search

code-423n4 / 2024-01-init-capital-invitational-findings

1 stars 0 forks source link

QA Report #7

Open c4-bot-6 opened 8 months ago

c4-bot-6 commented 8 months ago

See the markdown file with the details of this report here.

c4-sponsor commented 8 months ago

fez-init (sponsor) acknowledged

hansfriese commented 8 months ago

Set treasury missing check address(0)

NC

Lack of function way to collateralize and decollateralize using WLP in MarginTradingHook.sol

Invalid - The current margin trading hook does not support WLP.

WLPMoeMasterChef reward token list can be outdated when master chef update extra reward contract

Invalid - It is still there for users to be able to claim unclaimed rewards.

If the order.recipient is blocklisted, his order can never be fulfilled

NC

Order cannot be filed in certain case and lack of view function to know if the order can be fulfilled

Invalid - It can be simulated via staticcall or other tx simulation tools

FillOrder may subject to reentrancy

L - We will move the status update to before, although we do not plan to support ERC777.

Flashloan does not charge fee

Invalid - Users can simply flashborrow and repay in the same transaction without any fees anyway.

Lack of view function for user to query if the flashloan can be used

NC

plus 2 downgraded QAs

c4-judge commented 8 months ago

hansfriese marked the issue as grade-a

c4-judge commented 8 months ago

hansfriese marked the issue as selected for report