search

Fujicracy / fuji-v2

Cross-chain money market aggregator
https://fuji-v2-frontend.vercel.app
15 stars 10 forks source link

Macro findings medium #475

Closed 0xdcota closed 1 year ago

0xdcota commented 1 year ago

This pull request addresses the following Macro audit findings:

NOTE: This PR should not be merged until #403 is merged into Main.

Id Level Description
M-1 MEDIUM Fuji’s vault would remain vulnerable to an inflation attack despite the explicit measures taken.
M-2 MEDIUM Incorrect Rounding for Shares/Assets/Debt Calculation.
M-3 MEDIUM Vaults Cannot Reach Their Deposit Cap.
M-4 MEDIUM Vaults max__ functions fail to comply with EIP-4626.
M-5 MEDIUM Rebalance allows breaking defined conservative maxLTV and liquidation ratio.
M-6 MEDIUM For some assets, _setProviders will revert if new providers overlap with previous ones.
M-7 MEDIUM The slippage check on the destination is only done if the first action is deposit/withdrawal.
M-8 MEDIUM If liquidity conditions don't improve on the destination, the hardcoded slippage protections of _crossTransferWithCalldata won’t allow adapting.