sherlock-audit 2024-09-predict-fun-judging issues

sherlock-audit / 2024-09-predict-fun-judging

5 stars 4 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Precise Banana Beetle - In `PredictDotLoan.sol` it is possible that the fees that are sent to the `protocolFeeRecepient` might round down to 0.

#341 sherlock-admin3 closed 1 month ago
0
Fast Holographic Salmon - Use of Magic Numbers in Code

#340 sherlock-admin4 closed 1 month ago
0
Tangy Coconut Python - refinance is not protected against frontrunning

#339 sherlock-admin2 closed 1 month ago
0
Merry Glass Kitten - Use nested `if` statements instead of logical AND (`&&`)

#338 sherlock-admin3 closed 1 month ago
0
Jumpy Strawberry Caterpillar - Missing Zero Address Checks in Constructor

#337 sherlock-admin4 closed 1 month ago
0
Melodic Mocha Aardvark - The transaction will fail if the transfer of collateral is not already approved

#336 sherlock-admin2 closed 1 month ago
0
Melodic Mocha Aardvark - Protocol fee for refinancing increases could potentially discourage refinancing for long-standing loans

#335 sherlock-admin3 closed 1 month ago
0
Ambitious Amethyst Canary - No limit on Batch cancellation request

#334 sherlock-admin4 closed 1 month ago
0
Merry Glass Kitten - Unused event `LoanTokenStatusUpdated`

#333 sherlock-admin2 closed 1 month ago
1
Fluffy Sangria Wallaby - Unnecessary import of forge-std/console2.sol

#332 sherlock-admin3 closed 1 month ago
1
Kind Aqua Ostrich - Public visibility on a library function can increase gas costs in `InterestLib.sol`

#331 sherlock-admin4 closed 1 month ago
0
Kind Aqua Ostrich - Lack of input validation for `updateProtocolFeeRecipient` will result to funds be lost permanently in `PredictDotLoan.sol`

#330 sherlock-admin2 closed 1 month ago
0
Wild Cinnamon Crocodile - Incorrect Values Emitted in NoncesIncremented Event

#329 sherlock-admin3 closed 1 month ago
0
ivanonchain - Updating protocolFeeBasisPoints Invalidate Existing Proposals, Leading to Denial of Service in the matchProposals function

#328 sherlock-admin2 opened 1 month ago
0
cryptomoon - fulfillment struct of borrower is not updated when their loan is refinanced

#327 sherlock-admin3 closed 1 month ago
0
Albort - Order of Operations in Batch Refinancing

#326 sherlock-admin2 opened 1 month ago
0
wickie - Malicious lenders can set the minimum duration of the loan to 0 or close to 0 and use the ```call()`` function to force borrowers to either default or pay high interest rates.

#325 sherlock-admin4 opened 1 month ago
0
mrKaplan - `matchProposals` function will revert while a proposal (`borrowRequest/loanOffer`) has less than 10% remaining value.

#324 sherlock-admin3 opened 1 month ago
0
yaioxy - `auction` function does not check if collateral amount > debt + protocol fee

#323 sherlock-admin2 opened 1 month ago
1
web3tycoon - while filling accepting offer and order

#322 sherlock-admin4 opened 1 month ago
0
smbv-1923 - `whenNotPaused()` modifier not checked during `call()` which creates problem

#321 sherlock-admin3 opened 1 month ago
0
BZ - Insufficient Collateralization Ratio Check Leading to Potential Undercollateralized Loans

#320 sherlock-admin2 opened 1 month ago
0
ivanonchain - Uninitialized minimumOrderFeeRate Allows Bypassing Minimum Fee Requirement in acceptLoanOfferAndFillOrder Function

#319 sherlock-admin4 opened 1 month ago
0
0xlucky - A win win sitaution can be there for attacker as borrower

#318 sherlock-admin2 closed 1 month ago
0
nikhilx0111 - incorrect check in acceptloanofferandfillorder will cause the function to revert when the borrower is buying the last loan

#317 sherlock-admin4 opened 1 month ago
0
0xShoonya - Incorrect Handling of Final and Partial Loan Fulfillment Amounts in `_assertFulfillAmountNotTooLow` Function

#316 sherlock-admin3 opened 1 month ago
0
dhank - A lender can lend 0 amount of LOAN_TOKEN to lock borrowOffer 's remaining collatteral amount.

#315 sherlock-admin2 opened 1 month ago
0
anonymousjoe - Collateral token and Loan token(USDC) decimals could be different leading to incorrect collateralization ratio checks

#314 sherlock-admin4 opened 1 month ago
0
0xAadi - Static Collateral Checks in `matchProposals()` Prevent Borrowers from Utilizing Updated/Improved Collateralization Ratios After a Partial Fulfillment

#313 sherlock-admin3 opened 1 month ago
1
Aycozzynfada - Malicious user can front-run refinancing to cause DOS

#312 sherlock-admin2 opened 1 month ago
0
Bluedragon - Borrower Receives Less Than Expected Loan Amount Due to Protocol Fee Deduction

#311 sherlock-admin4 opened 1 month ago
0
0xlucky - Improper and outdated check of valid signature for wallet address like Multisig wallet is there.

#310 sherlock-admin3 opened 1 month ago
0
Ragnarok - Incorrect Implementation of InterestLib::pow causes underestimated Debt calculation

#309 sherlock-admin2 opened 1 month ago
0
ivanonchain - Incorrect Handling of Tokens with Different Decimals Causes Miscalculations in Debt and Interest Calculations

#308 sherlock-admin4 opened 1 month ago
0
web3tycoon - Denial of Service Attack due to `reverting` if `borrower` has turned off `AutoRefinancing`

#307 sherlock-admin3 opened 1 month ago
0
MaslarovK - The protocol can change the minimumOrderFeeRate after a loan offer has been created but before it has been accepted.

#306 sherlock-admin2 opened 1 month ago
0
anonymousjoe - The `loan.amount` can be greater than the `collateral.amount` leading to less than 100% collateralization ratio

#305 sherlock-admin4 opened 1 month ago
0
wickie - Malicious borrower can arbitrage with acceptLoanOfferAndFillOrder()

#304 sherlock-admin3 opened 1 month ago
0
MaslarovK - 'hashProposal' function will lead to wrong hash due to a wrong `questionId` type in the abi.encode

#303 sherlock-admin2 opened 1 month ago
1
nikhilx0111 - a malicious user can grief the protocol

#302 sherlock-admin4 opened 1 month ago
0
Silvermist - Paused ERC1155 result in the borrower being unable to repay his debt

#301 sherlock-admin3 opened 1 month ago
0
Waydou - Incorrect Refund Calculation in Partial Order Fulfillment Scenarios

#300 sherlock-admin2 opened 1 month ago
0
056Security - Discrepency between protocol documentation and code implementation for `matchProposals(...)`

#299 sherlock-admin4 opened 1 month ago
0
vinica_boy - Protocol highly depends on correct block.timestamp values which is not the case in Arbitrum

#298 sherlock-admin3 opened 1 month ago
0
Nave - Borrowers Have The Ability To Make Other Party Pay Their Interest Rate Fee

#297 sherlock-admin2 opened 1 month ago
0
valuevalk - Borrower can DoS and cause off-chain system big gas costs due to callback function from ERC1155

#296 sherlock-admin4 opened 1 month ago
0
iamnmt - Setting `protocolFeeBasisPoints = 0` will allow the lender to DoS on repaying a matured loan by auctioning the loan

#295 sherlock-admin3 opened 1 month ago
0
smbv-1923 - Attacker would never lose money under certain circumstances

#294 sherlock-admin2 opened 1 month ago
0
TessKimy - Decimal difference between CTF token and Loan token is missimplemented while using USDC or USDB as collateral token

#293 sherlock-admin4 opened 1 month ago
0
wickie - 1.Malicious borrower can use up loan offers by calling acceptLoanOffersAndFillOrders()

#292 sherlock-admin3 opened 1 month ago
0