code-423n4 2023-05-particle-findings issues

code-423n4 / 2023-05-particle-findings

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> 2 from #28 [1686212158430]

#50 c4-judge closed 1 year ago
2
Upgraded Q -> 2 from #48 [1686129354989]

#49 c4-judge closed 1 year ago
8
QA Report

#48 code423n4 opened 1 year ago
8
Gas Optimizations

#47 code423n4 opened 1 year ago
4
QA Report

#46 code423n4 opened 1 year ago
6
Exact `amount` might halt trades

#45 code423n4 closed 1 year ago
9
NFT withdrawal grief

#44 code423n4 opened 1 year ago
17
DoS of liquidation

#43 code423n4 closed 1 year ago
6
Calling `ParticleExchange.withdrawEthWithInterest` function causes `_treasury` to lose portion of `payableInterest` that it is entitled to

#42 code423n4 closed 1 year ago
6
DoS of `auctionBuyNft()`

#41 code423n4 closed 1 year ago
10
Lender can prevent borrower from returning NFT

#40 code423n4 closed 1 year ago
13
Supplying NFT, which is borrowed from Particle Exchange, to Particle Exchange can cause original lien's borrower to lose such NFT and previously sent `msg.value` even though its position for original lien is not yet insolvent

#39 code423n4 closed 1 year ago
5
Borrower cannot stop loss when fungibility breaks

#38 code423n4 closed 1 year ago
6
Lenders can lose interest

#37 code423n4 closed 1 year ago
9
Wrong assumption that NFT is not in contract when loan is active

#36 code423n4 closed 1 year ago
5
`newLien.lender` can steal NFT that should belong to `oldLien.lender` after refinancing

#35 code423n4 closed 1 year ago
10
Borrowing without paying interest

#34 code423n4 closed 1 year ago
17
Calling `ParticleExchange.sellNftToMarket`, `ParticleExchange.swapWithEth`, and `ParticleExchange.refinanceLoan` functions can allow insolvent positions to be opened

#33 code423n4 closed 1 year ago
6
Borrowers can still close loan normally while being defaulted

#32 code423n4 closed 1 year ago
11
`ParticleExchange.auctionBuyNft` and `ParticleExchange.withdrawEthWithInterest` function calls can be DOS'ed

#31 code423n4 opened 1 year ago
11
Changing `_treasuryRate` can cause lender to lose some interest that it is entitled to

#30 code423n4 closed 1 year ago
5
Gas Optimizations

#29 code423n4 opened 1 year ago
6
QA Report

#28 code423n4 opened 1 year ago
9
Risk of accidental DoS while receiving NFTs from marketplaces

#27 code423n4 closed 1 year ago
4
Lender can auction the loan without any restriction to cause losses to the borrower

#26 code423n4 closed 1 year ago
5
Lender can front-run calls to `auctionBuyNft()` to DoS auctions

#25 code423n4 closed 1 year ago
14
Unspent WETH is not considered in `buyNftFromMarket()`

#24 code423n4 closed 1 year ago
5
Function `buyNftFromMarket()` should not be payable

#23 code423n4 opened 1 year ago
9
Gas limited ETH transfers can lead to a denial of service

#22 code423n4 opened 1 year ago
5
Borrower can block being defaulted or auctioned

#21 code423n4 closed 1 year ago
8
Treasury fee is not collected in `withdrawEthWithInterest()`

#20 code423n4 opened 1 year ago
8
Particle Exchange can be used to swap NFTs within the collection for free

#19 code423n4 closed 1 year ago
7
QA Report

#18 code423n4 opened 1 year ago
6
auctionBuyNft() borrower can block the bidding

#17 code423n4 closed 1 year ago
7
addCredit() DOS Attack

#16 code423n4 opened 1 year ago
13
_execBuyNftFromMarket() Need to determine if NFT can't already be in the contract

#15 code423n4 opened 1 year ago
6
_execSellNftToMarket() re-enter steal funds

#14 code423n4 opened 1 year ago
4
withdrawNftWithInterest() possible take away other Lien's NFT

#13 code423n4 opened 1 year ago
6
Gas Optimizations

#12 code423n4 opened 1 year ago
4
QA Report

#11 code423n4 opened 1 year ago
6
`addCredit()` impacts the price curve of loan auctions

#10 code423n4 closed 1 year ago
4
New treasury rate should not affect existing loan

#9 code423n4 opened 1 year ago
8
Attacker can spam `addCredit()` function to cause a denial-of-service during an auction

#8 code423n4 closed 1 year ago
7
Function `_execBuyNftFromMarket()` Fails to Check the Actual ETH Balance in the Contract After Executing the Trade

#7 code423n4 opened 1 year ago
6
Attacker can use `buyNftFromMarket()` to buy an NFT from an arbitrary collection

#6 code423n4 closed 1 year ago
5
Borrower can reject receiving ETH thus prevent lender from calling `withdrawEthWithInterest()`

#5 code423n4 closed 1 year ago
6
Treasury fee not applied in `withdrawEthWithInterest()`

#4 code423n4 closed 1 year ago
6
Marketplace may call `onERC721Received()` and create a lien during `buyNftFromMarket()`, creating divergence

#3 code423n4 opened 1 year ago
4
Wrong assumption in function `withdrawNftWithInterest()` could allow lender to withdraw NFT from active loan

#2 code423n4 closed 1 year ago
5
Agreements & Disclosures

#1 code423n4 opened 1 year ago
0