issues
search
code-423n4
/
2023-10-wildcat-findings
12
stars
9
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
TRANSFERING FUNDS TO YOURSELF INCREASES YOUR BALANCE
#682
c4-submissions
closed
10 months ago
5
QA Report
#681
c4-submissions
closed
10 months ago
2
Gas Optimizations
#680
c4-submissions
opened
10 months ago
1
Early market adopters can force delinquency to game borrowers
#679
c4-submissions
closed
10 months ago
4
wrong implementation of bipDiv.
#678
c4-submissions
closed
10 months ago
3
Invalid asset address can result to malicious Market Address and loss of fund
#677
c4-submissions
closed
10 months ago
3
safeTransferFrom Does Not Check for Code at the Token Address
#676
c4-submissions
closed
10 months ago
2
Borrowers can be forced to pay more interest than they planned for
#675
c4-submissions
closed
10 months ago
5
Malicious initial reserve ratio can be used to rug lenders collateral
#674
c4-submissions
closed
10 months ago
2
Gas Optimizations
#673
c4-submissions
opened
10 months ago
1
Incorrect Order of Operations in nukeFromOrbit Function
#672
c4-submissions
closed
10 months ago
3
Interest accumulation linked to state updates may leak value
#671
c4-submissions
closed
10 months ago
2
Sanction Bypass Through Transferring to another account
#670
c4-submissions
closed
10 months ago
3
Sanction Bypass Through Depositing to Authorized Borrower's Market
#669
c4-submissions
closed
10 months ago
3
Single lender can game markets into unexpected states of delinquency
#668
c4-submissions
closed
10 months ago
6
Gas Optimizations
#667
c4-submissions
closed
10 months ago
1
A borrower cannot redeploy a controller if their previous controller was removed
#666
c4-submissions
closed
10 months ago
3
potential griefing attack on deployMarket
#665
c4-submissions
closed
10 months ago
4
QA Report
#664
c4-submissions
opened
10 months ago
2
QA Report
#663
c4-submissions
opened
10 months ago
1
If the ArchController removes a market controller or a market it can't be added back
#662
c4-submissions
closed
10 months ago
5
Gas Optimizations
#661
c4-submissions
opened
10 months ago
1
Borrower repay the debt by directly transferring the asset, this behavior can result in an incorrect calculation of borrower delinquent status
#660
c4-submissions
closed
10 months ago
5
QA Report
#659
c4-submissions
opened
10 months ago
6
InterestRate can be changed during close market.
#658
c4-submissions
closed
10 months ago
4
_blockAccount doesn’t transfer asset correctly getting portion of funds locked permanently
#657
c4-submissions
closed
10 months ago
3
Denial of service to closeMarket.
#656
c4-submissions
closed
10 months ago
5
Permanent DoS on Market Creation Failure
#655
c4-submissions
closed
10 months ago
3
Analysis
#654
c4-submissions
opened
10 months ago
3
Incompatibility with Rebase tokens
#653
c4-submissions
closed
10 months ago
2
DoS Any Market by Frontrunning Creation with a Codehash Change
#652
c4-submissions
closed
10 months ago
6
Sanctionned funds keep earning APR, and protocol earning fees on these funds
#651
c4-submissions
closed
10 months ago
2
DoS Any Controller by Frontrunning Creation with a Codehash Change
#650
c4-submissions
closed
10 months ago
6
Solmate `safetransfer` and `safeTransferFrom` do not check the code size of the token address, which may lead to loss of funds
#649
c4-submissions
closed
10 months ago
4
DoS Any Escrow by Frontrunning Creation with a Codehash Change
#648
c4-submissions
closed
10 months ago
6
OFAC sanctioned lender can frontrun nukeFromOrbit with a transfer of his funds
#647
c4-submissions
closed
10 months ago
2
Borrower can borrow assets with zero interest
#646
c4-submissions
closed
10 months ago
3
closeMarket() can only be called by the market controller but the controller has no function to close a market.
#645
c4-submissions
closed
10 months ago
3
When a batch of withdrawals expires, that batch is often underpaid their owed interest
#644
c4-submissions
opened
10 months ago
5
Sanction-override should be automatically removed inside `releaseEscrow()` else lender can bypass checks if he is re-flagged as sanctioned by Chainanalysis oracle
#643
c4-submissions
closed
10 months ago
4
Analysis
#642
c4-submissions
closed
10 months ago
1
wrong written code for "error selector and argument"
#641
c4-submissions
closed
10 months ago
3
Attacker can front-running the borrower calls to the `dauthorizeLenders` function by blocking themself
#640
c4-submissions
closed
10 months ago
3
Borrower cannot close their market
#639
c4-submissions
closed
10 months ago
4
QA Report
#638
c4-submissions
opened
10 months ago
1
Delinquency status for a borrower may not recorded correctly due to the use of outdated state.isDelinquent
#637
c4-submissions
closed
10 months ago
3
potential revert on deployMarket
#636
c4-submissions
closed
10 months ago
2
Borrowers can frontrun ArchController Owner to deploy markets without protocol fees
#635
c4-submissions
opened
10 months ago
5
Borrower can't close the market
#634
c4-submissions
closed
10 months ago
4
Sanctioned account get Funds stuck if market is removed from the ``WildcatArchController``
#633
c4-submissions
closed
10 months ago
7
Previous
Next