code-423n4 2024-04-gondi-findings issues

code-423n4 / 2024-04-gondi-findings

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

The attackers front-running `repayloans` so that the debt cannot be repaid

#35 c4-bot-8 opened 7 months ago
16
Racing condition between settleAuction and placeBid might allow previous highest bidder to prevent others to bid

#34 c4-bot-3 closed 7 months ago
2
Incorrect protocol fee implementation results in outstandingValues to be mis-accounted in Pool.sol

#33 c4-bot-1 opened 7 months ago
6
validateOffer() shouldn't be able to use getCollectedFees

#32 c4-bot-10 closed 7 months ago
3
emitLoan() lack of checks <=getMaxTranches

#31 c4-bot-10 closed 7 months ago
2
settleWithBuyout() cannot pay triggerFee

#30 c4-bot-10 closed 7 months ago
3
addNewTranche() no authorization from borrower

#29 c4-bot-10 opened 7 months ago
5
_processOffersFromExecutionData() lack of check executionData.duration<=offer.duration

#28 c4-bot-10 opened 7 months ago
5
mergeTranches()/refinancePartial() lack of nonReentrant

#27 c4-bot-10 opened 7 months ago
4
_baseLoanChecks() check errors for expire

#26 c4-bot-10 opened 7 months ago
4
DOS all Pool's offer through capacity=0

#25 c4-bot-10 closed 7 months ago
7
validateOffer() reentry to manipulate exchangeRate

#24 c4-bot-10 opened 7 months ago
4
Pool.getMinTimeBetweenWithdrawalQueues current calculations may not be sufficient

#23 c4-bot-6 opened 7 months ago
4
confirmBaseInterestAllocator() change BaseInterestAllocator may pay large getReallocationBonus

#22 c4-bot-7 opened 7 months ago
6
validateOffer() give the wrong _targetIdle to reallocate()

#21 c4-bot-8 closed 7 months ago
2
loanLiquidation() calculation of interest is not accurate

#20 c4-bot-10 opened 7 months ago
4
_updatePendingWithdrawalWithQueue() should accumulate pendingForQueue

#19 c4-bot-1 closed 7 months ago
2
Pool.getCollectedFees Lack of method for claim

#18 c4-bot-1 closed 7 months ago
2
confirmUnderwriter() need to recalculate getMinTimeBetweenWithdrawalQueues

#17 c4-bot-1 opened 7 months ago
4
distribute() Use the wrong end time to break maxSeniorRepayment's expectations

#16 c4-bot-5 opened 7 months ago
4
loan.hash() does not contain protocolFee

#15 c4-bot-3 opened 7 months ago
6
refinanceFromLoanExecutionData() lack of check if tokenId is equal

#14 c4-bot-4 closed 7 months ago
3
refinanceFull/addNewTranche reusing a lender's signature leads to unintended behavior

#13 c4-bot-5 opened 7 months ago
4
mergeTranches() If the lender is a LoanManager it will break the Pool accounting

#12 c4-bot-4 closed 7 months ago
6
confirmTerms() DOS

#11 c4-bot-9 closed 7 months ago
3
distribute() when can't repay all lenders, may lack of notification to LoanManager for accounting

#10 c4-bot-4 opened 7 months ago
4
settleWithBuyout() lack of call LoanManager.loanRepayment()

#9 c4-bot-3 closed 7 months ago
2
placeBid() malicious low bidding

#8 c4-bot-8 closed 7 months ago
3
LiquidationDistributor#distribute function lacks permission control

#7 c4-bot-9 closed 7 months ago
2
Bidders might lose funds due to possible racing condition between settleWithBuyout and placeBid

#6 c4-bot-3 opened 7 months ago
4
An udpated liquidationAuctionDuration parameter might DOS placing bid in AuctionWithBuyoutLoanLiquidator.sol

#4 c4-bot-9 closed 7 months ago
1
Hardcoded incorrect getLidoData timestamp, resulting in incorrect base point Apr. Loans can be validated with a substantially low baseRate interest

#3 c4-bot-2 opened 7 months ago
6
In Pool.sol, disabled slippage protection in reallocate flow putting undeployed funds at risk

#2 c4-bot-8 closed 7 months ago
6
Agreements & Disclosures

#1 code4rena-id[bot] opened 7 months ago
0