c4-judge
commented
7 months ago 0xA5DF marked the issue as selected for report
Open c4-bot-10 opened 7 months ago
c4-judge
commented
7 months ago 0xA5DF marked the issue as selected for report
0xA5DF
commented
7 months ago (Current grade is only for sponsor review, I'd do a more thorough grading later)
0xA5DF
commented
7 months ago +L from #68 +L from #62 +L from #61 +L from #57 +L from #56 +L from #55
7+6=13L 5R 1NC
| Risk | Title | Verdict |
|---|---|---|
| L-1 | No need to approve aavePool to spend aToken | R |
| L-2 | Open TODOs | R |
| L-3 | Function burnAndWithdraw() does not withdraw old ERC721s | L |
| L-4 | Function in BytesLib could revert with no error message | R |
| L-5 | setProtocolFee() can be called multiple times to spam event emission | R |
| L-6 | Repayment and liquidation could be blocked if token has a callhook to receiver | L |
| L-7 | Wrong event emission in finalUpdateMultiSourceLoanAddress() | L |
| L-8 | addCallers() does not check _callers.length == pendingCallers.length | L |
| L-9 | Race condition when block.timestamp == expirationTime | H |
| L-10 | Partial refinance offer could be used in refinanceFull() | L |
| L-11 | Owner can set _multiSourceLoan to address(0) directly without updateMultiSourceLoanAddressFirst() | L |
| L-12 | Slippage of stETH swap could make validateOffer() revert | L |
| N-1 | Modifier onlyReadyForWithdrawal is repeatedly execute when users withdraw multiple tokens | R |
| N-2 | Should use defined variable in function _checkValidators() | NC |
c4-judge
commented
7 months ago 0xA5DF marked the issue as grade-a
See the markdown file with the details of this report here.