-
hyh
medium
# Market adapter removal corrupts withdraw sequence
## Summary
Withdraw sequence entry is being deleted in AssetManager's removeAdapter() using incorrect index, so the sequence array be…
-
# Handle
cmichel
# Vulnerability details
The last market is read from storage several times:
```solidity
if (moneyMarkets[moneyMarkets.length - 1].supportsToken(tokenAddress) && remainingTokens >…
-
hyh
medium
# Priority withdrawal sequence array will grow infinitely over time
## Summary
Withdraw sequence reduction operation isn't present on adapter removal, while new withdraw sequence is req…
-
# Handle
pauliax
# Vulnerability details
## Impact
.length in a loop can be extracted into a variable and used where necessary to reduce the number of storage reads. An example where this could be…
-
Jeiwan
medium
# Removed adapter can still hold funds, removed token can still be deposited to a market
## Summary
Removed adapter can still hold funds, removed token can still be deposited to a mar…
-
# Handle
ye0lde
# Vulnerability details
## Impact
Removing unnecessary initializations, returns, and reading of state variables can result in gas savings and code clarity.
## Proof of Concept
T…
-
# Handle
itsmeSTYJ
# Vulnerability details
## Impact
Gas op
## Proof of Concept
```jsx
/**
* @dev Deposit tokens to AssetManager, and those tokens will be passed along to adapters to deposit …
-
hyh
medium
# Maximal approvals remain for the AssetManager's adapters and tokens after removal
## Summary
While adding an adapter and a token to the AssetManager the system provides for the unlimi…
-
# Handle
cmichel
# Vulnerability details
The `tokenSupply` is increased instead of set to the value directly.
This performs an unnecessary addition as `tokenSupply` is always initialized to zero.
…
-
# Handle
pants
# Vulnerability details
See for example the AssetsManager.rebalance function. There you read the value moneyMarkets[i] twice at the same iteration instead of caching it. This happen…