code-423n4 2024-01-salty-findings issues

code-423n4 / 2024-01-salty-findings

5 stars 3 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Analysis

#916 c4-bot-2 opened 5 months ago
1
Gas Optimizations

#915 c4-bot-1 opened 5 months ago
1
WHILE WITHDRAWING COLLATERAL THE USER WILL NOT ALWAYS KEEP THE INIITAL COLLATERAL RATIO DUE TO ROUNDING DOWN HAPPENING IN THE `requiredCollateralValueAfterWithdrawal` VALUE CALCULATION

#914 c4-bot-10 closed 4 months ago
2
QA Report

#913 c4-bot-7 opened 5 months ago
9
If there is only one USDS borrower, he can never be liquidated

#912 c4-bot-6 opened 5 months ago
5
QA Report

#911 c4-bot-7 closed 5 months ago
1
Analysis

#910 c4-bot-7 opened 5 months ago
2
`priceFeedModificationCooldownExpiration` COOL DOWN EXPIRATION PERIOD IS NOT SET IN THE `PriceAggregator.setInitialFeed` FUNCTION THUS ALLOWING `PriceAggregator.setPriceFeed` FUNCTION TO BE CALLED IMMEDIATELY

#909 c4-bot-7 closed 5 months ago
3
MEV attack due to lack of upkeep cooldown

#908 c4-bot-5 opened 5 months ago
6
QA Report

#907 c4-bot-2 opened 5 months ago
4
Users can unstake and then cancel their stake immediately to game the rewards in StakingRewards.sol

#906 c4-bot-9 closed 5 months ago
5
Absence of autonomous mechanism for `selling collateral assets in the external market in exchange for USDS` will cause undercollateralization during market crashes and will cause USDS to depeg.

#905 c4-bot-1 opened 5 months ago
9
ManagedWallet implements the receive function but does not implement the transfer logic, causing ETH to be locked.

#904 c4-bot-7 closed 5 months ago
2
MALICIOUS BORROWER CAN AVOID LIQUIDATION BY UPDATING THE `user.cooldownExpiration` TIMESTAMP THUS INCURRING LOSS OF FUNDS ON THE PROTOCOL

#903 c4-bot-10 closed 5 months ago
2
Proposal Can Be Stuck Indefinitely Due to Lack of Quorum

#902 c4-bot-5 closed 5 months ago
2
In PoolMath the bytes shift to normalize inputs actually divides them by an arbitralily large number

#901 c4-bot-6 closed 5 months ago
2
Incorrect increase of `totalRewards` in `_increaseUserShare` function

#900 c4-bot-5 closed 5 months ago
5
zero slippage swap

#899 c4-bot-7 closed 5 months ago
2
Lack of voting duration allows users to vote even after the voting completion time.

#898 c4-bot-10 closed 5 months ago
4
Following a single Fix arbitrage path for particular swaps can lead to lesser arbitrage profits,faliure to detect arb opportunities and pools being imbalanced for longer periods

#897 c4-bot-10 closed 5 months ago
7
malicious user can exploit the staking reward system

#896 c4-bot-2 closed 5 months ago
4
QA Report

#895 c4-bot-4 closed 5 months ago
1
When there is a single WETH-WBTC LP, they cannot be liquidated

#894 c4-bot-1 closed 5 months ago
2
Incorrect logic for USDS repayments can result in improper liquidation of protocol owned liquidity

#893 c4-bot-6 closed 5 months ago
3
Users can improperly boost their vote for a proposal to manipulate quorum check

#892 c4-bot-6 closed 5 months ago
2
Users can prevent themselves from getting liquidated indefinitely

#891 c4-bot-6 closed 5 months ago
3
WBTC-WETH collateral pool for USDS can be abused to mint excessive USDS when the pool doesn't have enough liquidity

#890 c4-bot-1 closed 5 months ago
3
Gas Optimizations

#889 c4-bot-6 opened 5 months ago
3
Incorrect pricing of WBTC in the chainlink oracle can lead to incorrect prices, breaking stablecoin logic

#888 c4-bot-6 closed 5 months ago
2
`Pools.deposit()` and `Pools.withdraw()` can have problem with rebasing token

#887 c4-bot-10 closed 5 months ago
1
WETH-WBTC LP providers unfairly lose arbitrage rewards (SALT emissions) in certain cases

#886 c4-bot-10 closed 4 months ago
9
User can prevent liquidators from closing their unhealthy positions

#885 c4-bot-3 closed 5 months ago
2
no receiver validation

#884 c4-bot-3 closed 5 months ago
1
Excess burning of USDC

#883 c4-bot-6 closed 5 months ago
4
QA Report

#882 c4-bot-2 closed 5 months ago
1
Attackers can brick proposals by creating fake confirmation proposals

#881 c4-bot-1 closed 5 months ago
4
Invariant violated, _userHasActiveProposal[msg.sender] = false while msg.sender has an active proposal

#880 c4-bot-2 closed 5 months ago
4
Using Atomic arbitrage an attacker can knowingly make bad trades only to manipulate pool reserves and walk away with bad debts and net profit

#879 c4-bot-3 closed 5 months ago
7
QA Report

#878 c4-bot-7 opened 5 months ago
0
Unexpected result can occur since the logic of `winningParameterVote` is incorrect.

#877 c4-bot-3 closed 5 months ago
3
Slippage and stale tx protections always disabled for protocol owned liquidity add , withdraw and swap

#876 c4-bot-9 closed 5 months ago
2
Since the `formPOL` function doesn't refund the left token, tokens can be locked in the `DAO` contract.

#875 c4-bot-4 closed 5 months ago
3
No slippage protection, so attackers can build bots to front-run trades

#874 c4-bot-2 closed 5 months ago
4
Analysis

#873 c4-bot-2 opened 5 months ago
1
confirmationWallet can DOS ManagedWallet by sending ether every 29 days

#872 c4-bot-2 opened 5 months ago
6
user can claim rewards more than they deserve

#871 c4-bot-2 closed 5 months ago
0
Attackers can increase vote for ballot for free by unstaking and vote again

#870 c4-bot-2 closed 5 months ago
2
performUpKeep can be used to extract collateral value of liquidating and AAA profit of DAO

#869 c4-bot-2 closed 5 months ago
5
Saltys Oracle can be manipulated to crash WETH or WTBC value and liquidate users if other pricefeed fails

#868 c4-bot-2 closed 5 months ago
3
Potential USDS Value Loss Due to Shortfall in Protocol

#867 c4-bot-8 closed 5 months ago
1

Previous Next