code-423n4 2023-07-reserve-findings issues

code-423n4 / 2023-07-reserve-findings

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> 2 from #26 [1693915911684]

#45 c4-judge opened 1 year ago
3
Upgraded Q -> 3 from #16 [1691315821722]

#43 c4-judge closed 1 year ago
3
Analysis

#42 code423n4 opened 1 year ago
2
QA Report

#41 code423n4 opened 1 year ago
1
Gas Optimizations

#40 code423n4 opened 1 year ago
1
`CTokenV3Collateral._underlyingRefPerTok` should use the decimals from underlying Comet.

#39 code423n4 opened 1 year ago
5
QA Report

#38 code423n4 opened 1 year ago
3
Analysis

#37 code423n4 opened 1 year ago
1
`StaticATokenLM::_claimRewardsOnBehalf`: wrong update of `_unclaimedRewards[onBehalfOf]` if `reward > totBal` lead to user lose of pending rewards.

#36 code423n4 closed 1 year ago
4
The intended configuration of `CBETHCollateral` is incompatible with Reserve protocol

#35 code423n4 closed 1 year ago
6
QA Report

#34 code423n4 opened 1 year ago
1
`StargateRewardableWrapper._claimAssetRewards` should use `stakingContract.withdraw(poolId, 0)`

#33 code423n4 closed 1 year ago
2
cbETH's fails to check for a depeg since `pegPrice` is always 1

#32 code423n4 closed 1 year ago
6
`RTokenAsset` price estimation accounts for margin of error twice

#31 code423n4 opened 1 year ago
13
Possible rounding during the reward calculation

#30 code423n4 opened 1 year ago
5
Rewards might be locked inside the contract by setting the wrong token.

#29 code423n4 opened 1 year ago
1
The rewards might be locked inside the contract due to the reentrancy attack.

#28 code423n4 opened 1 year ago
4
Permanent funds lock in `StargateRewardableWrapper`

#27 code423n4 opened 1 year ago
6
QA Report

#26 code423n4 opened 1 year ago
1
CurveStableMetapoolCollateral.tryPrice returns a huge but valid high price when the price oracle of pairedToken is timeout

#25 code423n4 opened 1 year ago
4
The Asset.lotPrice doubles the oracle timeout in the worst case

#24 code423n4 opened 1 year ago
6
CBEthCollateral and AnkrStakedEthCollateral _underlyingRefPerTok is incorrect

#23 code423n4 opened 1 year ago
7
CurveVolatileCollateral Collateral status can be manipulated by flashloan attack

#22 code423n4 opened 1 year ago
4
User can't redeem from RToken based on CurveStableRTokenMetapoolCollateral when any underlying collateral of paired RToken's price oracle is offline(timeout)

#21 code423n4 opened 1 year ago
6
RTokenAsset price oracle can return a huge but valid high price when any underlying collateral's price oracle timeout

#20 code423n4 opened 1 year ago
6
Cross-Function Reentrancy Vulnerability Leading to Unintended Token Minting in `RewardableERC20Wrapper.deposit`

#19 code423n4 opened 1 year ago
2
Gas Optimizations

#18 code423n4 opened 1 year ago
2
`Asset.lotPrice` only uses `oracleTimeout` to determine if the price is stale.

#17 code423n4 opened 1 year ago
7
QA Report

#16 code423n4 opened 1 year ago
1
StargatePoolFiatCollateral.refPerTok() if _totalSupply=0 should not return 0

#15 code423n4 opened 1 year ago
6
CurveVolatileCollateral._underlyingRefPerTok() Possible manipulation

#14 code423n4 closed 1 year ago
9
CTokenFiatCollateral's refresh() There's no guarantee that it won't revert

#13 code423n4 opened 1 year ago
8
StaticATokenLM transfer missing _updateRewards

#12 code423n4 opened 1 year ago
6
ConvexStakingWrapper.sol after shutdown，rewards can be steal

#11 code423n4 opened 1 year ago
5
_claimRewardsOnBehalf() User's rewards may be lost

#10 code423n4 opened 1 year ago
20
QA Report

#9 code423n4 opened 1 year ago
1
Lack of protection when caling `CusdcV3Wrapper._withdraw`

#8 code423n4 opened 1 year ago
5
Lack of protection when withdrawing Static Atoken

#7 code423n4 opened 1 year ago
5
Risk of Incorrect Collateral Pricing in Case of Aggregator Reaching minAnswer

#6 code423n4 closed 1 year ago
6
Potential Early Exploit in Morho-Aave ERC4626 Implementation

#5 code423n4 closed 1 year ago
7
Potential Loss of Rewards During Token Transfers in StaticATokenLM.sol

#4 code423n4 opened 1 year ago
7
`AppreciatingFiatCollateral::refresh` can revert due to implementations of `_underlyingRefPerTok`

#3 code423n4 closed 1 year ago
3
Gas Optimizations

#2 code423n4 closed 1 year ago
1
Agreements & Disclosures

#1 code423n4 opened 1 year ago
0