code-423n4 2024-05-predy-findings issues

code-423n4 / 2024-05-predy-findings

9 stars 8 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> 2 from #259 [1719594465362]

#310 c4-judge closed 2 months ago
2
Upgraded Q -> 2 from #254 [1719594414430]

#309 c4-judge closed 2 months ago
2
Upgraded Q -> 2 from #254 [1719594348550]

#308 c4-judge closed 2 months ago
2
Upgraded Q -> 2 from #252 [1719594295360]

#307 c4-judge closed 2 months ago
2
Upgraded Q -> 2 from #253 [1719594215976]

#306 c4-judge closed 2 months ago
2
Use of slot0 to get sqrtPriceX96 before performing swaps

#305 thebrittfactor closed 2 months ago
4
Price calculation susceptible to flashloan attacks

#304 thebrittfactor closed 2 months ago
5
Use of slot0 to get sqrtPriceLimitX96 can lead to price manipulation

#303 thebrittfactor closed 2 months ago
4
No Protection of Uninitialized Implementation Contracts From Attacker

#302 howlbot-integration[bot] closed 2 months ago
3
Use of `slot0()` to fetch prices can lead to price manipulation

#301 howlbot-integration[bot] closed 2 months ago
4
No check for active L2 Sequencer

#300 howlbot-integration[bot] closed 2 months ago
4
Missing check for the max/min price in `getSqrtPrice()`

#299 howlbot-integration[bot] closed 2 months ago
1
Unset `deadline` allows for malicious swap executions.

#298 howlbot-integration[bot] closed 2 months ago
1
Inadequate price validation in `getSqrtPrice()` results in usage of stale prices.

#297 howlbot-integration[bot] closed 2 months ago
1
Unable to perform liquidation if vault `recipient` is blacklisted by `quotePool.token`

#296 howlbot-integration[bot] closed 2 months ago
1
Incorrect Rounding in `calculateUsableTick` where negative tick values are rounded down instead of to the nearest multiple of `tickSpacing`.

#295 howlbot-integration[bot] closed 2 months ago
5
Missing slippage control when adding/removing liquidity

#294 howlbot-integration[bot] closed 2 months ago
3
Inflexible Twap `_ORACLE_PERIOD` leads to inadequate pricing of assets

#293 howlbot-integration[bot] closed 2 months ago
1
Incorrect Limit Stop Order Validation.

#292 howlbot-integration[bot] closed 2 months ago
1
Potential Use of Stale Prices in SqrtPrice Calculation in PriceFeed.sol

#291 howlbot-integration[bot] closed 2 months ago
1
`Filler` is incorrectly tasked.

#290 howlbot-integration[bot] closed 2 months ago
4
Incorrect `prices` would be returned for `negative ticks`

#289 howlbot-integration[bot] closed 2 months ago
2
Liquidation may revert when the account is blacklisted

#288 howlbot-integration[bot] closed 2 months ago
1
Chainlink stale price

#287 howlbot-integration[bot] closed 2 months ago
1
Chainlink FlashCrash Price

#286 howlbot-integration[bot] closed 2 months ago
1
Use of slot 0 is easy to manipulate

#285 howlbot-integration[bot] closed 2 months ago
6
Hardcoded `VALID_TIME_PERIOD` is not suitable in all cases.

#284 howlbot-integration[bot] closed 2 months ago
1
insufficient slippage specification in uniswap

#283 howlbot-integration[bot] closed 2 months ago
1
UniV3 Oracle unsafe on L2s in event of Sequencer downtime

#282 howlbot-integration[bot] closed 2 months ago
4
`updateFeeRatio()` does not collect previous fees before setting a new `feeRatio`

#281 howlbot-integration[bot] closed 2 months ago
1
Missing deadline parameter in `swapExactIn` and `swapExactOut` functions in `UniswapSettlement.sol` allowing outdated slippage and allowing pending transactions to be executed unexpectedly

#280 howlbot-integration[bot] closed 2 months ago
1
`callUniswapObserve` will show incorrect price for negative ticks because it does not round up for them

#279 howlbot-integration[bot] closed 2 months ago
1
Use of slot0 can lead to price manipulations

#278 howlbot-integration[bot] closed 2 months ago
1
Chainlink’s latestRoundData might return stale or incorrect results

#277 howlbot-integration[bot] closed 2 months ago
1
Multiple instances of usage of `slot0` to calculate square root price, which is easily manipulatable

#276 howlbot-integration[bot] closed 2 months ago
1
Malicious user can create positions that can never be liquidated, breaking protocol invariant

#275 howlbot-integration[bot] closed 2 months ago
2
Using `block.timestamp` as deadline is dangerous

#274 howlbot-integration[bot] closed 2 months ago
1
`PerpMarketLib::validateStopPrice` calculates the ratio of `oraclePrice` and `stopPrice` incorrectly

#273 howlbot-integration[bot] closed 2 months ago
1
No `deadline` parameter on `swapExactIn` and `swapExactOut` can lead to less faourable swaps.

#272 howlbot-integration[bot] closed 2 months ago
1
Improper Validation in PerpMarketV1: Reverting Mechanism Fails to revert an Invalid Trades

#271 howlbot-integration[bot] closed 2 months ago
1
Filler can update `settlementWhitelist` through basemarketupgradeable.sol.

#270 howlbot-integration[bot] closed 2 months ago
2
Lack of slippage protection in supply function leads staker receives less shares than expected

#269 howlbot-integration[bot] closed 2 months ago
4
Missing slippage check in supply and withdraw function in PredyPool

#268 howlbot-integration[bot] closed 2 months ago
4
Chainlink's `latestRoundData` may return a stale or incorrect result

#267 howlbot-integration[bot] closed 2 months ago
1
Missing check for sequencer downtime in PriceFeed contract

#266 howlbot-integration[bot] closed 2 months ago
4
Use of Potentially Stale Price Data from Pyth Oracle

#265 howlbot-integration[bot] closed 2 months ago
1
No Sequencer Status Check in Price Feed Contract on Arbitrum L2

#264 howlbot-integration[bot] closed 2 months ago
4
Lack of Chainlink Price Range Validation in PriceFeed Contract

#263 howlbot-integration[bot] closed 2 months ago
1
`validateStopPrice()` is potentially flawed by wrong `value` parameter

#262 howlbot-integration[bot] closed 2 months ago
3
Incorrect data is saved as `userPosition` during trade execution

#261 howlbot-integration[bot] closed 2 months ago
3