code-423n4 2024-01-salty-findings issues

code-423n4 / 2024-01-salty-findings

11 stars 6 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

SALT staker can get extra voting power by simply unstaking their xSALT

#716 c4-bot-5 opened 9 months ago
6
Rounding up can miscalculate rewards for users in staking contracts

#715 c4-bot-1 closed 8 months ago
9
Analysis

#714 c4-bot-10 opened 9 months ago
1
A user can make profit by borrowing USDS during a market crash

#713 c4-bot-8 closed 9 months ago
3
Development Team might receive less SALT because there is no access control on `VestingWallet#release()`

#712 c4-bot-4 opened 9 months ago
11
Increasing `minimumCollateralRatioPercent` in a DAO proposal will afect USDS borrowers

#711 c4-bot-2 opened 9 months ago
3
Same amount of SALT can be used to vote for a proposal more than once

#710 c4-bot-6 closed 8 months ago
4
Incorrect slippage protection order in `withdrawLiquidityAndClaim()`

#709 c4-bot-6 closed 9 months ago
5
The `pendingRewards` of a pool keeps locked in `liquidityRewardsEmitter` after the pool is unwhitelisted

#708 c4-bot-8 opened 9 months ago
2
Depositing liquidity with zapping can revert due to underflow

#707 c4-bot-6 closed 8 months ago
8
A SALT whale can manipulate the ballot quorum to finalize when it would not be suposed to

#706 c4-bot-8 closed 9 months ago
2
Votes are not deleted for stakers that unstaked their SALT

#705 c4-bot-6 closed 9 months ago
2
Token value in ETH calculated for arbitrage is computed wrong

#704 c4-bot-2 closed 9 months ago
6
First airdrop receiver/staker can DoS the staking contract freezing people's funds higher than a certain threshold

#703 c4-bot-1 closed 9 months ago
1
It does not check if the pool has ever been whitelisted before when whitelisting it

#702 c4-bot-8 closed 9 months ago
8
`remainingRatioAfterReward` might be less than 105% when a user is liquidated

#701 c4-bot-3 closed 9 months ago
2
QA Report

#700 c4-bot-4 closed 9 months ago
3
There is no specific end time for the balloting process

#699 c4-bot-2 opened 9 months ago
9
confirmationWallet can confirm changes in advance

#698 c4-bot-5 closed 9 months ago
2
The proposedMainWallet and proposedConfirmationWallet are not reset after confirmationWallet rejects wallet proposals

#697 c4-bot-4 closed 9 months ago
2
First collateral/liquidity provider can DoS AMM pools and USDS almost for free

#696 c4-bot-4 closed 8 months ago
9
`CollateralAndLiquidity#liquidateUser()` might fail due to cooldown period restriction

#695 c4-bot-6 closed 9 months ago
2
Lack of Time-Based Restriction for liquidateUser Function

#694 c4-bot-8 closed 9 months ago
2
Collateral provider can not increase their collateral before cooldown expired

#693 c4-bot-9 closed 9 months ago
2
lack of access control for Salt.burnTokensInContract( )

#692 c4-bot-7 closed 9 months ago
1
The function `withdrawPOL` lacks slippage protection

#691 c4-bot-7 closed 9 months ago
3
Hardcoded Reward Distribution Logic in DAO Contract

#690 c4-bot-7 closed 9 months ago
1
`requiredQuorum` may be lower than the actual value

#689 c4-bot-8 closed 9 months ago
2
The arbitrage reward distribution process may result in some rewards being lost

#688 c4-bot-9 opened 9 months ago
3
Rounding Errors in Reward Calculations

#687 c4-bot-10 closed 9 months ago
1
sendSALT may send more than 5% of the tokens

#686 c4-bot-10 closed 9 months ago
2
proposeTokenWhitelisting can be DoS

#685 c4-bot-2 closed 8 months ago
6
Missing Exchange Access Check in depositCollateralAndIncreaseShare Function

#684 c4-bot-1 closed 9 months ago
1
CreateProposal can be DoS

#683 c4-bot-2 closed 9 months ago
2
`BootstrapBallot#vote()` doesn't check if the ballot has been completed or not

#682 c4-bot-6 closed 8 months ago
9
finalizeBallot may have a race condition

#681 c4-bot-6 closed 9 months ago
1
A borrower can lose their collateral by a `back-running` attack - right after the borrower would borrow USDS

#680 c4-bot-4 closed 8 months ago
4
votingPower can be doubled when the time lock expires

#679 c4-bot-6 closed 9 months ago
2
Inadequate Slippage Management in Arbitrage Calculations

#678 c4-bot-9 closed 8 months ago
1
Malicious users can make their debts unliquidated

#677 c4-bot-8 closed 9 months ago
2
`Pools#removeLiquidity()` will be reverted if `liquidityToRemove` is equal to `totalLiquidity`

#676 c4-bot-6 closed 9 months ago
2
The ManagedWallet contract cannot transfer ETH which will result in ETH being locked in it

#675 c4-bot-2 closed 9 months ago
2
A malicious user can borrow USDS without having to repay it.

#674 c4-bot-10 closed 9 months ago
3
Inflexible Precision in Arbitrage Calculation

#673 c4-bot-6 closed 9 months ago
1
Some salt tokens cannot be used in Airdrop

#672 c4-bot-3 closed 9 months ago
1
StakingRewards#addSALTRewards can be front-running

#671 c4-bot-4 closed 9 months ago
2
a proposal can not be closed if the voting quorum is not reached

#670 c4-bot-3 closed 9 months ago
2
decrease userShare might result in `totalRewards` equal to 0

#669 c4-bot-8 closed 8 months ago
8
lack of access control ,for USDS.mintTo( ) , USDS.burnTokensInContract( )

#668 c4-bot-5 closed 9 months ago
1
The first user deposits 1 wei to the pool to attack the pool

#667 c4-bot-8 closed 9 months ago
1

Previous Next