code-423n4 2023-12-ethereumcreditguild-findings issues

code-423n4 / 2023-12-ethereumcreditguild-findings

17 stars 11 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Calls to debtCeiling can return values higher than the hardCap

#1189 c4-bot-2 closed 8 months ago
6
QA Report

#1188 c4-bot-6 closed 8 months ago
3
Redemptions can be unpaused by cleaning up the same term multiple times

#1187 c4-bot-5 closed 7 months ago
7
The distribution of rewards for a lending term is unfair after a loss occurs

#1186 c4-bot-4 closed 8 months ago
10
Rewards from the `SurplusGuildMinter` and `ProfitManager` contracts are sandwichable.

#1185 c4-bot-6 closed 9 months ago
6
Greedy Vote Freeing:

#1184 c4-bot-10 closed 8 months ago
4
First-time staker can steal past rewards from SurplusGuildMinter

#1183 c4-bot-4 closed 8 months ago
5
Loans with a minimum borrowing amount can not be partially repaid

#1182 c4-bot-6 closed 8 months ago
12
Analysis

#1181 c4-bot-7 closed 8 months ago
2
QA Report

#1180 c4-bot-8 closed 8 months ago
2
First minter of a gauge can mint more tokens than designed

#1179 c4-bot-9 closed 8 months ago
6
Users can avoid Gauge losses by following auctionhouse events.

#1178 c4-bot-1 closed 8 months ago
7
`_decrementWeightUntilFree()` Possible infinite loop in ERC20Gauges.sol

#1177 c4-bot-6 closed 9 months ago
5
Proxy and upgradable tokens (like TUSD) can cause issues to the protocol

#1176 c4-bot-6 closed 8 months ago
4
THE RETURN BOOLEAN VALUE OF THE `CreditToken.transfer` AND `CreditToken.transferFrom` FUNCTIONS ARE NOT CHECKED FOR SUCCESS THUS PROMPTING ERRORNEOUS STATE CHANGES

#1175 c4-bot-2 closed 8 months ago
3
No liquidation mechanism is present for non-periodic payment loans.

#1174 c4-bot-7 closed 8 months ago
4
Liquidators can short credit tokens via PSM contract for massive profits.

#1173 c4-bot-3 closed 8 months ago
6
Malicious borrower can cause deprecation of term that don't have partial repayments

#1172 c4-bot-10 closed 9 months ago
4
The partialRepay() function may not be usable in some cases

#1171 c4-bot-3 closed 9 months ago
5
`totalBorrowedCredit` can revert, breaking gauges.

#1170 c4-bot-3 opened 9 months ago
9
Analysis

#1169 c4-bot-9 opened 9 months ago
2
`applyGaugeLoss` calls fail due to low minter buffer

#1168 c4-bot-9 closed 8 months ago
8
Borrowers can recover part of their interest payment with flashloans.

#1167 c4-bot-5 closed 9 months ago
7
PnL system can be broken by large users intentionally or unintentionally.

#1166 c4-bot-5 opened 9 months ago
11
In the proposeOffboard function of the LendingTermOffboarding contract, there is no verification of whether the passed-in term parameter comes from the same market. A malicious actor may use the proposeOffboard function to offboard lending terms from other different markets.

#1165 c4-bot-7 closed 8 months ago
3
`surplusGuildMinter.sol`:`getRewards` uses bad value for userStake

#1164 c4-bot-4 closed 7 months ago
10
there is no preventation for caliing call function and puting borrower collateral randomly in auction even if did repay

#1163 c4-bot-10 closed 8 months ago
3
LendingTerm.onBid reverts before auction midpoint if the borrower is blocklisted for the collateral token

#1162 c4-bot-3 closed 8 months ago
7
Users can be denied from transferring the GuildToken

#1161 c4-bot-4 closed 9 months ago
5
The user `guild amount` is not updated if the `mintRatio` is updated, causing users to get more rewards in the `SurplusGuildMinter` contract

#1160 c4-bot-4 opened 9 months ago
7
The partialReapay can be DOS if the minBorrow is incremented

#1159 c4-bot-3 closed 9 months ago
5
badactor can borrow and repay and fill the ceiling even if the ceiling is large, (there is no decrease from totalcredit when repaying this is can be big problem too)

#1158 c4-bot-3 closed 8 months ago
3
QA Report

#1157 c4-bot-4 closed 8 months ago
2
Using temporary value can lead to a chain of bad debts

#1156 c4-bot-4 closed 9 months ago
7
Misplacement of ++i increment which stop the _decrementWeightUntilFree function and doesn't free up user gauge weight.

#1155 c4-bot-4 closed 9 months ago
5
Gas Optimizations

#1154 c4-bot-4 closed 8 months ago
3
The Governor can take user funds from both the LendingTerms as well as SimplePSM

#1153 c4-bot-4 closed 8 months ago
3
Slashing in SurplusGuildMinter is determined incorrectly leading to user losing his GUILD stake and also the guildReward from his staking Position

#1152 c4-bot-5 closed 9 months ago
3
Users losing their staking record due to mistaken slashing

#1151 c4-bot-5 closed 9 months ago
4
Analysis

#1150 c4-bot-7 closed 8 months ago
3
Different markets can prevent the execution of proposals in other markets, resulting in confusion in the system's proposal

#1149 c4-bot-2 closed 8 months ago
3
Adding collateral to the position does nothing

#1148 c4-bot-2 closed 9 months ago
3
Replay attack to suddenly offboard the re-onboarded lending term

#1147 c4-bot-9 opened 9 months ago
15
Credit Tokens are not burned properly in `SimplePSM.redeem()`.

#1146 c4-bot-6 closed 8 months ago
3
LendingTermOffboarding : once a term is proposed to Offboard and missed from off boarding, it never be proposed for offboard again.

#1145 c4-bot-1 closed 8 months ago
3
Propose Poll To OffBoard Would Expire Way Quicker In L2s

#1144 c4-bot-9 opened 9 months ago
7
There is no incentive for anyone to ` call ` a defauting loan paying the transaction fee

#1143 c4-bot-1 closed 8 months ago
3
Misplacement of ++i increment which stops the function and doesn't free up user gauge weight.

#1142 c4-bot-2 closed 9 months ago
1
Re-triggering the `canOffboard[term]` flag to bypass the DAO vote of the lending term offboarding mechanism

#1141 c4-bot-5 opened 9 months ago
17
SurplusGuildMinter contract might be DoS because function `getRewards` claims rewards from all active lending terms

#1140 c4-bot-2 closed 8 months ago
3

Previous Next