zlsecure3 review_Aark issues

zlsecure3 / review_Aark

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

oracle price can be valid as long as they want

#38 zlsecure3 opened 1 year ago
3
The first depositor of LpManager can have exclusive access to all awards from FuturesManager

#37 zlsecure3 opened 1 year ago
3
centralization issue for the oracle

#36 zlsecure3 opened 1 year ago
3
LpRouter.orderLp has no slippage control

#35 zlsecure3 opened 1 year ago
3
The price will be wrong when the token's USD price feed's decimals != 8

#34 zlsecure3 opened 1 year ago
3
handling of `MarketStatus.FORBIDDEN` is unsound in `FuturesLogic::getDeleverageObject()` function

#33 zlsecure3 opened 1 year ago
3
should assert `maintenanceMarginFraction<initialMarginFraction` in `FuturesManagerStorage::setMarketConfig()` function

#32 zlsecure3 opened 1 year ago
3
`LiquidateCollateralLocalVars.MM` is never used

#31 zlsecure3 opened 1 year ago
3
`globalPendingFundingFee` is never used in `FuturesManager::updateAmplifierAndFundingRates()` function

#30 zlsecure3 opened 1 year ago
3
it could be more readable by factoring out `-1` in `FuturesLogic::_updateUserStatus` function

#29 zlsecure3 opened 1 year ago
3
Malicious user can send 1 wei ETH to bad debt accounts to prevent the account from being subrogated, so that the value of share in InsuranceManager does not drop

#28 zlsecure3 opened 1 year ago
3
decimal of `MAX_LEVERAGE` is treated differently in two different places

#27 zlsecure3 opened 1 year ago
3
observer design is very gas in-efficiency

#26 zlsecure3 opened 1 year ago
3
Incorrect `assetId` and `marketId` Upper Boundary Check

#25 zlsecure3 opened 1 year ago
3
should not return derivable data in `FuturesRouter::getCounter` function

#24 zlsecure3 opened 1 year ago
3
`MAX_VALID_INITIAL_MARGIN_FRACTION` should be 10000 in `MarketConfig` library

#23 zlsecure3 opened 1 year ago
3
`MAX_VALID_FEE_RATE` should be `10000` in `TierConfig::setFeeRate()` function

#22 zlsecure3 opened 1 year ago
3
`MAX_VALID_MAINT_MARGIN_FRACTION/MAX_VALID_LIQUIDATION_BONUS` should be `10000` in `LiquidationConfig` contract

#21 zlsecure3 opened 1 year ago
3
`MAX_VALID_PROTOCOL_REVENUE_RATIO/MAX_VALID_INSURANCE_BONUS` should be 10000 in `ManagerGlobalConfig` contract

#20 zlsecure3 opened 1 year ago
3
`_fee` calculation can be simplified in `LpLogic::updatePaidValue()` function

#19 zlsecure3 opened 1 year ago
3
it's possible that two different tokens assigned the same assetId in `ReserveStorage::setReserveConfig` function

#18 zlsecure3 opened 1 year ago
3
missing require error message for many places

#17 zlsecure3 opened 1 year ago
3
scope of `indexPrice` should be reduced in `CommonManager::_removeCollateral` function

#16 zlsecure3 opened 1 year ago
3
wrong value for `MAX_VALID_ASSET_ID` in `ReserveConfig::setAssetId` function

#15 zlsecure3 opened 1 year ago
3
gas optimization for `UserStatus::setOwnsPosition/setUsingAsCollateral` function

#14 zlsecure3 opened 1 year ago
3
no need to define `SHARE_DECIMAL` for `InsuranceLogic::updateShare` function

#13 zlsecure3 opened 1 year ago
3
`lastDepositTimestamp` is never updated in `InsuranceLogic::updateShare()` function

#12 zlsecure3 opened 1 year ago
3
onlyManager granted too many permissions to `Vault::cumulateProtocolFee` function

#11 zlsecure3 opened 1 year ago
3
missing event for `Observer::setUSD/setWETH/setTierStorage/setReferralStorage` functions

#10 zlsecure3 opened 1 year ago
3
missing update for `liqConfig` in `MarketUpdator::update()` function

#9 zlsecure3 opened 1 year ago
3
could save some gas in `CommonManager::_removeCollateral` function

#8 zlsecure3 opened 1 year ago
3
wrong comment for `sender` in both `LpManager::addCollateral` and `FuturesManager::addCollateral`

#7 zlsecure3 opened 1 year ago
3
should assert `vars.defaultOraclePrice` is not negative in `PriceOracle::_getPriceFeed(uint256 assetId)` function

#6 zlsecure3 opened 1 year ago
3
InsuranceManager, TierStorage, ContractReader missing inheritance

#5 zlsecure3 opened 1 year ago
3
remove unused state variables

#4 zlsecure3 opened 1 year ago
3
state variables that could be declared immutable

#3 zlsecure3 opened 1 year ago
3
code is never used and should be removed

#2 zlsecure3 opened 1 year ago
3
futuresTierConfigs in TierStorage not initialized, But It used in setTierConfigs and getTierConfigs

#1 zlsecure3 opened 1 year ago
3