issues
search
code-423n4
/
2023-10-wildcat-findings
12
stars
9
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
QA Report
#632
c4-submissions
opened
10 months ago
1
Analysis
#631
c4-submissions
closed
10 months ago
1
Borrower can steal all blocked lender's underlying assets
#630
c4-submissions
closed
10 months ago
2
removes a lender with a single function call
#629
c4-submissions
closed
10 months ago
3
Deployment of the escrow contract with wrong inputs against the actual signature.
#628
c4-submissions
closed
10 months ago
3
Markets cannot be closed
#627
c4-submissions
closed
10 months ago
3
Fee-On-Transfer Issue
#626
c4-submissions
closed
10 months ago
4
check transfer success
#625
c4-submissions
closed
10 months ago
3
Privilege escalation enables a sanctioned lender to exit assets without a permit
#624
c4-submissions
closed
10 months ago
3
`create2` return value is not checked and it does not revert if used in assembly
#623
c4-submissions
closed
10 months ago
5
Borrower can set interest rate in close market state
#622
c4-submissions
closed
10 months ago
3
Sanction can be bypassed by transferring market token
#621
c4-submissions
closed
10 months ago
3
calling `closeMarket` is not possible because of the `onlyController` modifier
#620
c4-submissions
closed
10 months ago
4
Unsafe uint32 conversion during queueWithdrawal can brick the market
#619
c4-submissions
closed
10 months ago
3
If feeRecipient gets blacklisted by asset protocol won't able to collect fees due to immutable nature of feeRecipient
#618
c4-submissions
closed
10 months ago
4
Borrower can never close the market
#617
c4-submissions
closed
10 months ago
4
potential griefing attack on setReserveRatioBips
#616
c4-submissions
closed
10 months ago
3
Use of `transfer()` Might Render asset Impossible to Withdraw
#615
c4-submissions
closed
10 months ago
3
The down of Chainalysis's SanctionsList leads to the malfunctioning of Wildcat's functions
#614
c4-submissions
opened
10 months ago
9
Borrower can abuse `setAnnualInterestBips` to set an interest rate lower than the minimum allowable (`minimumAnnualInterestBips`)
#613
c4-submissions
closed
10 months ago
2
Invalid validation of `releaseEscrow()` success
#612
c4-submissions
closed
10 months ago
4
borrowers did not have the ability to remove the blocked address in their markets because of `_getAccount` function
#611
c4-submissions
closed
10 months ago
4
Wrong argument order when calling createEscrow
#610
c4-submissions
closed
10 months ago
3
Core functionality of the WildcatMarket, including `closeMarket` can never be called based on the current implementation
#609
c4-submissions
closed
10 months ago
3
Insecure Access Control: Unauthorized Removal of Entities
#608
c4-submissions
closed
10 months ago
3
In certain cases the delinquency time for a borrower will not be decremented, even if they are no longer delinquent
#607
c4-submissions
closed
10 months ago
5
Rebase (underlying ERC20) tokens would break the property of supply and lead to a loss of funds
#606
c4-submissions
closed
10 months ago
3
Analysis
#605
c4-submissions
closed
10 months ago
1
Using ``WildCatMarketController.setAnnualInterestBips()`` a borrower can set a new ``annualInterestBips`` above /below the maximum/minimum respectively
#604
c4-submissions
closed
10 months ago
2
Continuous Borrowing Without Debt Reduction in borrow Function
#603
c4-submissions
closed
10 months ago
3
market can become delinquent after being closed, which result in lenders being unable to withdraw their funds
#602
c4-submissions
closed
10 months ago
2
QA Report
#601
c4-submissions
closed
10 months ago
1
Lack of appropriate function in `WildcatMarketController` to set maxTotalSupply in the market
#600
c4-submissions
closed
10 months ago
4
Reversed order of parameters in allowance function call
#599
c4-submissions
closed
10 months ago
3
Malicious borrower can set annual interest rate to an insignificant amount without being sanctioned
#598
c4-submissions
closed
10 months ago
3
Protocol fees can be bypassed through penalty rates
#597
c4-submissions
opened
10 months ago
6
Almost all functions of a Market can be DoS'd with stuck funds if the chosen asset uses high decimals or has a low numerary value due to an overflow
#596
c4-submissions
closed
10 months ago
6
Analysis
#595
c4-submissions
closed
10 months ago
2
Potential Reversion in closeMarket due to Insufficient Borrower's Balance
#594
c4-submissions
closed
10 months ago
3
Gas Optimizations
#593
c4-submissions
closed
10 months ago
1
When borrower closes the market, he won't pay all incurring debt while he was delinquency
#592
c4-submissions
closed
10 months ago
7
OpenZeppelin's EnumerableSet data structure
#591
c4-submissions
closed
10 months ago
5
Gas Optimizations
#590
c4-submissions
closed
10 months ago
1
Steal funds
#589
c4-submissions
closed
10 months ago
3
QA Report
#588
c4-submissions
closed
10 months ago
2
Gas Optimizations
#587
c4-submissions
opened
10 months ago
1
Precision Loss in Interest Rate Calculation
#586
c4-submissions
closed
10 months ago
3
Wrong implementation causes unexpected revert on WildcatMarket::deposit() function
#585
c4-submissions
opened
10 months ago
4
Underflow Vulnerability in transferFrom Function
#584
c4-submissions
closed
10 months ago
3
After lender is unsanctioned, he will not be able to withdraw and deposit again
#583
c4-submissions
closed
10 months ago
4
Previous
Next