code-423n4 2023-05-venus-findings issues

code-423n4 / 2023-05-venus-findings

2 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Any user can change or increase his/her percentage of borrows or supplies without the happening of actual supply and borrow and get more reward

#471 code423n4 closed 1 year ago
1
ERC777 tokens, it's possible to surpass the supply cap by calling mint on `VToken` with 0 amount

#470 code423n4 closed 1 year ago
1
`amount` not updated in `_grantRewardToken` function

#469 code423n4 closed 1 year ago
1
Shortfall contract will work incorrectly when convertibleBaseAsset doesn't have 18 decimal

#468 code423n4 closed 1 year ago
7
QA Report

#467 code423n4 opened 1 year ago
1
QA Report

#466 code423n4 opened 1 year ago
1
Gas Optimizations

#465 code423n4 opened 1 year ago
1
QA Report

#464 code423n4 closed 1 year ago
1
QA Report

#463 code423n4 closed 1 year ago
1
EXPLOITABLE VULNERABILITY IN FIRST ASSET SUPPLY IMPACTING VTOKEN CALCULATIONS

#462 code423n4 closed 1 year ago
4
Denial-of-Service in Shortfall Auction - Attacker can Revert Preventing New Bidders

#461 code423n4 closed 1 year ago
3
QA Report

#460 code423n4 opened 1 year ago
2
Gas Optimizations

#459 code423n4 closed 1 year ago
1
Gas Optimizations

#458 code423n4 closed 1 year ago
1
`Shortfall.sol#updateNextBidderBlockLimit` may cause the current auction to end immediately

#457 code423n4 closed 1 year ago
1
`Shortfall.sol#initialize`'s `waitForFirstBidder` and `nextBidderBlockLimit` too short

#456 code423n4 closed 1 year ago
1
`Shortfall.sol#placeBid` does not limit the bid spread

#455 code423n4 closed 1 year ago
2
`Shortfall.sol#placeBid` does not check `nextBidderBlockLimit`

#454 code423n4 closed 1 year ago
2
Shortfall.sol#_startAuction assumes that the precision of UnderlyingToken is 1e18

#453 code423n4 closed 1 year ago
3
QA Report

#452 code423n4 closed 1 year ago
1
Comptroller.sol#healAccount did not call `updateRewardTokenBorrowIndex` to update the reward

#451 code423n4 closed 1 year ago
1
`Comptroller.sol#liquidateCalculateSeizeTokens` assumes the same precision for `vTokenBorrowed` and `vTokenCollateral`

#450 code423n4 closed 1 year ago
1
`VToken.sol#_repayBorrowFresh` If the UnderlyingToken requires transaction fees, there will always be some debt remaining

#449 code423n4 closed 1 year ago
1
`Comptroller.sol#_getHypotheticalLiquiditySnapshot` assumes that all UnderlyingTokens have the same precision

#448 code423n4 closed 1 year ago
1
mint and burn can be attacked by sandwiches

#447 code423n4 closed 1 year ago
1
`totalBorrows` inflates faster than the sum of each position's debt

#446 code423n4 closed 1 year ago
1
An attacker who transfers directly to the underlying token may control `_exchangeRateStored`

#445 code423n4 closed 1 year ago
4
QA Report

#444 code423n4 opened 1 year ago
1
`Comptroller.sol#preLiquidateHook` may be front-run to avoid liquidation

#443 code423n4 closed 1 year ago
2
Every time borrow, the interest is treated as a loan to calculate the interest

#442 code423n4 closed 1 year ago
1
`Comptroller.sol#setCollateralFactor` not updating price

#441 code423n4 closed 1 year ago
4
Gas Optimizations

#440 code423n4 opened 1 year ago
1
Loans can be rolled an unlimited number of times

#439 code423n4 closed 1 year ago
1
`preBorrowHook` and `preRepayHook` can call `updateRewardTokenBorrowIndex` with old borrowIndex

#438 code423n4 closed 1 year ago
1
`Comptroller.sol#_getHypotheticalLiquiditySnapshot` did not calculate the interest of all vTokens

#437 code423n4 closed 1 year ago
4
`borrowRateMaxMantissa` is not check when borrowing

#436 code423n4 closed 1 year ago
4
When `borrowRateMantissa` is higher than the limit value, VToken contract will be DOS

#435 code423n4 closed 1 year ago
1
Wrong use of the `deadline` for the `swapExactTokensForTokens` function

#434 code423n4 closed 1 year ago
1
`Comptroller.sol#preBorrowHook` can be exploited to bypass `maxLoopsLimit`

#433 code423n4 closed 1 year ago
9
QA Report

#432 code423n4 closed 1 year ago
2
USDC blacklisted accounts can DOS the bidding system in Shortfall

#431 code423n4 closed 1 year ago
1
Wrong `blocksPerYear` in `WhitePaperInterestRateModel`

#430 code423n4 closed 1 year ago
4
[M-03] A blacklisted address can DOS other users

#429 code423n4 closed 1 year ago
2
[M-02] maxLoop check can prevent account from being liquidated

#428 code423n4 closed 1 year ago
4
[M-01] Minting below exchange rate results in 0 tokens

#427 code423n4 closed 1 year ago
2
[H-01] Inflating the exchange rate can dos other users

#426 code423n4 closed 1 year ago
3
QA Report

#425 code423n4 closed 1 year ago
1
preLiquidateHook() will revert even totalCollateral is equal to minLiquidatableCollateral

#424 code423n4 opened 1 year ago
2
Gas Optimizations

#423 code423n4 opened 1 year ago
1
Borrowers can be liquidated before default by being based on the borrowBalance from other pools

#422 code423n4 closed 1 year ago
1

Previous Next