code-423n4 2024-04-gondi-findings issues

code-423n4 / 2024-04-gondi-findings

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> 3 from #35 [1713794205670]

#87 c4-judge closed 7 months ago
3
Upgraded Q -> 3 from #70 [1713692031143]

#85 c4-judge closed 7 months ago
4
Upgraded Q -> 2 from #82 [1713691250926]

#84 c4-judge closed 7 months ago
2
Analysis

#83 c4-bot-9 opened 7 months ago
1
QA Report

#82 c4-bot-5 opened 7 months ago
2
Loan hashing method is missing protocolFee field, which allows 0 or incorrect protocolFee to pass in multiple flows. ProtocolFees can be lost.

#81 c4-bot-5 closed 7 months ago
3
Invalid maxTranches check can result in maxTranche cap to be exceeded

#80 c4-bot-2 opened 7 months ago
4
Gas Optimizations

#79 c4-bot-7 opened 7 months ago
2
A borrower can use a wrong collateral nft token to refinance from a new loan offer

#78 c4-bot-4 closed 7 months ago
3
Anyone can call `UserVault::mint` for any deployed vault

#77 c4-bot-3 closed 7 months ago
4
A malicious user can take on a loan using an existing borrower's collateral in refinanceFromLoanExecutionData()

#76 c4-bot-3 opened 7 months ago
7
The check on unlocked loan during refinance can be bypassed in addNewTranche

#75 c4-bot-5 closed 7 months ago
3
QA Report

#74 c4-bot-1 opened 7 months ago
2
Lender can refinance a worse loan for the borrower through addNewTranche, due to missing checks

#73 c4-bot-6 closed 7 months ago
4
Analysis

#71 c4-bot-3 opened 7 months ago
2
QA Report

#70 c4-bot-10 opened 7 months ago
4
Merging tranches could make `_loanTermination()` accounting incorrect

#69 c4-bot-3 opened 7 months ago
4
Function `_checkStrictlyBetter()` does not check for `ImprovementMinimum`

#68 c4-bot-3 closed 7 months ago
8
Division before multiplication could lead to users losing 50% in WithdrawalQueue

#67 c4-bot-5 opened 7 months ago
4
The `getMaxTranches` check can be bypassed

#66 c4-bot-5 closed 7 months ago
2
Function `addNewTranche()` should use `protocolFee` from `Loan` struct

#65 c4-bot-7 opened 7 months ago
4
Function `distribute()` lacks access control allowing anyone to spam and disrupt the pool's accounting

#64 c4-bot-8 opened 7 months ago
4
Function `Pool.validateOffer()` does not work correctly in case `principalAmount > currentBalance`

#63 c4-bot-8 opened 7 months ago
8
Owner cannot change the allocator address from `address(0)`

#62 c4-bot-8 closed 7 months ago
7
Attacker can set arbitrary allocator in case `cachedAllocator == address(0)`

#61 c4-bot-3 closed 7 months ago
8
Collected fees are never transferred out of Pool contract

#60 c4-bot-7 opened 7 months ago
8
Anyone can remove existing term without queueing through `setTerms()`

#59 c4-bot-7 opened 7 months ago
4
Attacker can front-run and pass in empty terms, making it impossible to `confirmTerms()`

#58 c4-bot-8 opened 7 months ago
4
Spam function `refinancePartial()` could DOS refinance by passing empty `_renegotiationOffer.trancheIndex` list

#57 c4-bot-8 closed 7 months ago
13
Possible overflow when borrower accepts renegotiation offer in `refinanceFull()`

#56 c4-bot-8 closed 7 months ago
7
Function `settleWithBuyout()` incorrectly calculate the main lender because single lender can have multiple tranches in a loan

#55 c4-bot-8 closed 7 months ago
8
Function `refinanceFromLoanExecutionData()` does not check `executionData.tokenId == loan.nftCollateralTokenId`

#54 c4-bot-7 opened 7 months ago
3
`Loan` struct hash does not include protocol fee

#53 c4-bot-3 closed 7 months ago
3
Attacker could exploit function `addNewTranche()` to increase principal amount without borrower's permission

#52 c4-bot-5 closed 7 months ago
3
Borrower signature could be reused in `emitLoan()`

#51 c4-bot-5 opened 7 months ago
7
`triggerFee` is stolen from other auctions during `settleWithBuyout()`

#50 c4-bot-5 opened 7 months ago
6
Function `settleWithBuyout()` does not call `LoanManager.loanLiquidation()` during a buyout

#49 c4-bot-3 opened 7 months ago
4
deployWithdrawalQueue() need clear _queueAccounting[lastQueueIndex]

#48 c4-bot-10 opened 7 months ago
4
Incorrect circular array check in _updatePendingWithdrawalWithQueue flow , causing received funds added to the wrong queues

#47 c4-bot-8 opened 7 months ago
7
Incorrect accounting of _pendingWithdrawal in queueClaiming flow

#46 c4-bot-4 opened 7 months ago
4
QA Report

#45 c4-bot-1 closed 7 months ago
3
Inconsistent accounting of undeployedAssets might result in undesired optimal range in the pool

#44 c4-bot-6 opened 7 months ago
5
The borrower can use `refinanceFromLoanExecutionData` delay on loan

#43 c4-bot-8 closed 7 months ago
4
Target idle amount is incorrect in validateOffer flow, which can result in insufficient liquid asset in pool

#42 c4-bot-10 closed 7 months ago
3
Any liquidators can pretend to be a loan contract to validate offers, due to insufficient validation

#41 c4-bot-1 opened 7 months ago
6
The setTerms/confirmTerms in PoolOfferHandler can be attack

#40 c4-bot-10 closed 7 months ago
4
In WithdrawalQueue, the user may not be able to withdraw token

#39 c4-bot-6 closed 7 months ago
5
MultiSourceLoan#addNewTranche can be DoS

#38 c4-bot-8 closed 7 months ago
12
AuctionLoanLiquidator#placeBid can be DoS

#37 c4-bot-9 opened 7 months ago
9
Loans that are being liquidated can still perform mergeTranches/refinance operations

#36 c4-bot-8 closed 7 months ago
4