code-423n4 2023-12-particle-findings issues

code-423n4 / 2023-12-particle-findings

2 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> 2 from #49 [1704028025372]

#66 c4-judge closed 8 months ago
2
Upgraded Q -> 2 from #37 [1703589922038]

#64 c4-judge closed 8 months ago
2
Gas Optimizations

#63 c4-bot-4 opened 8 months ago
5
QA Report

#62 c4-bot-6 opened 8 months ago
3
Zero amount token transfers may cause a denial of service during liquidations

#61 c4-bot-4 opened 8 months ago
10
Non-upgradeable contract may cause storage clashing during upgrades

#60 c4-bot-10 opened 8 months ago
7
Dangerous use of deadline parameter

#59 c4-bot-2 opened 8 months ago
4
ERC20 implementations may revert on zero approval

#58 c4-bot-8 opened 8 months ago
6
LP owner cannot control slippage while managing their position

#57 c4-bot-10 closed 8 months ago
2
Liquidator has no incentives to execute a favorable trade to the borrower

#56 c4-bot-9 closed 8 months ago
6
Increase liquidity in close position may not cover original borrowed liquidity

#55 c4-bot-6 opened 8 months ago
4
Add premium doesn't collect fees

#54 c4-bot-5 opened 8 months ago
6
Owners of LPs can be dosed when removing their position

#53 c4-bot-5 closed 8 months ago
3
Modifying the loan term setting can default existing loans

#52 c4-bot-5 opened 8 months ago
6
Liquidation condition should not factor the liquidation reward into the premiums

#51 c4-bot-6 opened 8 months ago
9
Incorrect fee calculation may lead to borrower overpaying

#50 c4-bot-9 closed 8 months ago
5
QA Report

#49 c4-bot-9 opened 8 months ago
4
liquidator will always take what is left of borrowers premium

#48 c4-bot-9 closed 8 months ago
6
borrower can prevent liquidation by manipulating the swap

#47 c4-bot-9 opened 8 months ago
5
positions "out of the money" don't pay any fees

#46 c4-bot-6 opened 8 months ago
5
`marginTo` when opening a position increases slippage

#45 c4-bot-6 closed 8 months ago
6
impossible to open a position with a large `marginTo`

#44 c4-bot-5 opened 8 months ago
6
adding a lot of premium can cause truncation and lock tokens in contract

#43 c4-bot-6 opened 8 months ago
5
borrower can prevent liquidity provider from withdrawing their liquidity

#42 c4-bot-5 closed 8 months ago
3
lack of slippage protection for `increaseLiquidity`, and `decreaseLiquidity`

#41 c4-bot-6 closed 8 months ago
2
lack of deadline for uniswap interactions

#40 c4-bot-5 closed 8 months ago
2
changing `LOAN_TERM` changes terms for existing loans

#39 c4-bot-5 closed 8 months ago
2
position can be opened without premium

#38 c4-bot-5 closed 8 months ago
13
QA Report

#37 c4-bot-2 opened 8 months ago
2
collectLiquidity() Lack of can specify recipient leads to inability to retrieve token1 after entering the blacklist of token0

#36 c4-bot-8 opened 8 months ago
6
reclaimLiquidity() Malicious borrowers can force LPs to be unable to retrieve Liquidity by closing and reopening the Position before it expires.

#35 c4-bot-6 opened 8 months ago
5
liquidatePosition() change LOAN_TERM may result in the borrower paying additional liquidation fees.

#34 c4-bot-6 closed 8 months ago
2
malicious borrowers can follow reclaimLiquidity() then execute addPremium() to invalidate renewalCutoffTime

#33 c4-bot-5 opened 8 months ago
9
Using `addPremium()` to evade part of the fees from `marginFrom`

#32 c4-bot-1 closed 8 months ago
4
If the borrower enters token blacklist, LP may never be able to retrieve Liquidity

#31 c4-bot-1 opened 8 months ago
16
In some pools, borrowers can maliciously prevent liquidatePosition()

#30 c4-bot-1 closed 8 months ago
4
increaseLiquidity/decreaseLiquidity Lack of slippage protection

#29 c4-bot-1 closed 8 months ago
2
openPosition() use stale feeGrowthInside0LastX128/feeGrowthInside1LastX128

#28 c4-bot-1 opened 8 months ago
7
openPosition() Lack of minimum token0PremiumPortion/token1PremiumPortion limit

#27 c4-bot-6 opened 8 months ago
4
liquidatePosition() liquidator can construct malicious data to steal the borrower's profit.

#26 c4-bot-6 opened 8 months ago
20
testing submission

#25 c4-bot-2 closed 8 months ago
2
Analysis

#24 c4-bot-5 opened 8 months ago
4
use sqrtRatioX96 from pool.slot0 is vulnerable to price manipulation

#23 c4-bot-3 opened 8 months ago
9
Position can be opened even when the particle position manger does not hold the Uniswap V3 Position NFT

#22 c4-bot-8 opened 8 months ago
5
Only ensure the Lp is repaid when close the position invites MEV bot

#21 c4-bot-6 closed 8 months ago
3
Lack of input validation for ClosePositionParams.amountSwap results in theft of fund (premium + protocol fee))

#20 c4-bot-6 closed 8 months ago
10
QA Report

#19 c4-bot-1 opened 8 months ago
3
Malicious lender can manipulate the fee to force borrower pay high premium

#18 c4-bot-3 opened 8 months ago
12
Inconsistent downcasting to uint24 result in loss of precision when adding premium

#17 c4-bot-10 opened 8 months ago
15
Position cannot be liquidated if the borrower is blocklisted

#16 c4-bot-3 closed 8 months ago
2