issues
search
code-423n4
/
2024-03-dittoeth-findings
0
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Shorter can force Recovery Mode to push other users into liquidation
#255
c4-bot-1
closed
3 months ago
4
proposeRedemption() should use the current price, not a cached price
#254
c4-bot-1
closed
3 months ago
4
Missing TWAP checks allows incorrect pricing
#253
c4-bot-7
closed
3 months ago
5
Lack of a stale check for the base oracle in `LibOracle::oracleCircuitBreaker()`
#252
c4-bot-7
closed
3 months ago
14
Insufficient Collateral Handling on Partial Short Exits
#251
c4-bot-2
closed
3 months ago
7
A design flaw in `RedemptionFacet::disputeRedemption()` disincentivizes good disputers from doing their job, leading to the depeg of the `dUSD` stable asset
#250
c4-bot-3
closed
3 months ago
6
Unhandled edge case in bid matching algorithm
#249
c4-bot-10
closed
3 months ago
4
When a closed ShortRecord is canceled redemption at disputeRedemption, the user loses the collateral
#248
c4-bot-8
closed
3 months ago
5
Liquidation could be blocked if there is not enough ethEscrowed in TAPP
#247
c4-bot-8
closed
3 months ago
4
Uniswap v3 observe call can revert and block the entire protocol for a period of time
#246
c4-bot-8
closed
3 months ago
10
Analysis
#245
c4-bot-10
closed
3 months ago
2
Deposit could be blocked when updateYield gets called in maybeUpdateYield
#244
c4-bot-1
closed
3 months ago
8
Analysis
#243
c4-bot-4
closed
3 months ago
2
Yield in `updateYield` is not always updated as it should be
#242
c4-bot-3
closed
3 months ago
17
Possible to avoid checkRecoveryModeViolation
#241
c4-bot-2
closed
3 months ago
4
cancelShort will cause users loss of funds
#240
c4-bot-5
closed
3 months ago
5
Loss of funds of new deposits in case bridges were slashed already
#239
c4-bot-7
closed
3 months ago
6
Using an order book format on chain presents opportunities for MEV and front running.
#238
c4-bot-7
closed
3 months ago
4
Analysis
#237
c4-bot-2
opened
3 months ago
2
Can manipulate the C.SHORT_STARTING_ID ShortRecord of the TAPP
#236
c4-bot-8
opened
3 months ago
7
Redeemers pay low redemption fees due to unsafe downcasting.
#235
c4-bot-9
closed
3 months ago
5
Anyone can call withdraw from BridgeReth leading to possible loss
#234
c4-bot-3
closed
3 months ago
4
QA Report
#233
c4-bot-2
opened
3 months ago
6
Concurrent disputes cause inconsistent state updates, compromising redemption mechanism reliability.
#232
c4-bot-3
closed
3 months ago
4
legitimate users may lose their redemption opportunities, and the redemption process becomes unfair and biased in favor of attackers.
#231
c4-bot-9
closed
3 months ago
6
proposeRedemption() uses old oracle price
#230
c4-bot-5
closed
3 months ago
5
Analysis
#229
c4-bot-2
opened
3 months ago
2
Inflated `ercDebt` via manipulated `ercDebtRate` disrupts liquidation, causing congestion. Skewed liquidation efforts as liquidators target artificially inflated ShortRecords.
#228
c4-bot-10
closed
3 months ago
4
Risky debt accumulates, threatens system stability, solvency. || Timely liquidation hindered, unhealthy positions persist, system risks.
#227
c4-bot-10
closed
3 months ago
4
Disputants manipulate ShortRecord, claim undue penalties, disrupt redemption process.
#226
c4-bot-1
closed
3 months ago
4
Analysis
#225
c4-bot-6
opened
3 months ago
2
Stale cached prices may misprice assets, delay liquidations, and increase risk.
#224
c4-bot-9
closed
3 months ago
4
Analysis
#223
c4-bot-7
closed
3 months ago
2
QA Report
#222
c4-bot-7
opened
3 months ago
4
The `colRedeemed` variable is wrongly retrieved in `LibBytes::readProposalData` function
#221
c4-bot-2
opened
3 months ago
6
Users will receive fewer `shares` than intended due to division before multiplication in `LibOrders::increaseSharesOnMatch`
#220
c4-bot-5
closed
3 months ago
4
Decrease collateral can be used to dispute redemptions and steal from redemptors
#219
c4-bot-2
closed
3 months ago
5
Analysis
#218
c4-bot-6
closed
3 months ago
2
Incorrectly implemented if check causes ercDebt and collateral to be unexpectedly transferred to a different shortRecord
#217
c4-bot-8
closed
3 months ago
4
Analysis
#216
c4-bot-8
closed
3 months ago
2
Attacker exploiting reentrancy can claim excessive collateral, disrupting redemption process.
#215
c4-bot-2
closed
3 months ago
4
Potential redemption of unintended collateral, disrupting protocol stability, risking financial loss.
#214
c4-bot-9
closed
3 months ago
4
Analysis
#213
c4-bot-10
opened
3 months ago
2
Orders may be matched based on stale prices, causing financial losses.
#212
c4-bot-9
closed
3 months ago
4
Market manipulation, front-running, distorted prices, potential financial losses for users.
#211
c4-bot-9
closed
3 months ago
4
Excessive gas consumption, potential denial-of-service due to slow order insertion.
#210
c4-bot-9
closed
3 months ago
4
Inconsistent orderbook state, potential loss of funds, incorrect token balances.
#209
c4-bot-9
closed
3 months ago
4
Flagged shorters can take advantage of forcedBidPriceBuffer to prevent liquidation by using a flash loan to place bids that fill all the asks/shorts below the forced bid price buffer. Then they can sell it back/close shorts in the same block.
#208
c4-bot-3
closed
3 months ago
4
Analysis
#207
c4-bot-2
opened
3 months ago
2
Unfair rewards or penalties from manipulated collateral ratios in dispute resolutions.
#206
c4-bot-2
closed
3 months ago
5
Previous
Next