code-423n4 2023-05-venus-findings issues

code-423n4 / 2023-05-venus-findings

2 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

getAccountSnapShot always returns NO_ERROR no matter what's its inputs is.

#521 code423n4 closed 1 year ago
1
Bad debt bidders’ funds are locked forever when Shortfall address is changed during ongoing debt auction

#520 code423n4 closed 1 year ago
1
QA Report

#519 code423n4 opened 1 year ago
1
Incorrect decimal handling in `_startAuction`, resulting in wrong `auction.startBidBps`

#518 code423n4 closed 1 year ago
4
Gas Optimizations

#517 code423n4 closed 1 year ago
1
`vTokenPrice` used instead of `weightedVTokenPrice` when calculating `snapshot.totalCollateral` in `_getHypotheticalLiquiditySnapshot`

#516 code423n4 closed 1 year ago
5
User can bypass `_ensureMaxLoops` check

#515 code423n4 closed 1 year ago
1
QA Report

#514 code423n4 opened 1 year ago
6
PLACEBID() IN SHORTFALL.SOL MAY LEAD TO DENIAL OF SERVICE AND FRONT RUNNING ATTACKS

#513 code423n4 closed 1 year ago
4
Holders only get the rewards they Accrued for supplying when they claim rewards in the RewardsDistributor.sol .

#512 code423n4 closed 1 year ago
3
A user asset cannot be seized if the supplied market's collateral to seize(vTokenCollateral)is different than the pool(seizerContract) where the liquidateBorrow function is called.

#511 code423n4 closed 1 year ago
3
QA Report

#510 code423n4 opened 1 year ago
3
Gas Optimizations

#509 code423n4 opened 1 year ago
1
`initialExchangeRateMantissa_` calculation will fail if `input.decimals` is bigger than 18 in `PoolRegistry.addMarket()`

#508 code423n4 opened 1 year ago
6
QA Report

#507 code423n4 closed 1 year ago
1
Gas Optimizations

#506 code423n4 closed 1 year ago
1
Repayments can be paused but still accrue interest

#505 code423n4 closed 1 year ago
3
totalBorrows is not deducted properly when Comptroller#healAccount is called

#504 code423n4 closed 1 year ago
3
QA Report

#503 code423n4 closed 1 year ago
1
`Comptroller.exitMarket()` does not get an updated `exchange rate` causing inacurate exit validations

#502 code423n4 closed 1 year ago
3
Lack of method to delete a rewardsDistributor in `Comptroller.sol` can break rewards distribution permanently

#501 code423n4 closed 1 year ago
2
QA Report

#500 code423n4 closed 1 year ago
1
possible DoS due to hardcoded blocksPerYear and blockchain upgrades

#499 code423n4 closed 1 year ago
2
`MaxLoopLimitHelper._ensureMaxLoop()` is validating the wrong input in `Comptroller.setActionsPaused()`

#498 code423n4 opened 1 year ago
5
possible future DoS on maxLoopsLimit due to blockchain updates

#497 code423n4 closed 1 year ago
2
It is possible to override pool params in `PoolRegistry.sol` since the `creator` field is never set for a venus pool

#496 code423n4 closed 1 year ago
1
LACK OF SLIPPAGE PROTECTIONS AND DEADLINE CHECKS ON VTOKEN CONTRACT FUNCTIONS

#495 code423n4 closed 1 year ago
2
Gas Optimizations

#494 code423n4 closed 1 year ago
1
`maxLoopsLimit` IN THE `MaxLoopsLimitHelper._setMaxLoopsLimit()` FUNCTION CAN ONLY BE INCREASED AND CAN NOT BE DECREASED

#493 code423n4 closed 1 year ago
2
Gas Optimizations

#492 code423n4 opened 1 year ago
1
QA Report

#491 code423n4 closed 1 year ago
1
QA Report

#490 code423n4 opened 1 year ago
1
Gas Optimizations

#489 code423n4 closed 1 year ago
1
QA Report

#488 code423n4 opened 1 year ago
1
QA Report

#487 code423n4 opened 1 year ago
3
It's possible to borrow, redeem, transfer tokens and exit markets with outdated collateral prices and borrow interest

#486 code423n4 opened 1 year ago
12
Gas Optimizations

#485 code423n4 opened 1 year ago
1
Gas Optimizations

#484 code423n4 opened 1 year ago
2
Gas Optimizations

#483 code423n4 opened 1 year ago
1
the `blocksPerYear` for the `WhitePaperInterestRateModel` is set incorrectly

#482 code423n4 closed 1 year ago
3
QA Report

#481 code423n4 opened 1 year ago
1
RiskFund.swapPoolsAssets will work incorrectly when convertibleBaseAsset is not 18 decimals

#480 code423n4 closed 1 year ago
2
QA Report

#479 code423n4 closed 1 year ago
1
Hardcoded decimal places caused incorrect usdValue for poolBadDebt

#478 code423n4 closed 1 year ago
3
Gas Optimizations

#477 code423n4 closed 1 year ago
1
Integer overflow of supplyCap can lead to an unwanted amount of supply tokens being distributed

#476 code423n4 closed 1 year ago
1
Gas Optimizations

#475 code423n4 opened 1 year ago
2
QA Report

#474 code423n4 opened 1 year ago
1
sending `riskFundBidAmount` to the highest bidder may fail

#473 code423n4 closed 1 year ago
1
Reentrancy attack in `RewardsDistributor#claimRewardToken` function

#472 code423n4 closed 1 year ago
6

Previous Next