Competitive Audits
First Flights
Judging
Leaderboard
Docs
Toggle theme
Sign up
Log in
All Contests
Moonwell
Submissions
Moonwell
Moonwell
Moonwell
Moonwell
DeFi
Foundry
15,000
USDC
Public
15,000
USDC
Mar 4th, 2024 → Mar 11th, 2024
View repo
View results
106 / 106
Submissions
Severity
Validity
Tags
Author
#1
Missing access Modifier on `repayBadDebtWithReserves()` function allows any User/Attacker to repay bad debt with reserves , which should be done by admin according to Need
Medium
Invalid
M3Azad
#2
Missing Zero address check on `fixUser()` function
Medium
Invalid
M3Azad
#3
Frontrunning attack on `fixUser()` function can lead to user pay all bad Debt with nearly zero Amount of Token
Low
Invalid
finding-front-run-fixUser
M3Azad
#4
Missing Zero Address check in `sweepAll()` function of `MErc20DelegateMadFixer.sol` Contract
Medium
Invalid
M3Azad
#5
Structs passed as parameters must be allocated either storage, memory or calldata
Low
Invalid
M3Azad
#6
`MErc20DelegateFixer::repayBadDebtWithCash` the function doesn't check amount input.
High
Invalid
Modey
#7
View function should be public
Low
Invalid
Timenov
#8
Contract is used as test
Low
Invalid
Timenov
#9
Inadequate Debt Repayment Mechanism in repayBadDebtWithReserves
Medium
Invalid
Daniel526
#10
Latest solidity compiler version is recommended
Low
Invalid
Abdul Rehman
#11
Pragma version deprecated
Low
Invalid
donkicha
#12
No incentive to liquidate undercollateralized users could result in protocol going underwater
Medium
Invalid
Tigerfrake
#13
nonReentrant modifier not defined
Low
Invalid
Tigerfrake
#14
The borrower has no option but to forfeit any surplus value beyond what is needed to cover their debt.
Medium
Invalid
Tigerfrake
#15
Lack of Access Control in repayBadDebtWithReserves() opens way for dire discrepancies.
High
Invalid
Tigerfrake
#16
Admin can liquidate user with not a bad debt
Medium
Invalid
Strausses
#17
[H-1] - incorrect operation messes up the badDebt logic in the `MErc20DelegateFixer` contract
High
Invalid
0xBugSlayer
#18
sweepAll() function does not check the receiver not to be address(0)
Low
Invalid
0xeLSeR17
#19
repayBadDebtWithCash() function can be called with amount = 0
Low
Invalid
0xeLSeR17
#20
Possible DoS in mipm17::_build() due to OOG
Medium
Invalid
Tigerfrake
#21
Older Versions of Solidity have known Vulnerabilities.
Low
Invalid
Tigerfrake
#22
Unsecured Transfer Function in `MErc20DelegateMadFixer` Contract
Medium
Invalid
0xbhumii
#23
Pragma version 0.8.19 version too recent to be trusted.
Low
Invalid
donkicha
#24
Event are missing indexed fields
Low
Invalid
donkicha
#25
Reentrancy Vulnerability in `MErc20DelegateFixer` contract
High
Invalid
0xbhumii
#26
Missing input validation in `MErc20DelegateFixer.repayBadDebtWithCash`
Medium
Invalid
donkicha
#27
Lack of Post-Transaction Balance Verification in `repayBadDebtWithCash `Function
Low
Invalid
0xbhumii
#28
``repayBadDebtWithReserves()`` function breaks the core invariant.
High
Invalid
Sandy
#29
Denial-of-Service (DoS) Vulnerability in MIP-M17 Governor Contract
Low
Invalid
0xbhumii
#30
repayBadDebtWithCash() fails without prior approval
Low
Invalid
Tigerfrake
Previous
1
2
3
4
Next
Support
FAQs
Can’t find an answer? Join our Discord or follow us on Twitter.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
What is community judging?
How do I get rewarded?
What is a First Flight?
Give us feedback!
