code-423n4 2024-08-wildcat-findings issues

code-423n4 / 2024-08-wildcat-findings

3 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

`addRoleProvider` will revert if `providerAddress` is an EOA, while documentation state provider can be an EOA

#74 howlbot-integration[bot] closed 2 months ago
1
`repayDeliquentDebt` is not effective, as the market will become delinquent again on next block

#73 howlbot-integration[bot] closed 2 months ago
6
The repayment is made after the market state is update in the `WildcatMarket.repayOutstandingDebt` and `WildcatMarket.repayDelinquentDebt` functions thus putting the borrower at a disadvantage

#72 howlbot-integration[bot] closed 2 months ago
1
Invalid `hooks templates` could be used for market deployments in the `HooksFactory.deployMarket` function

#71 howlbot-integration[bot] closed 2 months ago
1
A Sanctioned Address Can Directly Repay Debt via repay() and repayOutstandingDebt() in WildcatMarket

#70 howlbot-integration[bot] opened 2 months ago
4
A Sanctioned Address Can Not Only Repay Debt but Also Process Unpaid Withdrawal Batches Gracefully in WildcatMarketWithdrawals

#69 howlbot-integration[bot] closed 1 month ago
5
A Sanctioned Borrower Can Close Markets Gracefully in WildCatMarket

#68 howlbot-integration[bot] closed 1 month ago
4
Borrowers could still deploy market while the template is diabled

#67 howlbot-integration[bot] closed 1 month ago
3
Blacklisted Assets Can Be Used as Origination Fee Assets in Hooks Templates

#66 howlbot-integration[bot] closed 1 month ago
4
WildcatSanctionsSentinel:: createEscrow allows unregistered market to used to create escrow

#65 howlbot-integration[bot] closed 1 month ago
3
User could withdraw more than supposed to, forcing last user withdraw to fail

#64 howlbot-integration[bot] opened 2 months ago
5
FIFO queue is not strict enough

#63 howlbot-integration[bot] closed 1 month ago
3
Inconsistency across multiple repaying functions causing lender to pay extra fees.

#62 howlbot-integration[bot] opened 2 months ago
5
Borrower can fully bypass the `onRepay` hook

#61 howlbot-integration[bot] opened 2 months ago
5
`FixedTermLoanHook` looks at `block.timestamp` instead of `expiry`

#60 howlbot-integration[bot] opened 2 months ago
5
The contract goes back to being in a Delinquent state 1 seconds after repaying all DelinquentDebt because of a wrong repayment flow

#59 howlbot-integration[bot] closed 1 month ago
4
`SphereXConfig::constructor` argument `engine` set as `0` in `WildcatArchController::constructor` will prevent key `WildcatArchController` functions from from executing

#58 howlbot-integration[bot] closed 1 month ago
4
Role providers can bypass intended restrictions and lower expiry set by other providers

#57 howlbot-integration[bot] opened 2 months ago
4
Improper validation on the `HooksFactory::_validateFees` function precisely on the `OriginationFee`and `ProtocolFeeBips` parameters, Leading to a borrower deploying a market without paying the Origination Fee.

#56 howlbot-integration[bot] closed 1 month ago
3
The penalty APR to be returned can be manipulated

#55 howlbot-integration[bot] closed 1 month ago
3
`state.scaleFactor` is calculated incorrectly when handling the current expired withdrawal batch

#54 howlbot-integration[bot] closed 1 month ago
5
A `borrower` can remove itself from role providers of Hooks

#53 howlbot-integration[bot] closed 1 month ago
3
No lender is able to exit even after the market is closed

#52 howlbot-integration[bot] opened 2 months ago
4
`WildcatMarketConfig#nukeFromOrbit()` reverts even if the lender has been marked as sanctioned

#51 howlbot-integration[bot] closed 1 month ago
3
Once hooks are disabled, there is no way to enable or add them again.

#50 howlbot-integration[bot] opened 2 months ago
4
Role providers cannot be EOAs as stated in the documentation.

#49 howlbot-integration[bot] opened 2 months ago
4
The APR can neither be increased nor locked if the market becomes delinquent following a reduction of over 25% in APR

#48 howlbot-integration[bot] opened 2 months ago
6
Reserved assets for withdrawals can be lower than they should

#47 howlbot-integration[bot] closed 1 month ago
5
The `reserveRatioBips` will be incorrect if a market APR is reduced again two weeks after the initial reduction of over 25%

#46 howlbot-integration[bot] opened 2 months ago
4
Inconsistent Behavior in Temporary Reserve Ratio Calculation After Interest Rate Changes

#45 howlbot-integration[bot] closed 1 month ago
4
Accounts blocked from deposits can ultimately mimic the exact state as a depositor

#44 howlbot-integration[bot] closed 1 month ago
3
Excessive Interest and Fees Due to Multiple Repayments

#43 howlbot-integration[bot] closed 1 month ago
3
No any external functions in `HooksFactory` are protected by SphereX

#42 howlbot-integration[bot] opened 2 months ago
4
Inconsistent Minimum Balance Checks Enable Known Lender Status Bypass via `onTransfer` function

#41 howlbot-integration[bot] opened 2 months ago
4
Inconsistent Access Control Allows Known Lenders to Bypass Deposit Restrictions via Transfers

#40 howlbot-integration[bot] closed 1 month ago
3
Borrower Can Permanently Invalidate Push Provider Credentials Through Block/Unblock Actions

#39 howlbot-integration[bot] closed 1 month ago
3
`onExecuteWithdrawal` hook uses an incorrect function signature definition

#38 howlbot-integration[bot] closed 1 month ago
3
Sanctioned Addresses Can Bypass Checks Due to Incorrect Assembly Code

#37 howlbot-integration[bot] closed 1 month ago
3
Hook deployment is vulnerable to reorg situations

#36 howlbot-integration[bot] opened 2 months ago
5
Increasing APR when reserve ratio is zero and borrower uses all the funds moves the account to delinquency

#35 howlbot-integration[bot] closed 1 month ago
3
lenders are unable to get full repayment amount

#34 howlbot-integration[bot] closed 1 month ago
3
Lack of validation of the `FixedTermLoanHooks.setFixedTermEndTime` function can lead to unintended behaviour

#33 howlbot-integration[bot] closed 1 month ago
4
Deposits/borrows deviate from intended implementation

#32 howlbot-integration[bot] opened 2 months ago
4
Memory Corruption Risk in LibStoredInitCode Due to Scratch Space Overuse

#31 howlbot-integration[bot] closed 1 month ago
3
Allowed amounts for Deposit, Transfer, and Withdrawal are increasing as the scale factor increases with accumulated interest thus DoS the smaller fund operations

#30 howlbot-integration[bot] closed 1 month ago
3
Incorrect Calculation in _calculateTemporaryReserveRatioBips Function

#29 howlbot-integration[bot] closed 1 month ago
3
Malicious Lender Can Block Other Lenders from Withdrawing Funds

#28 howlbot-integration[bot] closed 1 month ago
4
FixedTermLoanHooks Allows Borrower to Increase Loan Term

#27 howlbot-integration[bot] closed 1 month ago
3
`AccessControlHooks::onQueueWithdrawal` do not check `market.isHooked` allowing anyone to call the function with arbitrary `hooksData`

#26 howlbot-integration[bot] closed 1 month ago
8
Market using `stETH` might still be delinquent after `repayDeliquentDebt`

#25 howlbot-integration[bot] closed 1 month ago
3

Previous Next