code-423n4 2024-01-salty-findings issues

code-423n4 / 2024-01-salty-findings

11 stars 6 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Permanent Protocol Shutdown Triggered by Final Negative Vote on startExchange in BootstrapBallot::vote

#566 c4-bot-9 closed 9 months ago
2
repayUSDS() will double burn the repaid USDS, leading to dao member lossing usds.

#565 c4-bot-1 closed 9 months ago
2
addedliquidity will equal to decimals(which will be truncated) and not truly round down as the rounding down favors the system

#564 c4-bot-3 closed 9 months ago
1
# [M-2] Wrong validation in `removeLiquidity` can lead to DoS every time `_adjustReservesForSwap` is executed

#563 c4-bot-8 closed 9 months ago
2
Analysis

#562 c4-bot-2 opened 9 months ago
1
Blacklisted Tokens can be Added to Pools

#561 c4-bot-3 closed 9 months ago
2
Open approvals will block depositing liquidity

#560 c4-bot-6 closed 9 months ago
4
The rewards from `Emissions.sol` may not be distributed at a weekly rate of 0.50%

#559 c4-bot-7 opened 9 months ago
6
USDS stablecoin may become undercollateralized

#558 c4-bot-2 closed 9 months ago
2
Gas Optimizations

#557 c4-bot-6 opened 9 months ago
1
Ballots not yet past their deadline are incorrectly looped too by tokenWhitelistingBallotWithTheMostVotes()

#556 c4-bot-10 opened 9 months ago
5
Unwhitelisted tokens can be swapped in Pools and returned by PoolStats::arbitrageIndicies

#555 c4-bot-4 closed 9 months ago
2
0.03% of the total supply of SALT can get stuck forever in the Airdrop contract

#554 c4-bot-6 closed 9 months ago
2
Gas Optimizations

#553 c4-bot-3 closed 9 months ago
1
Due to wrong check in `Pools:removeLiquidity` function. The core invariant of DUST values in Reserve will always fail.

#552 c4-bot-5 closed 9 months ago
3
Denial of Service in `ManagedWallet` Prevents Future Proposals

#551 c4-bot-9 closed 9 months ago
3
Attacker can gain more voting power by incentivizing.

#550 c4-bot-8 closed 9 months ago
13
Seized collateral goes towards burning USDS that has already been burnt

#549 c4-bot-4 closed 9 months ago
3
Anyone can delay or prevent the liquidation of their collaterals

#548 c4-bot-2 closed 9 months ago
2
User can lose the ability to create proposals if his previous proposal didn't reach quorum

#547 c4-bot-7 closed 8 months ago
6
Rejecting the main wallet causes that new wallet cannot be proposed.

#546 c4-bot-7 closed 9 months ago
2
An attacker can claim all SALT rewards by using claimAllRewards

#545 c4-bot-8 closed 8 months ago
5
QA Report

#544 c4-bot-1 opened 9 months ago
3
A first liquidity depositor attacker can drain all SALT rewards

#543 c4-bot-8 closed 9 months ago
2
Attacker can borrow more USDS than allowed by manipulating collateral pool reserves

#542 c4-bot-5 closed 9 months ago
3
Error in Staking.sol unstaking calculation which could lead to users unstaking nothing instead of 20%

#541 c4-bot-5 closed 9 months ago
2
М-1 User can burn his own USDS token, lead to wrong accounting and forever lock his collateral in the protocol

#540 c4-bot-5 closed 9 months ago
1
Initial distribution of tokens won't ever be possible if participants favour `startExchangeNo` even though the overall votes changes in favour of `startExchangeYes` at a later stage

#539 c4-bot-6 closed 9 months ago
7
Analysis

#538 c4-bot-2 opened 9 months ago
2
Analysis

#537 c4-bot-9 opened 9 months ago
1
In the event of a USDS depeg, users can be unfairly liquidated and debts can be repaid at a lower cost.

#536 c4-bot-9 closed 9 months ago
2
First user to deposit liquidity can receive significant SALT rewards

#535 c4-bot-6 closed 9 months ago
2
The borrower's actions, such as repaying USDS or depositing collateral, may be vulnerable to front-running and subsequent liquidation

#534 c4-bot-9 closed 9 months ago
1
Only one yes vote needed for a ballot to be finalized

#533 c4-bot-4 closed 8 months ago
5
token-whitelisting-ballot ordering not respected which can cause loss of opportunity of whitelisting for the token

#532 c4-bot-3 opened 9 months ago
4
Only one yes vote needed to start exchange

#531 c4-bot-10 closed 9 months ago
2
In a black swan scenario, WBTC and WETH may undergo a death spiral, triggering cascading liquidations

#530 c4-bot-4 closed 9 months ago
1
Attacker can stop second confirmation ballot from starting by adding _confirm to a proposal name

#529 c4-bot-5 closed 8 months ago
5
Double Burning of USDS tokens in Liquidizer.sol and USDS.sol when Users Repay Borrowed USDS

#528 c4-bot-6 closed 9 months ago
2
First depositor can lose funds from sandwich-attack.

#527 c4-bot-8 closed 8 months ago
9
The protocol cannot liquidate under-collateralized user.

#526 c4-bot-5 closed 9 months ago
3
Caller will receive rewards for calling Upkeep but rewards will not be distributed

#525 c4-bot-10 closed 9 months ago
1
QA Report

#524 c4-bot-6 opened 9 months ago
6
Governance of parameter is wrong.

#523 c4-bot-4 closed 9 months ago
3
Initial price feeds can be changed without cooldown

#522 c4-bot-1 closed 9 months ago
3
Confirmation wallet owner loses funds when ManagedWallet updates the active wallet addresses

#521 c4-bot-5 closed 9 months ago
2
Wrong swaping and adding liquidity calculation.

#520 c4-bot-6 closed 9 months ago
1
Users can spend gas to vote and win but the proposal doesn't go through

#519 c4-bot-10 closed 9 months ago
2
Users who do not have access can still stake SALT.

#518 c4-bot-8 closed 9 months ago
2
When the pool is removed from the whitelist, funds will be stranded in the RewardsEmitter contract.

#517 c4-bot-8 closed 9 months ago
2

Previous Next