issues
search
code-423n4
/
2024-04-lavarage-findings
2
stars
2
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Upgraded Q -> 3 from #29 [1714596076809]
#34
c4-judge
closed
2 months ago
8
Upgraded Q -> 2 from #29 [1714574899722]
#33
c4-judge
closed
2 months ago
2
Upgraded Q -> 2 from #27 [1714574798814]
#32
c4-judge
closed
2 months ago
2
Lack of freeze authority check for collateral tokens on create trading pool
#31
c4-bot-4
opened
2 months ago
4
Repaying the debt twice is allowed, which cause total_borrowed to underflow
#30
c4-bot-9
opened
2 months ago
9
QA Report
#29
c4-bot-4
opened
2 months ago
4
Malicious users can drain all trading pools, due to insufficient instruction validation in the `borrow` function
#28
c4-bot-1
closed
2 months ago
7
QA Report
#27
c4-bot-7
opened
2 months ago
4
Collateral can be claimed back without repaying its corresponding loan due to insufficient instruction validation
#26
c4-bot-8
opened
2 months ago
6
The last position/s from a given pool can be permanently prevented from being closed, by repaying an arbitrary position more than once
#25
c4-bot-9
opened
2 months ago
14
The `env!` macro won't work once the Lavarage program is deployed on-chain, leading to the `liquidate` function being permanently DoSed
#24
c4-bot-4
closed
2 months ago
5
The `liquidate` function does not take accrued interest fees into account when calculating the LTV of a given position
#23
c4-bot-4
closed
2 months ago
10
The lender could force a position to be liquidated by blocking adding extra amount to the collateral
#22
c4-bot-7
opened
2 months ago
10
Updating node_wallet.total_funds based on user input is problematic and could mess up with accounting
#21
c4-bot-10
opened
2 months ago
9
QA Report
#20
c4-bot-4
opened
2 months ago
1
The borrower can receive the opening fee, profit_share and interest_share
#19
c4-bot-7
closed
2 months ago
2
Borrowers can avoid the payment of an interest share fee by setting themselves as a `fee_receipient`
#18
c4-bot-2
opened
2 months ago
4
Innocent borrower could incur losses caused by a malicious lender
#17
c4-bot-10
opened
2 months ago
8
A borrower can borrow SOL without backing it by a collateral
#16
c4-bot-5
opened
2 months ago
4
Borrowers are able to steal the collateral
#15
c4-bot-7
closed
2 months ago
9
There is no way to close unused PDAs, leading to the SOL deposited into them for their rent exemption being lost forever
#14
c4-bot-7
opened
2 months ago
15
The borrower can steal all SOL from the lender by paying almost nothing as a collateral
#13
c4-bot-1
closed
2 months ago
4
Oracle is payer of liquidation transaction fee
#12
c4-bot-9
opened
2 months ago
13
Small loans will never be liquidated, generating bad debt for lenders
#11
c4-bot-4
opened
2 months ago
17
Malicious borrowers will never repay loans with high interest
#10
c4-bot-3
opened
2 months ago
15
Well collateralized loans can be locked forever
#9
c4-bot-2
closed
2 months ago
10
Accounts occupy an excessive amount of space for allocation
#8
c4-bot-5
opened
2 months ago
16
QA Report
#7
c4-bot-1
closed
2 months ago
3
Liquidation doesn't have expiration
#6
c4-bot-8
opened
2 months ago
14
Tokens can be stolen during liquidation
#5
c4-bot-9
closed
2 months ago
12
Borrowers can steal lenders funds
#4
c4-bot-6
closed
2 months ago
8
Borrower can use own address as fee recipient to pay less interest to lender
#3
c4-bot-6
closed
2 months ago
2
liquidations close borrow positions but lender's stroage variable are not updated correctly.
#2
c4-bot-2
opened
2 months ago
12
Agreements & Disclosures
#1
code4rena-id[bot]
opened
3 months ago
0