issues
search
code-423n4
/
2023-12-ethereumcreditguild-findings
17
stars
11
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Calls to debtCeiling can return values higher than the hardCap
#1189
c4-bot-2
closed
8 months ago
6
QA Report
#1188
c4-bot-6
closed
8 months ago
3
Redemptions can be unpaused by cleaning up the same term multiple times
#1187
c4-bot-5
closed
7 months ago
7
The distribution of rewards for a lending term is unfair after a loss occurs
#1186
c4-bot-4
closed
8 months ago
10
Rewards from the `SurplusGuildMinter` and `ProfitManager` contracts are sandwichable.
#1185
c4-bot-6
closed
9 months ago
6
Greedy Vote Freeing:
#1184
c4-bot-10
closed
8 months ago
4
First-time staker can steal past rewards from SurplusGuildMinter
#1183
c4-bot-4
closed
8 months ago
5
Loans with a minimum borrowing amount can not be partially repaid
#1182
c4-bot-6
closed
8 months ago
12
Analysis
#1181
c4-bot-7
closed
8 months ago
2
QA Report
#1180
c4-bot-8
closed
8 months ago
2
First minter of a gauge can mint more tokens than designed
#1179
c4-bot-9
closed
8 months ago
6
Users can avoid Gauge losses by following auctionhouse events.
#1178
c4-bot-1
closed
8 months ago
7
`_decrementWeightUntilFree()` Possible infinite loop in ERC20Gauges.sol
#1177
c4-bot-6
closed
9 months ago
5
Proxy and upgradable tokens (like TUSD) can cause issues to the protocol
#1176
c4-bot-6
closed
8 months ago
4
THE RETURN BOOLEAN VALUE OF THE `CreditToken.transfer` AND `CreditToken.transferFrom` FUNCTIONS ARE NOT CHECKED FOR SUCCESS THUS PROMPTING ERRORNEOUS STATE CHANGES
#1175
c4-bot-2
closed
8 months ago
3
No liquidation mechanism is present for non-periodic payment loans.
#1174
c4-bot-7
closed
8 months ago
4
Liquidators can short credit tokens via PSM contract for massive profits.
#1173
c4-bot-3
closed
8 months ago
6
Malicious borrower can cause deprecation of term that don't have partial repayments
#1172
c4-bot-10
closed
9 months ago
4
The partialRepay() function may not be usable in some cases
#1171
c4-bot-3
closed
9 months ago
5
`totalBorrowedCredit` can revert, breaking gauges.
#1170
c4-bot-3
opened
9 months ago
9
Analysis
#1169
c4-bot-9
opened
9 months ago
2
`applyGaugeLoss` calls fail due to low minter buffer
#1168
c4-bot-9
closed
8 months ago
8
Borrowers can recover part of their interest payment with flashloans.
#1167
c4-bot-5
closed
9 months ago
7
PnL system can be broken by large users intentionally or unintentionally.
#1166
c4-bot-5
opened
9 months ago
11
In the proposeOffboard function of the LendingTermOffboarding contract, there is no verification of whether the passed-in term parameter comes from the same market. A malicious actor may use the proposeOffboard function to offboard lending terms from other different markets.
#1165
c4-bot-7
closed
8 months ago
3
`surplusGuildMinter.sol`:`getRewards` uses bad value for userStake
#1164
c4-bot-4
closed
7 months ago
10
there is no preventation for caliing call function and puting borrower collateral randomly in auction even if did repay
#1163
c4-bot-10
closed
8 months ago
3
LendingTerm.onBid reverts before auction midpoint if the borrower is blocklisted for the collateral token
#1162
c4-bot-3
closed
8 months ago
7
Users can be denied from transferring the GuildToken
#1161
c4-bot-4
closed
9 months ago
5
The user `guild amount` is not updated if the `mintRatio` is updated, causing users to get more rewards in the `SurplusGuildMinter` contract
#1160
c4-bot-4
opened
9 months ago
7
The partialReapay can be DOS if the minBorrow is incremented
#1159
c4-bot-3
closed
9 months ago
5
badactor can borrow and repay and fill the ceiling even if the ceiling is large, (there is no decrease from totalcredit when repaying this is can be big problem too)
#1158
c4-bot-3
closed
8 months ago
3
QA Report
#1157
c4-bot-4
closed
8 months ago
2
Using temporary value can lead to a chain of bad debts
#1156
c4-bot-4
closed
9 months ago
7
Misplacement of ++i increment which stop the _decrementWeightUntilFree function and doesn't free up user gauge weight.
#1155
c4-bot-4
closed
9 months ago
5
Gas Optimizations
#1154
c4-bot-4
closed
8 months ago
3
The Governor can take user funds from both the LendingTerms as well as SimplePSM
#1153
c4-bot-4
closed
8 months ago
3
Slashing in SurplusGuildMinter is determined incorrectly leading to user losing his GUILD stake and also the guildReward from his staking Position
#1152
c4-bot-5
closed
9 months ago
3
Users losing their staking record due to mistaken slashing
#1151
c4-bot-5
closed
9 months ago
4
Analysis
#1150
c4-bot-7
closed
8 months ago
3
Different markets can prevent the execution of proposals in other markets, resulting in confusion in the system's proposal
#1149
c4-bot-2
closed
8 months ago
3
Adding collateral to the position does nothing
#1148
c4-bot-2
closed
9 months ago
3
Replay attack to suddenly offboard the re-onboarded lending term
#1147
c4-bot-9
opened
9 months ago
15
Credit Tokens are not burned properly in `SimplePSM.redeem()`.
#1146
c4-bot-6
closed
8 months ago
3
LendingTermOffboarding : once a term is proposed to Offboard and missed from off boarding, it never be proposed for offboard again.
#1145
c4-bot-1
closed
8 months ago
3
Propose Poll To OffBoard Would Expire Way Quicker In L2s
#1144
c4-bot-9
opened
9 months ago
7
There is no incentive for anyone to ` call ` a defauting loan paying the transaction fee
#1143
c4-bot-1
closed
8 months ago
3
Misplacement of ++i increment which stops the function and doesn't free up user gauge weight.
#1142
c4-bot-2
closed
9 months ago
1
Re-triggering the `canOffboard[term]` flag to bypass the DAO vote of the lending term offboarding mechanism
#1141
c4-bot-5
opened
9 months ago
17
SurplusGuildMinter contract might be DoS because function `getRewards` claims rewards from all active lending terms
#1140
c4-bot-2
closed
8 months ago
3
Previous
Next