issues
search
code-423n4
/
2024-05-predy-validation
0
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
QA Report
#640
c4-bot-6
closed
3 months ago
1
Pausable Tokens like USDC can cause liquidation to Fail
#639
c4-bot-1
opened
3 months ago
0
Liquidation: `execLiquidationCall` can be reverted when refunding the excess amount to the trader/recepient.
#638
c4-bot-9
closed
3 months ago
0
Missing checks for whether Arbitrum Sequencer is active
#637
c4-bot-7
closed
3 months ago
0
`swapExactIn()` and `swapExactOut()` cannot swap if the input asset is ETH without risking owner's funds.
#636
c4-bot-1
closed
3 months ago
0
DoS attack: Inefficient input validation of '_amount' in SupplyLogic.supply() may be leveraged to clog the Network.
#635
c4-bot-7
closed
3 months ago
0
Lack of Access Control in Liquidation Function
#634
c4-bot-7
closed
3 months ago
0
Inconsistent Price Data Due to Sequencer Downtime and Expired Oracle Prices
#633
c4-bot-7
closed
3 months ago
0
Users can steal tokens through fees in the market
#632
c4-bot-10
closed
3 months ago
0
supply and withdraw method lacks slippage mechanism
#631
c4-bot-7
closed
3 months ago
0
Freshness of pricefeed not checked properly leads to the usage of stale pricefeeds.
#630
c4-bot-5
closed
3 months ago
0
QA Report
#629
c4-bot-5
closed
3 months ago
0
Potential underflow in `calculateSlippageTolerance` function
#628
c4-bot-5
closed
3 months ago
0
Lenders are unable to withdraw complete collateral
#627
c4-bot-9
closed
3 months ago
4
SettlementCallbackLib : `execSettlement` will not send fee to the `predyPool` when `baseAmountDelta` is negative
#626
c4-bot-9
closed
3 months ago
0
Potential failure in liquidation process due to blacklisted recipients
#625
c4-bot-9
opened
3 months ago
0
Malicious User Can DOS The PredyPool
#624
c4-bot-9
closed
3 months ago
0
Reversion of getSqrtPrice Function Due to getPriceNoOlderThan Oracle Call
#623
c4-bot-2
closed
3 months ago
0
QA Report
#622
c4-bot-5
closed
3 months ago
0
Unprotected Uninitialized Implementation Contract
#621
c4-bot-8
closed
3 months ago
0
Missing slippage check in supply and withdraw function in PredyPool
#620
c4-bot-3
closed
3 months ago
0
Unrestricted Initialization Function Allows Reinitialization by Any User
#619
c4-bot-7
closed
3 months ago
0
Chainlink oracle will return the wrong price if the aggregator hits `minAnswer`
#618
c4-bot-6
closed
3 months ago
0
approve()/safeApprove() may revert if the current approval is not zero
#617
c4-bot-1
closed
3 months ago
0
Potential Risk of Incorrect Vault Liquidation Due to Stale Chainlink Price Data
#616
c4-bot-8
closed
3 months ago
0
Missing access control in external `AddPairLogic::updatePriceOracle` function
#615
c4-bot-2
closed
3 months ago
0
Lack of slippage protection in supply function leads staker receives less shares than expected
#614
c4-bot-8
closed
3 months ago
0
Division before multiplication in `price` calculation makes it susceptible to potential precision loss
#613
c4-bot-1
closed
3 months ago
0
Reversion in _executeOrderV3 Due to Uninitialized Quote Token Mappings in _validateQuoteTokenAddress Function
#612
c4-bot-9
closed
3 months ago
2
Missing `minAnswer`/`maxAnswer` check and Circuit Breaker in `getSqrtPrice` function
#611
c4-bot-5
closed
3 months ago
0
Front-running Risk Leading to Failed Withdrawals Due to Insufficient Collateral
#610
c4-bot-10
closed
3 months ago
2
Valid Pairs Incorrectly Marked as Invalid
#609
c4-bot-9
closed
3 months ago
0
Missing L2 Sequencer status check in `getSqrtPrice` function
#608
c4-bot-10
closed
3 months ago
0
Use of `slot0` to get `sqrtPriceLimitX96` can lead to price manipulation
#607
c4-bot-10
closed
3 months ago
0
Missing staleness check in `getSqrtPrice` function using `AggregatorV3Interface`
#606
c4-bot-3
closed
3 months ago
0
Immediate User Liquidation Risk
#605
c4-bot-3
closed
3 months ago
0
During partial liquidation protocol is left with bed debt that liquidator is not forced to paid up.
#604
c4-bot-7
closed
3 months ago
0
Inability to Disable allowedUniswapPools Once Enabled
#603
c4-bot-2
closed
3 months ago
0
QA Report
#602
c4-bot-5
closed
3 months ago
0
As anybody can create pools, malicious pool owners can prevent existing traders from trading, making them prone to liquidations.
#601
c4-bot-4
closed
3 months ago
5
Missing Blacklist Validation in `withdrawCreatorRevenue`, `withdrawProtocolRevenue` and `uniswapV3MintCallback` functions
#600
c4-bot-5
closed
3 months ago
0
Potential Token Loss Due to Rounding Issue in Small Deposits
#599
c4-bot-7
closed
3 months ago
2
Use of `slot0` to get `sqrtPrice` can lead to price manipulation.
#598
c4-bot-9
closed
3 months ago
0
Vulnerability to Stale Data in callUniswapObserve Function Due to Sequencer Downtime on Layer 2 Solutions
#597
c4-bot-9
closed
3 months ago
0
Chainlink's `latestRoundData` might return stale or incorrect results
#596
c4-bot-9
closed
3 months ago
0
One pair can steal another pair's Uniswap liquidity during `reallocate()` call if both pairs operate on the same Uniswap pool and both have the same upper and lower tick during reallocation.
#595
c4-bot-8
opened
3 months ago
0
Registration of a pair with malicious price feed can lead to extraction of funds from other pairs.
#594
c4-bot-2
closed
3 months ago
4
The missing IRM parameters check in the `registerPair()` function allows for the instant draining of all funds from all pairs, as the creator's revenue is accounted for before the debt is paid out.
#593
c4-bot-8
closed
3 months ago
6
Missing checks for whether Sequencer is active.
#592
c4-bot-9
closed
3 months ago
0
Calls to Chainlink oracles don't check for stale prices.
#591
c4-bot-10
closed
3 months ago
0
Previous
Next