code-423n4 2024-03-revert-lend-findings issues

code-423n4 / 2024-03-revert-lend-findings

13 stars 10 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Any user can become approved to steal tokens from LeverageTransformer contract

#520 c4-bot-6 opened 8 months ago
14
Gas Optimizations

#519 c4-bot-6 opened 8 months ago
3
Analysis

#518 c4-bot-6 closed 7 months ago
2
Analysis

#517 c4-bot-6 opened 8 months ago
2
Analysis

#516 c4-bot-1 closed 7 months ago
2
Dangerous use of deadline parameter in AutoCompound.sol

#515 c4-bot-8 closed 8 months ago
4
Gas Optimizations

#514 c4-bot-3 opened 8 months ago
4
No access control to check caller of leverage functions in LeverageTransformer contract is approved vault

#513 c4-bot-4 opened 8 months ago
6
Hardcoded slippage value

#512 c4-bot-4 closed 8 months ago
3
Griefing attack: attacker can create multiple borrow with dust amount to make protocol suffer bad debt due to lack of incentive to liquidate them

#511 c4-bot-9 closed 8 months ago
4
Gas Optimizations

#510 c4-bot-9 closed 8 months ago
3
Gas Optimizations

#509 c4-bot-9 opened 8 months ago
2
Gas Optimizations

#508 c4-bot-9 opened 8 months ago
4
QA Report

#507 c4-bot-6 opened 8 months ago
7
wrong implement of ' _resetDailyLendIncreaseLimit' and '_resetDailyDebtIncreaseLimit'

#506 c4-bot-5 closed 7 months ago
7
Analysis

#505 c4-bot-5 opened 8 months ago
7
Analysis

#504 c4-bot-10 closed 7 months ago
4
V3Vault is Vulnerable to Inflation Due to Donation Attacks

#503 c4-bot-8 closed 7 months ago
8
QA Report

#502 c4-bot-3 closed 8 months ago
2
tokenOwner can self liquidate through FlashLoanLiquidator Contract

#501 c4-bot-10 closed 8 months ago
3
Borrowers can stop liquidations by front running them with miniscule repays

#500 c4-bot-3 closed 8 months ago
5
Borrower can prevent being liquidated.

#499 c4-bot-10 closed 8 months ago
3
Wrong number of ticks returned, which can lead to unexpected revert

#498 c4-bot-10 closed 8 months ago
5
Missing slippage in deposit(), withdraw(), redeem() and mint()

#497 c4-bot-4 closed 7 months ago
5
Self-Liquidation by tokenOwner is possible

#496 c4-bot-8 closed 8 months ago
3
Analysis

#495 c4-bot-7 opened 8 months ago
3
Wrong globalLendLimit check

#494 c4-bot-8 closed 8 months ago
3
Calling IncreaseLiquidity in AutoCompound without Slippage Protection and block.timestamp as Deadline can Cause Loss of Funds.

#493 c4-bot-8 closed 8 months ago
5
When liquidate bad loan, protocol does not pay out of reserve as intended and only pay out of lender pocket. Missing update exchangeRate after bad loan calculation.

#492 c4-bot-10 closed 7 months ago
10
The `Swapper::_routerSwap` function does not check whether the amount of tokens received from the swap is equal to the expected amount of tokens.

#491 c4-bot-3 closed 7 months ago
3
If 2 tokens have different decimals, price returned from `_getReferencePoolPriceX96()` can be wrong

#490 c4-bot-10 closed 7 months ago
4
Chainlink's `latestRoundData` might return stale results

#489 c4-bot-2 closed 7 months ago
4
Users Uniswap Positions could be locked forever in Vault, because of Missing Input Validation

#488 c4-bot-1 closed 7 months ago
3
`InterestRateModel::getRatesPerSecondX96` borrow rate to be calculated incorrectly when the utilization rate is equal to the kink

#487 c4-bot-2 closed 7 months ago
4
User can front-run liquidation by repaying the minimum amount of tokens and gain time to not be liquidated

#486 c4-bot-6 closed 8 months ago
5
`AutoCompound::execute` function that can allow an attacker to steal funds from the contract

#485 c4-bot-6 closed 7 months ago
3
No check for active Sequencer in V3Oracle.sol

#484 c4-bot-6 closed 8 months ago
3
`AutoExit::execute()` function allows an attacker to drain the liquidity of a Uniswap v3 pool by repeatedly calling the function with the same `tokenId` and `liquidity` values

#483 c4-bot-2 closed 7 months ago
3
_getReferencePoolPriceX96 will show incorrect price for negative ticks cause it doesn't round up for negative ticks.

#482 c4-bot-2 closed 8 months ago
5
QA Report

#481 c4-bot-9 closed 8 months ago
3
Underflow could happened when calculating Uniswap V3 position's fee growth and can cause operations to revert

#480 c4-bot-9 closed 7 months ago
3
Gas Optimizations

#479 c4-bot-2 closed 8 months ago
3
`priceX96` and `verifyPriceX96` variables are used wrong `V3Oracle::_getReferenceTokenPriceX96`

#478 c4-bot-2 closed 8 months ago
5
Analysis

#477 c4-bot-2 closed 7 months ago
3
A malicious actor can create a position with a recipient contract that does not follow the IERC721Receiver standard, hence being unliquidatable whilst still having access to the arbitrage the funds in the NFT via the V3Vault::transfrom function

#476 c4-bot-2 closed 8 months ago
3
using 18 decimals ERC20 tokens as reference token will cause overflow in price calculation

#475 c4-bot-2 closed 8 months ago
4
`V3Vault::_calculateGlobalInterest` Rounding error

#474 c4-bot-4 closed 7 months ago
3
QA Report

#473 c4-bot-8 opened 8 months ago
5
Gas Optimizations

#472 c4-bot-3 closed 8 months ago
2
Collateral factor calculates collateral factor unfairly when position has one-sided liquidity

#471 c4-bot-3 closed 8 months ago
5