issues
search
code-423n4
/
2024-02-wise-lending-findings
8
stars
6
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Withdrawing uncollateralized deposits is possible even though the position is in liquidation mode
#260
c4-bot-1
opened
4 months ago
7
Operations could be blocked as they are calculated based on block timestamp and on arbitrum 2 blocks can have the same timestamp
#259
c4-bot-1
closed
3 months ago
4
Borrower can partially pay back and leave in their position a small borrowing amount/share leading to the protocol's bad debt
#258
c4-bot-8
closed
4 months ago
6
Gas Optimizations
#257
c4-bot-8
closed
4 months ago
2
FeeManager.addPoolTokenAddress() function unable to be called due to wrong expected caller
#256
c4-bot-7
closed
3 months ago
3
The protocol allows borrowing small positions that can create bad debt
#255
c4-bot-8
opened
4 months ago
8
Gas Optimizations
#254
c4-bot-6
opened
4 months ago
4
Analysis
#253
c4-bot-9
closed
3 months ago
2
Analysis
#252
c4-bot-8
closed
3 months ago
2
Off-by-one bug prevents the `_compareMinMax()` from detecting Chainlink aggregators' circuit-breaking events
#251
c4-bot-6
opened
4 months ago
13
Liquidations could be blocked by a malicious user as it could do other liquidations in his name to create positons token data on his/other users nfts.
#250
c4-bot-7
closed
3 months ago
7
Wrong `NORMALISATION_FACTOR` constant leads to the malfunctioning of the LASA algorithm
#249
c4-bot-9
closed
4 months ago
4
Gas Optimizations
#248
c4-bot-9
opened
4 months ago
4
The `paybackBadDebtForToken` function is also vulnerable to reentrancy attacks.
#247
c4-bot-10
closed
3 months ago
3
Receive functions does not forward funds to master address
#246
c4-bot-2
closed
3 months ago
13
Unchecked return value bug on `TransferHelper::_safeTransferFrom()`
#245
c4-bot-2
opened
4 months ago
7
[H-3] Share's health factor not checked leading to wrong positions health state.
#244
c4-bot-1
closed
3 months ago
5
Bad accounting bug on `WiseSecurity::checkBadDebtLiquidation()` leads to permanently unclaimable incentives and fees
#243
c4-bot-3
closed
3 months ago
14
Gas Optimizations
#242
c4-bot-5
closed
4 months ago
2
QA Report
#241
c4-bot-10
closed
4 months ago
2
Potential Loss of Funds in WiseLending Contract Due to Incorrect Repayment Calculations
#240
c4-bot-10
closed
3 months ago
5
Missing zero address check could have PendlePowerFarmToken contract re-initialized
#239
c4-bot-7
closed
3 months ago
4
Liquidations are not possible when the pool doesn't have enough tokens to payback the liquidator because of a rounding that will make the prices of lending shares to drop if the liquidation is executed.
#238
c4-bot-6
closed
3 months ago
9
Borrowers can DoS liquidations by repaying as little as 1 share.
#237
c4-bot-1
opened
4 months ago
7
Analysis
#236
c4-bot-1
closed
3 months ago
2
A position can have a token registered in lending tokens list with 0 amount deposited
#235
c4-bot-1
closed
3 months ago
5
PositionNFT can be sold to another user while it has a borrow position
#234
c4-bot-8
closed
3 months ago
3
Analysis
#233
c4-bot-7
closed
3 months ago
4
[H-2] Fee manager's funds gets stuck in contract
#232
c4-bot-1
closed
3 months ago
3
Once observationCardinalityNext reaches MAX_CARDINALITY, the function will no longer be able to increment it, leading to a potential Denial of Service (DoS) condition.
#231
c4-bot-9
closed
3 months ago
3
QA Report
#230
c4-bot-9
opened
4 months ago
7
Calls to get price from Chainlink may revert
#229
c4-bot-9
closed
3 months ago
6
Exploitation of the receive Function to Steal Funds
#228
c4-bot-5
opened
4 months ago
5
In the `checkBadDebtLiquidation` function, the calculation for the difference between `totalBorrow` and `bareCollateral` is performed incorrectly.
#227
c4-bot-10
closed
3 months ago
8
Strict Equality Check Missing in _callOptionalReturn (Potential Issue with Success Evaluation)
#226
c4-bot-4
closed
3 months ago
3
Gas Optimizations
#225
c4-bot-6
closed
4 months ago
2
Function Signature Collision (Ambiguity in Function Invocation)
#224
c4-bot-2
closed
3 months ago
3
The amount of ETH given to the user in `AaveHub.sol#borrowExactAmountETH` function is not accurate.
#223
c4-bot-8
closed
3 months ago
4
`OracleHelper.sol#_validateAnswer` function may not return the exact price of the token.
#222
c4-bot-4
closed
3 months ago
5
Reentrancy Vulnerability in paybackExactAmountETH Function which lead to Loss of Funds
#221
c4-bot-2
closed
3 months ago
3
PowerFarm positions that borrowed aWETH to enter the farm can't be liquidated.
#220
c4-bot-2
closed
3 months ago
5
When liquidating positions with bad debt, reporting the bad debt to the FeeManagar can artificially inflate the totalBadDebtETH causing an incorrect accounting and making impossible to take down the totalBadDebtETH to 0
#219
c4-bot-3
closed
3 months ago
9
Hardcoded uniswap v3 pool fee can not be the most profitable swap
#218
c4-bot-3
closed
4 months ago
3
Chainlink price validation does not check for Round completeness which may lead to stale price.
#217
c4-bot-8
closed
3 months ago
3
QA Report
#216
c4-bot-7
opened
4 months ago
5
User can erase their position debt for free
#215
c4-bot-4
opened
4 months ago
14
[H-1] Repetitive _safeTransfer call leading to loss of funds in protocol
#214
c4-bot-8
closed
3 months ago
4
``blockReservePublic()`` cannot be reversed
#213
c4-bot-8
closed
3 months ago
6
ApprovalHelper, TransferHelper, and CallOptionalReturn all wrong
#212
c4-bot-10
closed
3 months ago
6
No slippage protection on LP token deposits for early users
#211
c4-bot-10
closed
3 months ago
11
Previous
Next