issues
search
code-423n4
/
2024-03-revert-lend-findings
4
stars
4
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Any user can become approved to steal tokens from LeverageTransformer contract
#520
c4-bot-6
opened
3 months ago
14
Gas Optimizations
#519
c4-bot-6
opened
3 months ago
3
Analysis
#518
c4-bot-6
closed
3 months ago
2
Analysis
#517
c4-bot-6
opened
3 months ago
2
Analysis
#516
c4-bot-1
closed
3 months ago
2
Dangerous use of deadline parameter in AutoCompound.sol
#515
c4-bot-8
closed
3 months ago
4
Gas Optimizations
#514
c4-bot-3
opened
3 months ago
4
No access control to check caller of leverage functions in LeverageTransformer contract is approved vault
#513
c4-bot-4
opened
3 months ago
6
Hardcoded slippage value
#512
c4-bot-4
closed
3 months ago
3
Griefing attack: attacker can create multiple borrow with dust amount to make protocol suffer bad debt due to lack of incentive to liquidate them
#511
c4-bot-9
closed
3 months ago
4
Gas Optimizations
#510
c4-bot-9
closed
3 months ago
3
Gas Optimizations
#509
c4-bot-9
opened
3 months ago
2
Gas Optimizations
#508
c4-bot-9
opened
3 months ago
4
QA Report
#507
c4-bot-6
opened
3 months ago
7
wrong implement of ' _resetDailyLendIncreaseLimit' and '_resetDailyDebtIncreaseLimit'
#506
c4-bot-5
closed
3 months ago
7
Analysis
#505
c4-bot-5
opened
3 months ago
7
Analysis
#504
c4-bot-10
closed
3 months ago
4
V3Vault is Vulnerable to Inflation Due to Donation Attacks
#503
c4-bot-8
closed
3 months ago
8
QA Report
#502
c4-bot-3
closed
3 months ago
2
tokenOwner can self liquidate through FlashLoanLiquidator Contract
#501
c4-bot-10
closed
3 months ago
3
Borrowers can stop liquidations by front running them with miniscule repays
#500
c4-bot-3
closed
3 months ago
5
Borrower can prevent being liquidated.
#499
c4-bot-10
closed
3 months ago
3
Wrong number of ticks returned, which can lead to unexpected revert
#498
c4-bot-10
closed
3 months ago
5
Missing slippage in deposit(), withdraw(), redeem() and mint()
#497
c4-bot-4
closed
3 months ago
5
Self-Liquidation by tokenOwner is possible
#496
c4-bot-8
closed
3 months ago
3
Analysis
#495
c4-bot-7
opened
3 months ago
3
Wrong globalLendLimit check
#494
c4-bot-8
closed
3 months ago
3
Calling IncreaseLiquidity in AutoCompound without Slippage Protection and block.timestamp as Deadline can Cause Loss of Funds.
#493
c4-bot-8
closed
3 months ago
5
When liquidate bad loan, protocol does not pay out of reserve as intended and only pay out of lender pocket. Missing update exchangeRate after bad loan calculation.
#492
c4-bot-10
closed
3 months ago
10
The `Swapper::_routerSwap` function does not check whether the amount of tokens received from the swap is equal to the expected amount of tokens.
#491
c4-bot-3
closed
3 months ago
3
If 2 tokens have different decimals, price returned from `_getReferencePoolPriceX96()` can be wrong
#490
c4-bot-10
closed
3 months ago
4
Chainlink's `latestRoundData` might return stale results
#489
c4-bot-2
closed
3 months ago
4
Users Uniswap Positions could be locked forever in Vault, because of Missing Input Validation
#488
c4-bot-1
closed
3 months ago
3
`InterestRateModel::getRatesPerSecondX96` borrow rate to be calculated incorrectly when the utilization rate is equal to the kink
#487
c4-bot-2
closed
3 months ago
4
User can front-run liquidation by repaying the minimum amount of tokens and gain time to not be liquidated
#486
c4-bot-6
closed
3 months ago
5
`AutoCompound::execute` function that can allow an attacker to steal funds from the contract
#485
c4-bot-6
closed
3 months ago
3
No check for active Sequencer in V3Oracle.sol
#484
c4-bot-6
closed
3 months ago
3
`AutoExit::execute()` function allows an attacker to drain the liquidity of a Uniswap v3 pool by repeatedly calling the function with the same `tokenId` and `liquidity` values
#483
c4-bot-2
closed
3 months ago
3
_getReferencePoolPriceX96 will show incorrect price for negative ticks cause it doesn't round up for negative ticks.
#482
c4-bot-2
closed
3 months ago
5
QA Report
#481
c4-bot-9
closed
3 months ago
3
Underflow could happened when calculating Uniswap V3 position's fee growth and can cause operations to revert
#480
c4-bot-9
closed
3 months ago
3
Gas Optimizations
#479
c4-bot-2
closed
3 months ago
3
`priceX96` and `verifyPriceX96` variables are used wrong `V3Oracle::_getReferenceTokenPriceX96`
#478
c4-bot-2
closed
3 months ago
5
Analysis
#477
c4-bot-2
closed
3 months ago
3
A malicious actor can create a position with a recipient contract that does not follow the IERC721Receiver standard, hence being unliquidatable whilst still having access to the arbitrage the funds in the NFT via the V3Vault::transfrom function
#476
c4-bot-2
closed
3 months ago
3
using 18 decimals ERC20 tokens as reference token will cause overflow in price calculation
#475
c4-bot-2
closed
3 months ago
4
`V3Vault::_calculateGlobalInterest` Rounding error
#474
c4-bot-4
closed
3 months ago
3
QA Report
#473
c4-bot-8
opened
3 months ago
5
Gas Optimizations
#472
c4-bot-3
closed
3 months ago
2
Collateral factor calculates collateral factor unfairly when position has one-sided liquidity
#471
c4-bot-3
closed
3 months ago
5
Next