICENSE-IDENTIFIER in Interface directory - Resulting to Lack of Clarity and Potential Copyright Infringement
Closed
3 months ago
John_Femi - The disableInitializer function is not explicitly
Closed
3 months ago
MaanVader - [M-01] Chainlink’s latestRoundData might return stale or incorrect results
Closed
3 months ago
emiridbest - [H-01] Usage of an incorrect version of Ownbale library can potentially malfunction all onlyOwner functions
Closed
3 months ago
John_Femi - Forced Donation could cause Issues
Closed
3 months ago
nilay27 - No check for active L2 Sequencer
Closed
3 months ago
AhmedAdam - Absence of rewardPaid Validation in setRewardAmount Function Poses Risk of DoS Attack on distributeRewards in `RewardRouter.sol`
Closed
3 months ago
ni8mare - It is possible to bypass current minting limits set in the AlchemicTokenV2Base contract
Closed
3 months ago
bareli - constant time difference for "IChainlinkOracle"
Closed
3 months ago
w42d3n - Inaccurate Token Accounting
Closed
3 months ago
John_Femi - no check for success of swap
Closed
3 months ago
w42d3n - Unrestricted Minting in CrossChainCanonicalBase.sol
Closed
3 months ago
nilay27 - OptimismRewardCollector::getExpectedExchange() is missing max/min price check for ChainlinkOracle's latestRoundData
Closed
3 months ago
Comments count
1
ni8mare - Issues related to swap functions
Closed
3 months ago
0xAadi - Bridges that are no longer whitelisted(malicious or compromised) can still burn tokens from user accounts
Closed
3 months ago
w42d3n - the function initialize() can become permanently inaccessible
Closed
3 months ago
bareli - Should check return data from Chainlink aggregators
Closed
3 months ago
jasonxiale - incorrect parameter for `OptimismRewardCollector.claimAndDonateRewards`
Closed
3 months ago
JP_Courses - It seems possible to successfully add a yield token with `address(0)` to the address set, and assign it struct values successfully.
Closed
3 months ago
georgitrachev - The alUSD reward collector should not be reliant on the `ethToUsdOracle`
Closed
3 months ago
nuthan2x - No check for active L2 Sequencer
Closed
3 months ago
w42d3n - Role-based Access Control Vulnerability in __AlchemicTokenV2Base_init()
Closed
3 months ago
bareli - WRONG IMPLEMENT OF "distributeRewards"
Closed
3 months ago
AhmedAdam - Non-Compliance with xERC20 Standard in `AlchemicTokenV2Base`
Closed
3 months ago
AhmedAdam - Inability to Exchange Old Tokens for Canonical Due to Dead Shares in TotalMinted
Closed
3 months ago
stonejiajia - Chainlink price is used without checking validity
Closed
3 months ago
Varun_05 - Wrong amount of totalMinted[bridgeTokenAddress] is written when a user is not fee exempted.
Closed
3 months ago
Comments count
1
jasonxiale - Corruptible Upgradability Pattern
Closed
3 months ago
georgitrachev - The `debtToken` is overpriced in `getExpectedExchange`
Closed
3 months ago
MaslarovK - OptimismRewardCollector::getExpectedExchange lacks check if round is complete.
Closed
3 months ago
ni8mare - Reward/Router contract cannot be deployed on Arbitrum
Closed
3 months ago
ge6a - Maximum allowable slippage can be exceeded
Closed
3 months ago
Comments count
5
bareli - wrong implement of "setFlashFee"
Closed
3 months ago
bareli - wrong implement of "_approve"
Closed
3 months ago
jasonxiale - `OptimismRewardCollector.getExpectedExchange` might be reverted because of the heartbeat check is too strict.
Closed
3 months ago
jasonxiale - RewardRouter.distributeRewards's slippage protection isn't correct when alETH is used as debtToken
Closed
3 months ago
Comments count
5
Varun_05 - Wrong token is donated in claimAndDonateRewards function
Closed
3 months ago
georgitrachev - `setRewardAmount` should reset a vault's `lastRewardBlock`
Closed
3 months ago
0xblack_bird - Lack of revert conditions might lead to functionality disruption
Closed
3 months ago
no - There is no access control for `burn()`, Users can using a new address to bypass the maxLimit restriction in `CrossChainCanonicalAlchemicTokenV2::burn()`
Closed
3 months ago
0xblack_bird - lack of checks for `minimumAmountOut` causing unexpected returns
Closed
3 months ago
0xAMX - No check for active Optimism and Arbitrum Sequencer for OptimismRewardCollector
Closed
3 months ago
georgitrachev - No storage gaps implemented
Closed
3 months ago
no - `initialize()` in CrossChainCanonicalAlchemicTokenV2 will fail, If CrossChainCanonicalBase have already `initialize()`
Closed
3 months ago
0xblack_bird - Malicious user can mint unlimited oldtokens & burn canonical tokens of legitimate users
Closed
3 months ago
MaslarovK - No Storage Gap for Upgradeable Contract Might Lead to Storage Slot Collision
Closed
3 months ago
nuthan2x - MEV attack on claimAndDonateRewards function
Closed
3 months ago
Previous
Next