code-423n4 2024-08-wildcat-findings issues

code-423n4 / 2024-08-wildcat-findings

3 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

A borrower cannot prevent the transfer of market tokens if the market allows deposits only when the lenders have valid credentials

#24 howlbot-integration[bot] opened 2 months ago
5
Borrower can reduces APR in fixed markets causing lenders to lose funds

#23 c4-bot-10 closed 1 month ago
7
Missing `isHooked` check when calling `onQueueWithdrawal` hook function

#22 c4-bot-9 closed 1 month ago
6
An incorrect value of state.isDelinquent might impact the functionality of hook operations.

#21 c4-bot-8 closed 2 months ago
1
`repay` opearation can be effectively simulated bypassing `state.isClosed` and hooks

#20 c4-bot-8 closed 2 months ago
3
Wrong calculation of delinquent penalty time in `updateTimeDelinquentAndGetPenaltyTime` function

#19 c4-bot-9 closed 1 month ago
3
Incorrect use of `state.isDelinquent` in `updateTimeDelinquentAndGetPenaltyTime` function - total misbehavior of applying delinquency fee

#18 c4-bot-9 closed 1 month ago
3
QA Report

#17 c4-bot-2 opened 2 months ago
3
Lenders lose funds if deposits continue to operate when Borrower has been sanctioned

#16 c4-bot-10 opened 2 months ago
4
Lack of slippage control on deposit functions

#15 c4-bot-10 opened 2 months ago
4
Borrower can reduce the maxTotalSupply below the current `totalSupply()`

#14 c4-bot-10 opened 2 months ago
3
Minimum deposit requirement can be bypassed

#13 c4-bot-2 opened 2 months ago
3
Lenders can avoid sanction restrictions in `FixedTermLoanHooks` by transferring to another account

#12 c4-bot-2 opened 2 months ago
7
AccessControlHooks onQueueWithdrawal() does not check if market is hooked which could lead to unexpected errors such as temporary DoS

#11 c4-bot-10 opened 2 months ago
7
Providers can replace credentials from other providers allowing a rogue or malicios provider to revoke all lenders credentials

#10 c4-bot-6 closed 2 months ago
3
Malicios users can grief admin calls to pushProtocolFeeBipsUpdates causing tranasctions to revert

#9 c4-bot-4 opened 2 months ago
7
pushProtocolFeeBipsUpdates will unexpectedly revert on closed markets

#8 c4-bot-9 closed 2 months ago
2
Users can still deploy markets on a disabled hooks instance

#7 c4-bot-7 closed 2 months ago
2
QA Report

#6 c4-bot-5 opened 2 months ago
1
The protocol has not charged the protocol fee.

#5 c4-bot-7 closed 2 months ago
2
The new withdrawal batch may be prioritized over the expired withdrawal batch for repayment

#4 c4-bot-10 closed 1 month ago
4
The `setHooksAddress` implementation is incorrect.

#3 c4-bot-4 closed 1 month ago
6
QA Report

#2 c4-bot-8 closed 2 months ago
2
Agreements & Disclosures

#1 code4rena-id[bot] opened 2 months ago
0