Skip to content

Issues: code-423n4/2024-04-gondi-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort

Issues list

AuctionLoanLiquidator#placeBid can be DoS 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue M-11 primary issue Highest quality submission among a set of duplicates 🤖_08_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#37 opened Apr 16, 2024 by c4-bot-9
The attackers front-running repayloans so that the debt cannot be repaid 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-10 primary issue Highest quality submission among a set of duplicates 🤖_35_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#35 opened Apr 16, 2024 by c4-bot-8
Incorrect protocol fee implementation results in outstandingValues to be mis-accounted in Pool.sol 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-11 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#33 opened Apr 16, 2024 by c4-bot-1
addNewTranche() no authorization from borrower 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-12 primary issue Highest quality submission among a set of duplicates 🤖_13_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report
#29 opened Apr 16, 2024 by c4-bot-10
_processOffersFromExecutionData() lack of check executionData.duration<=offer.duration 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-13 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#28 opened Apr 16, 2024 by c4-bot-10
mergeTranches()/refinancePartial() lack of nonReentrant 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-14 primary issue Highest quality submission among a set of duplicates 🤖_14_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#27 opened Apr 16, 2024 by c4-bot-10
_baseLoanChecks() check errors for expire 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-15 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#26 opened Apr 16, 2024 by c4-bot-10
validateOffer() reentry to manipulate exchangeRate 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-16 primary issue Highest quality submission among a set of duplicates 🤖_24_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#24 opened Apr 16, 2024 by c4-bot-10
Pool.getMinTimeBetweenWithdrawalQueues current calculations may not be sufficient 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-12 primary issue Highest quality submission among a set of duplicates 🤖_17_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#23 opened Apr 16, 2024 by c4-bot-6
confirmBaseInterestAllocator() change BaseInterestAllocator may pay large getReallocationBonus 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue M-13 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#22 opened Apr 16, 2024 by c4-bot-7
loanLiquidation() calculation of interest is not accurate 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-14 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#20 opened Apr 16, 2024 by c4-bot-10
confirmUnderwriter() need to recalculate getMinTimeBetweenWithdrawalQueues 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-15 primary issue Highest quality submission among a set of duplicates 🤖_17_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#17 opened Apr 16, 2024 by c4-bot-1
distribute() Use the wrong end time to break maxSeniorRepayment's expectations 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-16 primary issue Highest quality submission among a set of duplicates 🤖_10_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#16 opened Apr 16, 2024 by c4-bot-5
loan.hash() does not contain protocolFee 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue M-17 primary issue Highest quality submission among a set of duplicates 🤖_15_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#15 opened Apr 16, 2024 by c4-bot-3
refinanceFull/addNewTranche reusing a lender's signature leads to unintended behavior 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-17 primary issue Highest quality submission among a set of duplicates 🤖_13_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#13 opened Apr 16, 2024 by c4-bot-5
distribute() when can't repay all lenders, may lack of notification to LoanManager for accounting 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-18 primary issue Highest quality submission among a set of duplicates 🤖_10_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#10 opened Apr 16, 2024 by c4-bot-4
Bidders might lose funds due to possible racing condition between settleWithBuyout and placeBid 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-19 primary issue Highest quality submission among a set of duplicates 🤖_06_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#6 opened Apr 16, 2024 by c4-bot-3
Hardcoded incorrect getLidoData timestamp, resulting in incorrect base point Apr. Loans can be validated with a substantially low baseRate interest 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue M-20 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#3 opened Apr 16, 2024 by c4-bot-2
Agreements & Disclosures
#1 opened Apr 4, 2024 by code4rena-id bot
ProTip! Adding no:label will show everything without a label.