code-423n4 2024-07-benddao-findings issues

code-423n4 / 2024-07-benddao-findings

9 stars 6 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> 2 from #33 [1724175229532]

#69 c4-judge closed 3 months ago
2
Upgraded Q -> 2 from #60 [1724174550557]

#68 c4-judge closed 3 months ago
2
Upgraded Q -> 3 from #60 [1724174486633]

#67 c4-judge closed 3 months ago
2
Upgraded Q -> 2 from #60 [1724174227042]

#66 c4-judge closed 3 months ago
2
Upgraded Q -> 2 from #61 [1724174033638]

#65 c4-judge closed 3 months ago
2
Upgraded Q -> 2 from #61 [1724173870544]

#64 c4-judge closed 3 months ago
2
DoSed `YieldSavingsDai` withdrawals due to passing in `DAI` amount to `redeem()`, which accepts shares

#63 c4-bot-10 closed 3 months ago
1
Mismatch between yield amount deposited in shares calculation and `getAccountYieldBalance()`

#62 c4-bot-1 opened 3 months ago
5
QA Report

#61 c4-bot-2 opened 3 months ago
2
QA Report

#60 c4-bot-8 opened 3 months ago
3
PriceOracle has invalid checks on price staleness.

#59 c4-bot-6 opened 3 months ago
5
Risk of mass liquidation after pool/asset pause and unpause, due to borrow interest compounding implemenation

#58 c4-bot-2 opened 3 months ago
5
assetFee calculation will be incorrect when there is a feeFactor change due to vulnerable implementation

#57 c4-bot-1 closed 3 months ago
2
If an isolated borrower/bidder is blacklisted by the debt token, risk of DOS liquidation / auction of the corresponding loan

#56 c4-bot-2 opened 3 months ago
6
Unhandled request invalidation by the owner of Etherfi will lead to stuck debt

#55 c4-bot-2 opened 3 months ago
4
Missing ERC721Receiver in YieldAccount leading to DoSed withdrawals in `YieldEthStakingEtherfi`

#54 c4-bot-4 closed 3 months ago
2
totalUnstakeFine collected will be locked in the staking contract due to no methods of fine transfer

#53 c4-bot-10 closed 3 months ago
2
unstake / repay will always revert when called by botAdmin, due to implementation error, unstakeFine will be lost

#52 c4-bot-7 closed 3 months ago
3
Unstake fine in `YieldStakingBase` is stuck

#51 c4-bot-5 closed 3 months ago
3
`YieldStakingBase::repay()` only allows the nft owner to repay, leading to forever accruing debt

#50 c4-bot-10 closed 3 months ago
3
QA Report

#49 c4-bot-5 opened 3 months ago
3
executeIsolateLiquidate() totalBidAmout is not accounting correctly

#48 c4-bot-10 closed 3 months ago
4
isolateLiquidate() lock of check msgSender == lastBidder

#47 c4-bot-10 closed 3 months ago
7
crossLiquidateERC721() specified debtAsset, borrower may not have any borrowing, resulting in a worse debt situation for borrower

#46 c4-bot-10 closed 3 months ago
4
_calculateDebtAmountFromERC721Collateral() collateralPrice miscalculation

#45 c4-bot-3 closed 3 months ago
5
isolateRepay() Lack of check onBehalf == nftOwner

#44 c4-bot-5 opened 3 months ago
4
erc721DecreaseIsolateSupplyOnLiquidate() Missing clear lockerAddr

#43 c4-bot-6 opened 3 months ago
5
wrapNativeTokenInWallet() always reverts on Arbitrum

#42 c4-bot-1 opened 3 months ago
4
YieldEthStakingLido.protocolDeposit() returns the wrong quantity

#41 c4-bot-4 closed 3 months ago
5
YieldEthStakingEtherfi.protocolRequestWithdrawal() cannot be executed because yieldAccount does not implement onERC721Received

#40 c4-bot-5 closed 3 months ago
2
YieldEthStakingEtherfi.protocolDeposit() returns the wrong quantity

#39 c4-bot-3 closed 3 months ago
5
totalUnstakeFine can't be taken away

#38 c4-bot-9 closed 3 months ago
3
unstake/repay , when botAdmin call , use yieldAccounts[msg.sender] is wrong

#37 c4-bot-4 closed 3 months ago
2
YieldEthStakingLido lacks a limit on the max stake amount, which may result in the unstake exceeding MAX_STETH_WITHDRAWAL_AMOUNT, resulting in the token not being retrieved.

#36 c4-bot-10 opened 3 months ago
6
executeYieldBorrowERC20() checking yieldCap wrong

#35 c4-bot-5 opened 3 months ago
5
PriceOracle missing checks for whether L2 Sequencer is active

#34 c4-bot-1 closed 3 months ago
2
QA Report

#33 c4-bot-4 opened 3 months ago
4
Fee-on-Transfer tokens cause problems in multiple places

#32 c4-bot-2 opened 3 months ago
6
User are forced to borrow again in order to unlock their NFTs from `IsolateLending.sol`

#31 c4-bot-9 opened 3 months ago
4
`isolateRedeem()` revert in case Revert-on-zero-value-transfers tokens

#30 c4-bot-6 opened 3 months ago
5
Malicious liquidator can guarantee to gain the Isolate Auction

#29 c4-bot-4 closed 3 months ago
3
The new owner of NFT can't trigger `delegateERC721()` to re-set the delegation

#28 c4-bot-1 closed 3 months ago
4
Revert due to underflow error, leading to lock of the liquidated NFT

#27 c4-bot-7 opened 3 months ago
5
Updating asset collateral params can lead to liquidate borrowers arbitrarily

#26 c4-bot-3 opened 3 months ago
9
Liquidator can repay the debt and take non-collateral assets from the user

#25 c4-bot-9 closed 3 months ago
4
No check if Arbitrum/Optimism L2 sequencer is down in Chainlink feeds `PriceOracle.sol`

#24 c4-bot-2 opened 3 months ago
5
Bad debt is never handled which places insolvency risks on BendDAO

#23 c4-bot-1 opened 3 months ago
8
Major insolvency risk in `LiquidationLogic::executeCrossLiquidateERC721()` due to not setting a maximum liquidation price

#22 c4-bot-10 opened 3 months ago
10
User can hold several collateral assets to decrease liquidation penalties

#21 c4-bot-6 opened 3 months ago
9
Stolen erc721 collateral to `msg.sender` instead of the bidder in `IsolateLogic::executeIsolateLiquidate()`

#20 c4-bot-2 closed 3 months ago
2