code-423n4 2024-04-lavarage-findings issues

code-423n4 / 2024-04-lavarage-findings

2 stars 2 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> 3 from #29 [1714596076809]

#34 c4-judge closed 2 months ago
8
Upgraded Q -> 2 from #29 [1714574899722]

#33 c4-judge closed 2 months ago
2
Upgraded Q -> 2 from #27 [1714574798814]

#32 c4-judge closed 2 months ago
2
Lack of freeze authority check for collateral tokens on create trading pool

#31 c4-bot-4 opened 2 months ago
4
Repaying the debt twice is allowed, which cause total_borrowed to underflow

#30 c4-bot-9 opened 2 months ago
9
QA Report

#29 c4-bot-4 opened 2 months ago
4
Malicious users can drain all trading pools, due to insufficient instruction validation in the `borrow` function

#28 c4-bot-1 closed 2 months ago
7
QA Report

#27 c4-bot-7 opened 2 months ago
4
Collateral can be claimed back without repaying its corresponding loan due to insufficient instruction validation

#26 c4-bot-8 opened 2 months ago
6
The last position/s from a given pool can be permanently prevented from being closed, by repaying an arbitrary position more than once

#25 c4-bot-9 opened 2 months ago
14
The `env!` macro won't work once the Lavarage program is deployed on-chain, leading to the `liquidate` function being permanently DoSed

#24 c4-bot-4 closed 2 months ago
5
The `liquidate` function does not take accrued interest fees into account when calculating the LTV of a given position

#23 c4-bot-4 closed 2 months ago
10
The lender could force a position to be liquidated by blocking adding extra amount to the collateral

#22 c4-bot-7 opened 2 months ago
10
Updating node_wallet.total_funds based on user input is problematic and could mess up with accounting

#21 c4-bot-10 opened 2 months ago
9
QA Report

#20 c4-bot-4 opened 2 months ago
1
The borrower can receive the opening fee, profit_share and interest_share

#19 c4-bot-7 closed 2 months ago
2
Borrowers can avoid the payment of an interest share fee by setting themselves as a `fee_receipient`

#18 c4-bot-2 opened 2 months ago
4
Innocent borrower could incur losses caused by a malicious lender

#17 c4-bot-10 opened 2 months ago
8
A borrower can borrow SOL without backing it by a collateral

#16 c4-bot-5 opened 2 months ago
4
Borrowers are able to steal the collateral

#15 c4-bot-7 closed 2 months ago
9
There is no way to close unused PDAs, leading to the SOL deposited into them for their rent exemption being lost forever

#14 c4-bot-7 opened 2 months ago
15
The borrower can steal all SOL from the lender by paying almost nothing as a collateral

#13 c4-bot-1 closed 2 months ago
4
Oracle is payer of liquidation transaction fee

#12 c4-bot-9 opened 2 months ago
13
Small loans will never be liquidated, generating bad debt for lenders

#11 c4-bot-4 opened 2 months ago
17
Malicious borrowers will never repay loans with high interest

#10 c4-bot-3 opened 2 months ago
15
Well collateralized loans can be locked forever

#9 c4-bot-2 closed 2 months ago
10
Accounts occupy an excessive amount of space for allocation

#8 c4-bot-5 opened 2 months ago
16
QA Report

#7 c4-bot-1 closed 2 months ago
3
Liquidation doesn't have expiration

#6 c4-bot-8 opened 2 months ago
14
Tokens can be stolen during liquidation

#5 c4-bot-9 closed 2 months ago
12
Borrowers can steal lenders funds

#4 c4-bot-6 closed 2 months ago
8
Borrower can use own address as fee recipient to pay less interest to lender

#3 c4-bot-6 closed 2 months ago
2
liquidations close borrow positions but lender's stroage variable are not updated correctly.

#2 c4-bot-2 opened 2 months ago
12
Agreements & Disclosures

#1 code4rena-id[bot] opened 3 months ago
0