Velvet-Capital / Velvet-v4

V4 (thena+venus) on top of v3
Other
0 stars 0 forks source link

Review of Borrowing Feature Integration #17

Open langnavina97 opened 1 month ago

langnavina97 commented 1 month ago

Concerns:

1. Potential Out of Gas Error

2. Risk of User Loss Due to Manipulated Token List

Further concerns we should investigate (not sure if they're issues):

  1. Risky Token Pulling During Flashloans: Danger of pulling tokens from the vault during flashloan interactions, potentially exposing the vault to exploitation.
  2. Ineffective Dust Handling: Sending dust to the vault has no effect if tokens aren't in the token list; dust should be returned to users based on their share.
  3. Calldata Manipulation: Risk of unauthorized access to vault funds if calldata in flashloan callbacks can be manipulated. ==> I think it is safe. The user balance is updated before the execution any calldata. The balances to pull from the vault are being calculated on-chain to make sure the user can only repay the amount for his own shares
langnavina97 commented 1 month ago

Missing input verification:

require(_receiver != address(0), "Invalid receiver address");
    require(repayData._factory != address(0) && repayData._token0 != address(0) && repayData._token1 != address(0), "Invalid address");
    require(repayData._flashLoanToken != address(0), "Invalid flash loan token");
    require(repayData._flashLoanAmount.length > 0 && repayData._debtRepayAmount.length > 0, "Empty amount array");
    require(repayData._flashLoanAmount.length == repayData._debtRepayAmount.length, "Mismatched amount arrays");
    require(repayData._debtToken.length == repayData._protocolToken.length, "Mismatched token arrays");
    require(repayData.firstSwapData.length == repayData.secondSwapData.length, "Mismatched swap data arrays");
require(vault != address(0) && executor != address(0) && controller != address(0) && receiver != address(0), "Invalid address");
    require(lendTokens.length > 0, "No lend tokens provided");
    require(totalCollateral > 0, "Invalid total collateral");
    require(fee <= MAX_FEE, "Fee exceeds maximum allowed"); // Define MAX_FEE constant

    require(flashData.flashLoanToken != address(0), "Invalid flash loan token");
    require(flashData.debtToken.length == flashData.protocolTokens.length, "Mismatched token arrays");
    require(flashData.flashLoanAmount.length == flashData.debtRepayAmount.length, "Mismatched amount arrays");
    require(flashData.firstSwapData.length == flashData.secondSwapData.length, "Mismatched swap data arrays");
require(_user != address(0) && _controller != address(0) && _protocolToken != address(0), "Invalid address");
    require(lendTokens.length > 0, "No lend tokens provided");
    require(_debtRepayAmount > 0, "Invalid debt repay amount");
    require(feeUnit > 0 && feeUnit <= MAX_FEE_UNIT, "Invalid fee unit"); // Define MAX_FEE_UNIT
    require(totalCollateral > 0, "Invalid total collateral");

==> Suggestions from Cursor, might be suggesting duplicate checks, to be checked!!!

langnavina97 commented 1 month ago

Naming conventions:

Functions:

Other:

langnavina97 commented 1 month ago
address[] memory underlying = new address[](borrowedLength); // Array to store underlying tokens of borrowed assets
        uint256[] memory tokenBalance = new uint256[](borrowedLength); // Array to store balances of borrowed tokens
        uint256 totalFlashAmount; // Variable to track total flash loan amount
        underlying = new address[](borrowedLength);
        tokenBalance = new uint256[](borrowedLength);