code-423n4 2024-07-benddao-findings issues

code-423n4 / 2024-07-benddao-findings

9 stars 6 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Users cannot unstake from YiedlETHStakingEtherfi.sol, because YieldAccount.sol is incompatible with ether.fi's WithdrawRequestNFT.sol

#19 c4-bot-5 opened 3 months ago
4
In YieldStakingBase.sol, users can avoid paying unstakeFine by front-running botAdmin's unstake call

#18 c4-bot-4 closed 3 months ago
3
yieldGroup borrow is mixed with cross borrow when calculating crossBorrow healthFactor, risk of users being unfairly liquidated

#17 c4-bot-6 closed 3 months ago
5
Withdraw/ Borrow native ETH might fail due to incorrect implementation of fund transfer flows

#16 c4-bot-6 closed 3 months ago
2
Incorrect index used to calculate totalSupply, which invalidates asset / staker level yield cap checks

#15 c4-bot-4 closed 3 months ago
3
Anyone can get the NFT collateral token after an Auction without bidding due to missing check on msg.sender

#14 c4-bot-5 opened 3 months ago
4
Vulnerable erc20TransferOutBidAmountToLiqudity() will cause incorrect accounting of assetData or DOS liquidation.

#13 c4-bot-10 closed 3 months ago
7
Incorrect accounting of utilization, supply / borrow rates due to vulnerable implementation in IsolateLogic::executeIsolateLiquidate

#12 c4-bot-3 opened 3 months ago
4
supplyIndex will be arbitrarily inflated due to vulnerable implementation in calculateLinearInterest and _updateSupplyIndex

#11 c4-bot-10 closed 3 months ago
2
It's impossible to retrieve collected fines from the yield staking contract

#10 c4-bot-10 opened 3 months ago
4
Borrower can prevent yield position repayment and closure by the bot

#9 c4-bot-3 opened 3 months ago
4
Changing auction duration will have effect on ongoing auctions

#8 c4-bot-10 opened 3 months ago
5
Updating fee factor may create issues for the protocol

#7 c4-bot-8 opened 3 months ago
6
The bot won't be able to unstake or repay risky positions in the yield contract

#6 c4-bot-2 opened 3 months ago
4
Protocol should update interest rate after changing rate model in the configurator module

#5 c4-bot-4 opened 3 months ago
10
Incorrect unwrapNativeTokenInWallet receiver address

#4 c4-bot-10 opened 3 months ago
4
PriceOracle may use stale prices

#3 c4-bot-5 closed 3 months ago
2
Update README.md

#2 liveactionllama closed 3 months ago
0
Agreements & Disclosures

#1 code4rena-id[bot] opened 4 months ago
0