sherlock-audit 2024-09-predict-fun-judging issues

sherlock-audit / 2024-09-predict-fun-judging

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Precise Banana Beetle - In `PredictDotLoan.sol` it is possible that the fees that are sent to the `protocolFeeRecepient` might round down to 0.

#341 sherlock-admin3 closed 2 days ago
0
Fast Holographic Salmon - Use of Magic Numbers in Code

#340 sherlock-admin4 closed 2 days ago
0
Tangy Coconut Python - refinance is not protected against frontrunning

#339 sherlock-admin2 closed 2 days ago
0
Merry Glass Kitten - Use nested `if` statements instead of logical AND (`&&`)

#338 sherlock-admin3 closed 2 days ago
0
Jumpy Strawberry Caterpillar - Missing Zero Address Checks in Constructor

#337 sherlock-admin4 closed 2 days ago
0
Melodic Mocha Aardvark - The transaction will fail if the transfer of collateral is not already approved

#336 sherlock-admin2 closed 2 days ago
0
Melodic Mocha Aardvark - Protocol fee for refinancing increases could potentially discourage refinancing for long-standing loans

#335 sherlock-admin3 closed 2 days ago
0
Ambitious Amethyst Canary - No limit on Batch cancellation request

#334 sherlock-admin4 closed 2 days ago
0
Merry Glass Kitten - Unused event `LoanTokenStatusUpdated`

#333 sherlock-admin2 closed 2 days ago
1
Fluffy Sangria Wallaby - Unnecessary import of forge-std/console2.sol

#332 sherlock-admin3 closed 2 days ago
1
Kind Aqua Ostrich - Public visibility on a library function can increase gas costs in `InterestLib.sol`

#331 sherlock-admin4 closed 2 days ago
0
Kind Aqua Ostrich - Lack of input validation for `updateProtocolFeeRecipient` will result to funds be lost permanently in `PredictDotLoan.sol`

#330 sherlock-admin2 closed 2 days ago
0
Wild Cinnamon Crocodile - Incorrect Values Emitted in NoncesIncremented Event

#329 sherlock-admin3 closed 2 days ago
0
Massive Foggy Gorilla - Updating protocolFeeBasisPoints Invalidate Existing Proposals, Leading to Denial of Service in the matchProposals function

#328 sherlock-admin2 opened 2 days ago
0
Rare Sky Mouse - fulfillment struct of borrower is not updated when their loan is refinanced

#327 sherlock-admin3 closed 2 days ago
0
Slow Hazel Copperhead - Order of Operations in Batch Refinancing

#326 sherlock-admin2 opened 2 days ago
0
Urban Jetblack Mantaray - Malicious lenders can set the minimum duration of the loan to 0 or close to 0 and use the ```call()`` function to force borrowers to either default or pay high interest rates.

#325 sherlock-admin4 opened 2 days ago
0
Fit Canvas Squid - `matchProposals` function will revert while a proposal (`borrowRequest/loanOffer`) has less than 10% remaining value.

#324 sherlock-admin3 opened 2 days ago
0
Winning Pistachio Hippo - `auction` function does not check if collateral amount > debt + protocol fee

#323 sherlock-admin2 opened 2 days ago
1
Savory White Panda - while filling accepting offer and order

#322 sherlock-admin4 opened 2 days ago
0
Zealous Peanut Wolf - `whenNotPaused()` modifier not checked during `call()` which creates problem

#321 sherlock-admin3 opened 2 days ago
0
Melodic Mocha Aardvark - Insufficient Collateralization Ratio Check Leading to Potential Undercollateralized Loans

#320 sherlock-admin2 opened 2 days ago
0
Massive Foggy Gorilla - Uninitialized minimumOrderFeeRate Allows Bypassing Minimum Fee Requirement in acceptLoanOfferAndFillOrder Function

#319 sherlock-admin4 opened 2 days ago
0
Main Seaweed Condor - A win win sitaution can be there for attacker as borrower

#318 sherlock-admin2 closed 2 days ago
0
Agreeable Umber Cat - incorrect check in acceptloanofferandfillorder will cause the function to revert when the borrower is buying the last loan

#317 sherlock-admin4 opened 2 days ago
0
Dancing Daffodil Dove - Incorrect Handling of Final and Partial Loan Fulfillment Amounts in `_assertFulfillAmountNotTooLow` Function

#316 sherlock-admin3 opened 2 days ago
0
Delightful Strawberry Armadillo - A lender can lend 0 amount of LOAN_TOKEN to lock borrowOffer 's remaining collatteral amount.

#315 sherlock-admin2 opened 2 days ago
0
Petite Coconut Barracuda - Collateral token and Loan token(USDC) decimals could be different leading to incorrect collateralization ratio checks

#314 sherlock-admin4 opened 2 days ago
0
Crazy Arctic Halibut - Static Collateral Checks in `matchProposals()` Prevent Borrowers from Utilizing Updated/Improved Collateralization Ratios After a Partial Fulfillment

#313 sherlock-admin3 opened 2 days ago
1
Cool Ash Ostrich - Malicious user can front-run refinancing to cause DOS

#312 sherlock-admin2 opened 2 days ago
0
Overt Fossilized Elephant - Borrower Receives Less Than Expected Loan Amount Due to Protocol Fee Deduction

#311 sherlock-admin4 opened 2 days ago
0
Main Seaweed Condor - Improper and outdated check of valid signature for wallet address like Multisig wallet is there.

#310 sherlock-admin3 opened 2 days ago
0
Prehistoric Juniper Swan - Incorrect Implementation of InterestLib::pow causes underestimated Debt calculation

#309 sherlock-admin2 opened 2 days ago
0
Massive Foggy Gorilla - Incorrect Handling of Tokens with Different Decimals Causes Miscalculations in Debt and Interest Calculations

#308 sherlock-admin4 opened 2 days ago
0
Savory White Panda - Denial of Service Attack due to `reverting` if `borrower` has turned off `AutoRefinancing`

#307 sherlock-admin3 opened 2 days ago
0
Custom Rusty Urchin - The protocol can change the minimumOrderFeeRate after a loan offer has been created but before it has been accepted.

#306 sherlock-admin2 opened 2 days ago
0
Petite Coconut Barracuda - The `loan.amount` can be greater than the `collateral.amount` leading to less than 100% collateralization ratio

#305 sherlock-admin4 opened 2 days ago
0
Urban Jetblack Mantaray - Malicious borrower can arbitrage with acceptLoanOfferAndFillOrder()

#304 sherlock-admin3 opened 2 days ago
0
Custom Rusty Urchin - 'hashProposal' function will lead to wrong hash due to a wrong `questionId` type in the abi.encode

#303 sherlock-admin2 opened 2 days ago
0
Agreeable Umber Cat - a malicious user can grief the protocol

#302 sherlock-admin4 opened 2 days ago
0
Prehistoric Fleece Pig - Paused ERC1155 result in the borrower being unable to repay his debt

#301 sherlock-admin3 opened 2 days ago
0
Shallow Purple Ladybug - Incorrect Refund Calculation in Partial Order Fulfillment Scenarios

#300 sherlock-admin2 opened 2 days ago
0
Mammoth Basil Baboon - Discrepency between protocol documentation and code implementation for `matchProposals(...)`

#299 sherlock-admin4 opened 2 days ago
0
Stable Midnight Canary - Protocol highly depends on correct block.timestamp values which is not the case in Arbitrum

#298 sherlock-admin3 opened 2 days ago
0
Blurry Chiffon Seagull - Borrowers Have The Ability To Make Other Party Pay Their Interest Rate Fee

#297 sherlock-admin2 opened 2 days ago
0
Fast Fern Mammoth - Borrower can DoS and cause off-chain system big gas costs due to callback function from ERC1155

#296 sherlock-admin4 opened 2 days ago
0
Modern Chili Pelican - Setting `protocolFeeBasisPoints = 0` will allow the lender to DoS on repaying a matured loan by auctioning the loan

#295 sherlock-admin3 opened 2 days ago
0
Zealous Peanut Wolf - Attacker would never lose money under certain circumstances

#294 sherlock-admin2 opened 2 days ago
0
Huge Glossy Ladybug - Decimal difference between CTF token and Loan token is missimplemented while using USDC or USDB as collateral token

#293 sherlock-admin4 opened 2 days ago
0
Urban Jetblack Mantaray - 1.Malicious borrower can use up loan offers by calling acceptLoanOffersAndFillOrders()

#292 sherlock-admin3 opened 2 days ago
0