code-423n4 2024-03-revert-lend-findings issues

code-423n4 / 2024-03-revert-lend-findings

4 stars 4 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Any user can become approved to steal tokens from LeverageTransformer contract

#520 c4-bot-6 opened 3 months ago
14
Gas Optimizations

#519 c4-bot-6 opened 3 months ago
3
Analysis

#518 c4-bot-6 closed 3 months ago
2
Analysis

#517 c4-bot-6 opened 3 months ago
2
Analysis

#516 c4-bot-1 closed 3 months ago
2
Dangerous use of deadline parameter in AutoCompound.sol

#515 c4-bot-8 closed 3 months ago
4
Gas Optimizations

#514 c4-bot-3 opened 3 months ago
4
No access control to check caller of leverage functions in LeverageTransformer contract is approved vault

#513 c4-bot-4 opened 3 months ago
6
Hardcoded slippage value

#512 c4-bot-4 closed 3 months ago
3
Griefing attack: attacker can create multiple borrow with dust amount to make protocol suffer bad debt due to lack of incentive to liquidate them

#511 c4-bot-9 closed 3 months ago
4
Gas Optimizations

#510 c4-bot-9 closed 3 months ago
3
Gas Optimizations

#509 c4-bot-9 opened 3 months ago
2
Gas Optimizations

#508 c4-bot-9 opened 3 months ago
4
QA Report

#507 c4-bot-6 opened 3 months ago
7
wrong implement of ' _resetDailyLendIncreaseLimit' and '_resetDailyDebtIncreaseLimit'

#506 c4-bot-5 closed 3 months ago
7
Analysis

#505 c4-bot-5 opened 3 months ago
7
Analysis

#504 c4-bot-10 closed 3 months ago
4
V3Vault is Vulnerable to Inflation Due to Donation Attacks

#503 c4-bot-8 closed 3 months ago
8
QA Report

#502 c4-bot-3 closed 3 months ago
2
tokenOwner can self liquidate through FlashLoanLiquidator Contract

#501 c4-bot-10 closed 3 months ago
3
Borrowers can stop liquidations by front running them with miniscule repays

#500 c4-bot-3 closed 3 months ago
5
Borrower can prevent being liquidated.

#499 c4-bot-10 closed 3 months ago
3
Wrong number of ticks returned, which can lead to unexpected revert

#498 c4-bot-10 closed 3 months ago
5
Missing slippage in deposit(), withdraw(), redeem() and mint()

#497 c4-bot-4 closed 3 months ago
5
Self-Liquidation by tokenOwner is possible

#496 c4-bot-8 closed 3 months ago
3
Analysis

#495 c4-bot-7 opened 3 months ago
3
Wrong globalLendLimit check

#494 c4-bot-8 closed 3 months ago
3
Calling IncreaseLiquidity in AutoCompound without Slippage Protection and block.timestamp as Deadline can Cause Loss of Funds.

#493 c4-bot-8 closed 3 months ago
5
When liquidate bad loan, protocol does not pay out of reserve as intended and only pay out of lender pocket. Missing update exchangeRate after bad loan calculation.

#492 c4-bot-10 closed 3 months ago
10
The `Swapper::_routerSwap` function does not check whether the amount of tokens received from the swap is equal to the expected amount of tokens.

#491 c4-bot-3 closed 3 months ago
3
If 2 tokens have different decimals, price returned from `_getReferencePoolPriceX96()` can be wrong

#490 c4-bot-10 closed 3 months ago
4
Chainlink's `latestRoundData` might return stale results

#489 c4-bot-2 closed 3 months ago
4
Users Uniswap Positions could be locked forever in Vault, because of Missing Input Validation

#488 c4-bot-1 closed 3 months ago
3
`InterestRateModel::getRatesPerSecondX96` borrow rate to be calculated incorrectly when the utilization rate is equal to the kink

#487 c4-bot-2 closed 3 months ago
4
User can front-run liquidation by repaying the minimum amount of tokens and gain time to not be liquidated

#486 c4-bot-6 closed 3 months ago
5
`AutoCompound::execute` function that can allow an attacker to steal funds from the contract

#485 c4-bot-6 closed 3 months ago
3
No check for active Sequencer in V3Oracle.sol

#484 c4-bot-6 closed 3 months ago
3
`AutoExit::execute()` function allows an attacker to drain the liquidity of a Uniswap v3 pool by repeatedly calling the function with the same `tokenId` and `liquidity` values

#483 c4-bot-2 closed 3 months ago
3
_getReferencePoolPriceX96 will show incorrect price for negative ticks cause it doesn't round up for negative ticks.

#482 c4-bot-2 closed 3 months ago
5
QA Report

#481 c4-bot-9 closed 3 months ago
3
Underflow could happened when calculating Uniswap V3 position's fee growth and can cause operations to revert

#480 c4-bot-9 closed 3 months ago
3
Gas Optimizations

#479 c4-bot-2 closed 3 months ago
3
`priceX96` and `verifyPriceX96` variables are used wrong `V3Oracle::_getReferenceTokenPriceX96`

#478 c4-bot-2 closed 3 months ago
5
Analysis

#477 c4-bot-2 closed 3 months ago
3
A malicious actor can create a position with a recipient contract that does not follow the IERC721Receiver standard, hence being unliquidatable whilst still having access to the arbitrage the funds in the NFT via the V3Vault::transfrom function

#476 c4-bot-2 closed 3 months ago
3
using 18 decimals ERC20 tokens as reference token will cause overflow in price calculation

#475 c4-bot-2 closed 3 months ago
4
`V3Vault::_calculateGlobalInterest` Rounding error

#474 c4-bot-4 closed 3 months ago
3
QA Report

#473 c4-bot-8 opened 3 months ago
5
Gas Optimizations

#472 c4-bot-3 closed 3 months ago
2
Collateral factor calculates collateral factor unfairly when position has one-sided liquidity

#471 c4-bot-3 closed 3 months ago
5