c4-sponsor
commented
10 months ago fez-init (sponsor) acknowledged
Open c4-bot-2 opened 11 months ago
c4-sponsor
commented
10 months ago fez-init (sponsor) acknowledged
c4-judge
commented
10 months ago hansfriese marked the issue as grade-a
hansfriese
commented
10 months ago [L - 01] execute() could check leftover balances in all interacted tokens. NC
[L - 02] reserveFactor in LendingPool should be capped at 1e18 L
[L - 03] missing a way to remove collTokens from Config.sol, which could be dangerous in the long run as some token could go rogue (or an upgrade). NC
[L - 04] setBorrFactors_e18() could check for duplicate _pools as an additional check to make sure that no incorrect factors are set. If 2 duplicates are sent, only the latter will take effect, which could have very dangerous implications. L
[L - 05] excess ETH in InitCore:Multicall() and InitCore:callback() could be refunded. L
[L - 06] _liquidateInternal() should revert if the mode is 0. Invalid
[L - 07] msg.value in a loop reverts or steals balance from the contract (although it is not supposed to hold funds). It's still dangerous anyway. Invalid
Plus 3 downgraded QAs
c4-judge
commented
10 months ago hansfriese marked the issue as selected for report
See the markdown file with the details of this report here.