-
Notifications
You must be signed in to change notification settings - Fork 0
Issues: code-423n4/2024-04-gondi-findings
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
AuctionLoanLiquidator#placeBid can be DoS
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
M-11
primary issue
Highest quality submission among a set of duplicates
🤖_08_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#37
opened Apr 16, 2024 by
c4-bot-9
The attackers front-running Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-10
primary issue
Highest quality submission among a set of duplicates
🤖_35_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
repayloans
so that the debt cannot be repaid
3 (High Risk)
#35
opened Apr 16, 2024 by
c4-bot-8
Incorrect protocol fee implementation results in outstandingValues to be mis-accounted in Pool.sol
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-11
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#33
opened Apr 16, 2024 by
c4-bot-1
addNewTranche() no authorization from borrower
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-12
primary issue
Highest quality submission among a set of duplicates
🤖_13_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
#29
opened Apr 16, 2024 by
c4-bot-10
_processOffersFromExecutionData() lack of check executionData.duration<=offer.duration
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-13
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#28
opened Apr 16, 2024 by
c4-bot-10
mergeTranches()/refinancePartial() lack of nonReentrant
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-14
primary issue
Highest quality submission among a set of duplicates
🤖_14_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#27
opened Apr 16, 2024 by
c4-bot-10
_baseLoanChecks() check errors for expire
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-15
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#26
opened Apr 16, 2024 by
c4-bot-10
validateOffer() reentry to manipulate exchangeRate
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-16
primary issue
Highest quality submission among a set of duplicates
🤖_24_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#24
opened Apr 16, 2024 by
c4-bot-10
Pool.getMinTimeBetweenWithdrawalQueues current calculations may not be sufficient
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-12
primary issue
Highest quality submission among a set of duplicates
🤖_17_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#23
opened Apr 16, 2024 by
c4-bot-6
confirmBaseInterestAllocator() change BaseInterestAllocator may pay large getReallocationBonus
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
M-13
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#22
opened Apr 16, 2024 by
c4-bot-7
loanLiquidation() calculation of interest is not accurate
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-14
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#20
opened Apr 16, 2024 by
c4-bot-10
confirmUnderwriter() need to recalculate getMinTimeBetweenWithdrawalQueues
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-15
primary issue
Highest quality submission among a set of duplicates
🤖_17_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#17
opened Apr 16, 2024 by
c4-bot-1
distribute() Use the wrong end time to break maxSeniorRepayment's expectations
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-16
primary issue
Highest quality submission among a set of duplicates
🤖_10_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#16
opened Apr 16, 2024 by
c4-bot-5
loan.hash() does not contain protocolFee
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
M-17
primary issue
Highest quality submission among a set of duplicates
🤖_15_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#15
opened Apr 16, 2024 by
c4-bot-3
refinanceFull/addNewTranche reusing a lender's signature leads to unintended behavior
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-17
primary issue
Highest quality submission among a set of duplicates
🤖_13_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#13
opened Apr 16, 2024 by
c4-bot-5
distribute() when can't repay all lenders, may lack of notification to LoanManager for accounting
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-18
primary issue
Highest quality submission among a set of duplicates
🤖_10_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#10
opened Apr 16, 2024 by
c4-bot-4
Bidders might lose funds due to possible racing condition between settleWithBuyout and placeBid
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-19
primary issue
Highest quality submission among a set of duplicates
🤖_06_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#6
opened Apr 16, 2024 by
c4-bot-3
Hardcoded incorrect getLidoData timestamp, resulting in incorrect base point Apr. Loans can be validated with a substantially low baseRate interest
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
M-20
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#3
opened Apr 16, 2024 by
c4-bot-2
Previous Next
ProTip!
Adding no:label will show everything without a label.