issues
search
code-423n4
/
2024-01-salty-findings
5
stars
3
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Analysis
#916
c4-bot-2
opened
5 months ago
1
Gas Optimizations
#915
c4-bot-1
opened
5 months ago
1
WHILE WITHDRAWING COLLATERAL THE USER WILL NOT ALWAYS KEEP THE INIITAL COLLATERAL RATIO DUE TO ROUNDING DOWN HAPPENING IN THE `requiredCollateralValueAfterWithdrawal` VALUE CALCULATION
#914
c4-bot-10
closed
4 months ago
2
QA Report
#913
c4-bot-7
opened
5 months ago
9
If there is only one USDS borrower, he can never be liquidated
#912
c4-bot-6
opened
5 months ago
5
QA Report
#911
c4-bot-7
closed
5 months ago
1
Analysis
#910
c4-bot-7
opened
5 months ago
2
`priceFeedModificationCooldownExpiration` COOL DOWN EXPIRATION PERIOD IS NOT SET IN THE `PriceAggregator.setInitialFeed` FUNCTION THUS ALLOWING `PriceAggregator.setPriceFeed` FUNCTION TO BE CALLED IMMEDIATELY
#909
c4-bot-7
closed
5 months ago
3
MEV attack due to lack of upkeep cooldown
#908
c4-bot-5
opened
5 months ago
6
QA Report
#907
c4-bot-2
opened
5 months ago
4
Users can unstake and then cancel their stake immediately to game the rewards in StakingRewards.sol
#906
c4-bot-9
closed
5 months ago
5
Absence of autonomous mechanism for `selling collateral assets in the external market in exchange for USDS` will cause undercollateralization during market crashes and will cause USDS to depeg.
#905
c4-bot-1
opened
5 months ago
9
ManagedWallet implements the receive function but does not implement the transfer logic, causing ETH to be locked.
#904
c4-bot-7
closed
5 months ago
2
MALICIOUS BORROWER CAN AVOID LIQUIDATION BY UPDATING THE `user.cooldownExpiration` TIMESTAMP THUS INCURRING LOSS OF FUNDS ON THE PROTOCOL
#903
c4-bot-10
closed
5 months ago
2
Proposal Can Be Stuck Indefinitely Due to Lack of Quorum
#902
c4-bot-5
closed
5 months ago
2
In PoolMath the bytes shift to normalize inputs actually divides them by an arbitralily large number
#901
c4-bot-6
closed
5 months ago
2
Incorrect increase of `totalRewards` in `_increaseUserShare` function
#900
c4-bot-5
closed
5 months ago
5
zero slippage swap
#899
c4-bot-7
closed
5 months ago
2
Lack of voting duration allows users to vote even after the voting completion time.
#898
c4-bot-10
closed
5 months ago
4
Following a single Fix arbitrage path for particular swaps can lead to lesser arbitrage profits,faliure to detect arb opportunities and pools being imbalanced for longer periods
#897
c4-bot-10
closed
5 months ago
7
malicious user can exploit the staking reward system
#896
c4-bot-2
closed
5 months ago
4
QA Report
#895
c4-bot-4
closed
5 months ago
1
When there is a single WETH-WBTC LP, they cannot be liquidated
#894
c4-bot-1
closed
5 months ago
2
Incorrect logic for USDS repayments can result in improper liquidation of protocol owned liquidity
#893
c4-bot-6
closed
5 months ago
3
Users can improperly boost their vote for a proposal to manipulate quorum check
#892
c4-bot-6
closed
5 months ago
2
Users can prevent themselves from getting liquidated indefinitely
#891
c4-bot-6
closed
5 months ago
3
WBTC-WETH collateral pool for USDS can be abused to mint excessive USDS when the pool doesn't have enough liquidity
#890
c4-bot-1
closed
5 months ago
3
Gas Optimizations
#889
c4-bot-6
opened
5 months ago
3
Incorrect pricing of WBTC in the chainlink oracle can lead to incorrect prices, breaking stablecoin logic
#888
c4-bot-6
closed
5 months ago
2
`Pools.deposit()` and `Pools.withdraw()` can have problem with rebasing token
#887
c4-bot-10
closed
5 months ago
1
WETH-WBTC LP providers unfairly lose arbitrage rewards (SALT emissions) in certain cases
#886
c4-bot-10
closed
4 months ago
9
User can prevent liquidators from closing their unhealthy positions
#885
c4-bot-3
closed
5 months ago
2
no receiver validation
#884
c4-bot-3
closed
5 months ago
1
Excess burning of USDC
#883
c4-bot-6
closed
5 months ago
4
QA Report
#882
c4-bot-2
closed
5 months ago
1
Attackers can brick proposals by creating fake confirmation proposals
#881
c4-bot-1
closed
5 months ago
4
Invariant violated, _userHasActiveProposal[msg.sender] = false while msg.sender has an active proposal
#880
c4-bot-2
closed
5 months ago
4
Using Atomic arbitrage an attacker can knowingly make bad trades only to manipulate pool reserves and walk away with bad debts and net profit
#879
c4-bot-3
closed
5 months ago
7
QA Report
#878
c4-bot-7
opened
5 months ago
0
Unexpected result can occur since the logic of `winningParameterVote` is incorrect.
#877
c4-bot-3
closed
5 months ago
3
Slippage and stale tx protections always disabled for protocol owned liquidity add , withdraw and swap
#876
c4-bot-9
closed
5 months ago
2
Since the `formPOL` function doesn't refund the left token, tokens can be locked in the `DAO` contract.
#875
c4-bot-4
closed
5 months ago
3
No slippage protection, so attackers can build bots to front-run trades
#874
c4-bot-2
closed
5 months ago
4
Analysis
#873
c4-bot-2
opened
5 months ago
1
confirmationWallet can DOS ManagedWallet by sending ether every 29 days
#872
c4-bot-2
opened
5 months ago
6
user can claim rewards more than they deserve
#871
c4-bot-2
closed
5 months ago
0
Attackers can increase vote for ballot for free by unstaking and vote again
#870
c4-bot-2
closed
5 months ago
2
performUpKeep can be used to extract collateral value of liquidating and AAA profit of DAO
#869
c4-bot-2
closed
5 months ago
5
Saltys Oracle can be manipulated to crash WETH or WTBC value and liquidate users if other pricefeed fails
#868
c4-bot-2
closed
5 months ago
3
Potential USDS Value Loss Due to Shortfall in Protocol
#867
c4-bot-8
closed
5 months ago
1
Previous
Next