Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All Contests
Moonwell
Submissions
Public
Moonwell
Moonwell
DeFi
Foundry
15,000
USDC
Public
15,000
USDC
Mar 4th, 2024 → Mar 11th, 2024
View repo
View results
106 / 106
Submissions
Severity
Validity
Tags
Author
#1
Missing access Modifier on `repayBadDebtWithReserves()` function allows any User/Attacker to repay bad debt with reserves , which should be done by admin according to Need
Medium
Invalid
M3Azad
#2
Missing Zero address check on `fixUser()` function
Medium
Invalid
M3Azad
#3
Frontrunning attack on `fixUser()` function can lead to user pay all bad Debt with nearly zero Amount of Token
Low
Invalid
finding-front-run-fixUser
M3Azad
#4
Missing Zero Address check in `sweepAll()` function of `MErc20DelegateMadFixer.sol` Contract
Medium
Invalid
M3Azad
#5
Structs passed as parameters must be allocated either storage, memory or calldata
Low
Invalid
M3Azad
#6
`MErc20DelegateFixer::repayBadDebtWithCash` the function doesn't check amount input.
High
Invalid
modey
#7
View function should be public
Low
Invalid
timenov
#8
Contract is used as test
Low
Invalid
timenov
#9
Inadequate Debt Repayment Mechanism in repayBadDebtWithReserves
Medium
Invalid
daniel526
#10
Latest solidity compiler version is recommended
Low
Invalid
abdu1918
#11
Pragma version deprecated
Low
Invalid
0xorange
#12
No incentive to liquidate undercollateralized users could result in protocol going underwater
Medium
Invalid
tigerfrake
#13
nonReentrant modifier not defined
Low
Invalid
tigerfrake
#14
The borrower has no option but to forfeit any surplus value beyond what is needed to cover their debt.
Medium
Invalid
tigerfrake
#15
Lack of Access Control in repayBadDebtWithReserves() opens way for dire discrepancies.
High
Invalid
tigerfrake
#16
Admin can liquidate user with not a bad debt
Medium
Invalid
Strausses
#17
[H-1] - incorrect operation messes up the badDebt logic in the `MErc20DelegateFixer` contract
High
Invalid
kirobrejka
#18
sweepAll() function does not check the receiver not to be address(0)
Low
Invalid
0xeLSeR17
#19
repayBadDebtWithCash() function can be called with amount = 0
Low
Invalid
0xeLSeR17
#20
Possible DoS in mipm17::_build() due to OOG
Medium
Invalid
tigerfrake
#21
Older Versions of Solidity have known Vulnerabilities.
Low
Invalid
tigerfrake
#22
Unsecured Transfer Function in `MErc20DelegateMadFixer` Contract
Medium
Invalid
0xbhumii
#23
Pragma version 0.8.19 version too recent to be trusted.
Low
Invalid
0xorange
#24
Event are missing indexed fields
Low
Invalid
0xorange
#25
Reentrancy Vulnerability in `MErc20DelegateFixer` contract
High
Invalid
0xbhumii
#26
Missing input validation in `MErc20DelegateFixer.repayBadDebtWithCash`
Medium
Invalid
0xorange
#27
Lack of Post-Transaction Balance Verification in `repayBadDebtWithCash `Function
Low
Invalid
0xbhumii
#28
``repayBadDebtWithReserves()`` function breaks the core invariant.
High
Invalid
0xsandy
#29
Denial-of-Service (DoS) Vulnerability in MIP-M17 Governor Contract
Low
Invalid
0xbhumii
#30
repayBadDebtWithCash() fails without prior approval
Low
Invalid
tigerfrake
Previous
1
2
3
4
Next
Support
FAQs
Can’t find an answer? Join our Discord or follow us on Twitter.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
