code-423n4 2024-02-wise-lending-findings issues

code-423n4 / 2024-02-wise-lending-findings

8 stars 6 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Withdrawing uncollateralized deposits is possible even though the position is in liquidation mode

#260 c4-bot-1 opened 4 months ago
7
Operations could be blocked as they are calculated based on block timestamp and on arbitrum 2 blocks can have the same timestamp

#259 c4-bot-1 closed 3 months ago
4
Borrower can partially pay back and leave in their position a small borrowing amount/share leading to the protocol's bad debt

#258 c4-bot-8 closed 4 months ago
6
Gas Optimizations

#257 c4-bot-8 closed 4 months ago
2
FeeManager.addPoolTokenAddress() function unable to be called due to wrong expected caller

#256 c4-bot-7 closed 3 months ago
3
The protocol allows borrowing small positions that can create bad debt

#255 c4-bot-8 opened 4 months ago
8
Gas Optimizations

#254 c4-bot-6 opened 4 months ago
4
Analysis

#253 c4-bot-9 closed 3 months ago
2
Analysis

#252 c4-bot-8 closed 3 months ago
2
Off-by-one bug prevents the `_compareMinMax()` from detecting Chainlink aggregators' circuit-breaking events

#251 c4-bot-6 opened 4 months ago
13
Liquidations could be blocked by a malicious user as it could do other liquidations in his name to create positons token data on his/other users nfts.

#250 c4-bot-7 closed 3 months ago
7
Wrong `NORMALISATION_FACTOR` constant leads to the malfunctioning of the LASA algorithm

#249 c4-bot-9 closed 4 months ago
4
Gas Optimizations

#248 c4-bot-9 opened 4 months ago
4
The `paybackBadDebtForToken` function is also vulnerable to reentrancy attacks.

#247 c4-bot-10 closed 3 months ago
3
Receive functions does not forward funds to master address

#246 c4-bot-2 closed 3 months ago
13
Unchecked return value bug on `TransferHelper::_safeTransferFrom()`

#245 c4-bot-2 opened 4 months ago
7
[H-3] Share's health factor not checked leading to wrong positions health state.

#244 c4-bot-1 closed 3 months ago
5
Bad accounting bug on `WiseSecurity::checkBadDebtLiquidation()` leads to permanently unclaimable incentives and fees

#243 c4-bot-3 closed 3 months ago
14
Gas Optimizations

#242 c4-bot-5 closed 4 months ago
2
QA Report

#241 c4-bot-10 closed 4 months ago
2
Potential Loss of Funds in WiseLending Contract Due to Incorrect Repayment Calculations

#240 c4-bot-10 closed 3 months ago
5
Missing zero address check could have PendlePowerFarmToken contract re-initialized

#239 c4-bot-7 closed 3 months ago
4
Liquidations are not possible when the pool doesn't have enough tokens to payback the liquidator because of a rounding that will make the prices of lending shares to drop if the liquidation is executed.

#238 c4-bot-6 closed 3 months ago
9
Borrowers can DoS liquidations by repaying as little as 1 share.

#237 c4-bot-1 opened 4 months ago
7
Analysis

#236 c4-bot-1 closed 3 months ago
2
A position can have a token registered in lending tokens list with 0 amount deposited

#235 c4-bot-1 closed 3 months ago
5
PositionNFT can be sold to another user while it has a borrow position

#234 c4-bot-8 closed 3 months ago
3
Analysis

#233 c4-bot-7 closed 3 months ago
4
[H-2] Fee manager's funds gets stuck in contract

#232 c4-bot-1 closed 3 months ago
3
Once observationCardinalityNext reaches MAX_CARDINALITY, the function will no longer be able to increment it, leading to a potential Denial of Service (DoS) condition.

#231 c4-bot-9 closed 3 months ago
3
QA Report

#230 c4-bot-9 opened 4 months ago
7
Calls to get price from Chainlink may revert

#229 c4-bot-9 closed 3 months ago
6
Exploitation of the receive Function to Steal Funds

#228 c4-bot-5 opened 4 months ago
5
In the `checkBadDebtLiquidation` function, the calculation for the difference between `totalBorrow` and `bareCollateral` is performed incorrectly.

#227 c4-bot-10 closed 3 months ago
8
Strict Equality Check Missing in _callOptionalReturn (Potential Issue with Success Evaluation)

#226 c4-bot-4 closed 3 months ago
3
Gas Optimizations

#225 c4-bot-6 closed 4 months ago
2
Function Signature Collision (Ambiguity in Function Invocation)

#224 c4-bot-2 closed 3 months ago
3
The amount of ETH given to the user in `AaveHub.sol#borrowExactAmountETH` function is not accurate.

#223 c4-bot-8 closed 3 months ago
4
`OracleHelper.sol#_validateAnswer` function may not return the exact price of the token.

#222 c4-bot-4 closed 3 months ago
5
Reentrancy Vulnerability in paybackExactAmountETH Function which lead to Loss of Funds

#221 c4-bot-2 closed 3 months ago
3
PowerFarm positions that borrowed aWETH to enter the farm can't be liquidated.

#220 c4-bot-2 closed 3 months ago
5
When liquidating positions with bad debt, reporting the bad debt to the FeeManagar can artificially inflate the totalBadDebtETH causing an incorrect accounting and making impossible to take down the totalBadDebtETH to 0

#219 c4-bot-3 closed 3 months ago
9
Hardcoded uniswap v3 pool fee can not be the most profitable swap

#218 c4-bot-3 closed 4 months ago
3
Chainlink price validation does not check for Round completeness which may lead to stale price.

#217 c4-bot-8 closed 3 months ago
3
QA Report

#216 c4-bot-7 opened 4 months ago
5
User can erase their position debt for free

#215 c4-bot-4 opened 4 months ago
14
[H-1] Repetitive _safeTransfer call leading to loss of funds in protocol

#214 c4-bot-8 closed 3 months ago
4
``blockReservePublic()`` cannot be reversed

#213 c4-bot-8 closed 3 months ago
6
ApprovalHelper, TransferHelper, and CallOptionalReturn all wrong

#212 c4-bot-10 closed 3 months ago
6
No slippage protection on LP token deposits for early users

#211 c4-bot-10 closed 3 months ago
11

Previous Next