├── README.md ├── data ├── 0rpse-115.json ├── 0x11singh99-507.json ├── 0x11singh99-514.json ├── 0x11singh99-G.md ├── 0x11singh99-Q.md ├── 0x175-446.json ├── 0x175-448.json ├── 0x175-449.json ├── 0x175-450.json ├── 0xAlix2-122.json ├── 0xAlix2-123.json ├── 0xAlix2-124.json ├── 0xAlix2-172.json ├── 0xAlix2-237.json ├── 0xAlix2-41.json ├── 0xAlix2-42.json ├── 0xAlix2-43.json ├── 0xAlix2-44.json ├── 0xAlix2-45.json ├── 0xAlix2-453.json ├── 0xAlix2-60.json ├── 0xAnah-456.json ├── 0xAnah-G.md ├── 0xBugSlayer-76.json ├── 0xDemon-111.json ├── 0xDemon-112.json ├── 0xDemon-407.json ├── 0xDemon-Q.md ├── 0xGreyWolf-250.json ├── 0xGreyWolf-281.json ├── 0xGreyWolf-293.json ├── 0xGreyWolf-384.json ├── 0xGreyWolf-394.json ├── 0xGreyWolf-Q.md ├── 0xLuckyLuke-380.json ├── 0xLuckyLuke-381.json ├── 0xLuckyLuke-382.json ├── 0xLuckyLuke-Analysis.md ├── 0xLuckyLuke-G.md ├── 0xLuckyLuke-Q.md ├── 0xPhantom-316.json ├── 0xPhantom-338.json ├── 0xPhantom-373.json ├── 0xPhantom-387.json ├── 0xPhantom-405.json ├── 0xblackskull-383.json ├── 0xblackskull-391.json ├── 0xblackskull-395.json ├── 0xblackskull-Q.md ├── 0xbrett8571-241.json ├── 0xbrett8571-242.json ├── 0xbrett8571-243.json ├── 0xbrett8571-244.json ├── 0xbrett8571-245.json ├── 0xbrett8571-Analysis.md ├── 0xepley-504.json ├── 0xepley-Analysis.md ├── 0xhacksmithh-439.json ├── 0xhacksmithh-G.md ├── 0xhashiman-512.json ├── 0xjuan-110.json ├── 0xjuan-141.json ├── 0xjuan-206.json ├── 0xjuan-53.json ├── 0xjuan-54.json ├── 0xjuan-55.json ├── 0xjuan-56.json ├── 0xjuan-67.json ├── 0xk3y-484.json ├── 0xk3y-515.json ├── 0xloscar01-279.json ├── 0xmuxyz-182.json ├── 0xspryon-191.json ├── 0xspryon-192.json ├── 0xspryon-193.json ├── 0xspryon-194.json ├── 0xspryon-195.json ├── 0xspryon-197.json ├── 0xspryon-198.json ├── 0xspryon-199.json ├── 0xspryon-200.json ├── 0xspryon-201.json ├── 14si2o_Flint-340.json ├── 14si2o_Flint-343.json ├── 14si2o_Flint-345.json ├── 14si2o_Flint-346.json ├── 14si2o_Flint-348.json ├── 14si2o_Flint-349.json ├── 14si2o_Flint-350.json ├── 14si2o_Flint-351.json ├── 14si2o_Flint-Analysis.md ├── 14si2o_Flint-Q.md ├── AMOW-317.json ├── AerialRaider-15.json ├── AerialRaider-18.json ├── AerialRaider-19.json ├── AerialRaider-20.json ├── AerialRaider-21.json ├── AerialRaider-26.json ├── AerialRaider-31.json ├── AerialRaider-Analysis.md ├── AerialRaider-Q.md ├── Ali-_-Y-235.json ├── Arabadzhiev-393.json ├── ArsenLupin-299.json ├── Arz-425.json ├── Arz-443.json ├── Arz-466.json ├── AuditorPraise-58.json ├── AuditorPraise-61.json ├── AuditorPraise-62.json ├── AuditorPraise-63.json ├── AuditorPraise-64.json ├── AuditorPraise-70.json ├── AuditorPraise-71.json ├── AuditorPraise-75.json ├── Aymen0909-321.json ├── Aymen0909-323.json ├── Aymen0909-324.json ├── Aymen0909-325.json ├── Aymen0909-326.json ├── Aymen0909-327.json ├── Aymen0909-328.json ├── Aymen0909-334.json ├── Bauchibred-101.json ├── Bauchibred-102.json ├── Bauchibred-107.json ├── Bauchibred-108.json ├── Bauchibred-109.json ├── Bauchibred-119.json ├── Bauchibred-120.json ├── Bauchibred-127.json ├── Bauchibred-128.json ├── Bauchibred-129.json ├── Bauchibred-152.json ├── Bauchibred-154.json ├── Bauchibred-209.json ├── Bauchibred-98.json ├── Bauchibred-99.json ├── Bauchibred-Analysis.md ├── Bauchibred-Q.md ├── Bigsam-285.json ├── Bigsam-302.json ├── BowTiedOriole-420.json ├── BowTiedOriole-423.json ├── BowTiedOriole-444.json ├── BowTiedOriole-452.json ├── CRYP70-363.json ├── CRYP70-364.json ├── CRYP70-366.json ├── CaeraDenoir-445.json ├── CaeraDenoir-465.json ├── CaeraDenoir-499.json ├── DanielArmstrong-113.json ├── DanielArmstrong-359.json ├── DanielArmstrong-78.json ├── DanielArmstrong-79.json ├── DanielArmstrong-80.json ├── En3cyptedDegenExt-156.json ├── FastChecker-396.json ├── FastChecker-398.json ├── FastChecker-399.json ├── FastChecker-400.json ├── FastChecker-403.json ├── FastChecker-404.json ├── Fitro-132.json ├── Giorgio-377.json ├── Giorgio-389.json ├── Giorgio-406.json ├── Giorgio-422.json ├── Giorgio-428.json ├── Giorgio-462.json ├── Giorgio-482.json ├── Giorgio-497.json ├── Giorgio-Q.md ├── Hound-11.json ├── Hound-12.json ├── Hound-13.json ├── Hound-14.json ├── InAllHonesty-161.json ├── InAllHonesty-G.md ├── JCK-516.json ├── JCK-Analysis.md ├── JCN-230.json ├── JCN-231.json ├── JCN-232.json ├── JCN-352.json ├── JcFichtner-224.json ├── JcFichtner-Analysis.md ├── JecikPo-379.json ├── JecikPo-409.json ├── JecikPo-473.json ├── JecikPo-Q.md ├── JohnSmith-413.json ├── JohnSmith-414.json ├── JohnSmith-415.json ├── JohnSmith-416.json ├── JohnSmith-417.json ├── JohnSmith-418.json ├── JohnSmith-419.json ├── K42-266.json ├── K42-Analysis.md ├── KupiaSec-260.json ├── KupiaSec-261.json ├── KupiaSec-262.json ├── KupiaSec-263.json ├── KupiaSec-264.json ├── KupiaSec-265.json ├── Limbooo-249.json ├── MSaptarshi-138.json ├── MSaptarshi-157.json ├── MSaptarshi-186.json ├── MSaptarshi-27.json ├── MSaptarshi-270.json ├── MSaptarshi-273.json ├── MSaptarshi-274.json ├── MSaptarshi-353.json ├── MSaptarshi-39.json ├── MSaptarshi-46.json ├── MSaptarshi-48.json ├── MSaptarshi-82.json ├── MSaptarshi-Q.md ├── MatricksDeCoder-210.json ├── MatricksDeCoder-212.json ├── MatricksDeCoder-Q.md ├── Mike_Bello90-454.json ├── Mike_Bello90-493.json ├── MohammedRizwan-185.json ├── MohammedRizwan-188.json ├── Myd-305.json ├── Myd-306.json ├── Myd-307.json ├── Myd-308.json ├── Myd-Analysis.md ├── Norah-275.json ├── Norah-283.json ├── Norah-286.json ├── Norah-301.json ├── Norah-361.json ├── Norah-401.json ├── Norah-402.json ├── Norah-Q.md ├── Ocean_Sky-267.json ├── Ocean_Sky-290.json ├── Ocean_Sky-411.json ├── Rhaydden-179.json ├── Rhaydden-253.json ├── SAQ-358.json ├── SAQ-509.json ├── SAQ-Analysis.md ├── SAQ-G.md ├── SM3_SS-519.json ├── SM3_SS-G.md ├── SY_S-479.json ├── SY_S-G.md ├── SanketKogekar-171.json ├── SanketKogekar-173.json ├── SanketKogekar-174.json ├── Sathish9098-505.json ├── Sathish9098-Analysis.md ├── Silvermist-203.json ├── Silvermist-233.json ├── Silvermist-341.json ├── SpicyMeatball-238.json ├── SpicyMeatball-247.json ├── SpicyMeatball-342.json ├── Tigerfrake-103.json ├── Tigerfrake-126.json ├── Tigerfrake-131.json ├── Tigerfrake-155.json ├── Tigerfrake-163.json ├── Tigerfrake-176.json ├── Tigerfrake-177.json ├── Tigerfrake-190.json ├── Tigerfrake-196.json ├── Tigerfrake-295.json ├── Tigerfrake-397.json ├── Tigerfrake-91.json ├── Tigerfrake-92.json ├── Timenov-118.json ├── Timenov-72.json ├── Timenov-74.json ├── Timenov-77.json ├── Timenov-Q.md ├── Topmark-104.json ├── Topmark-105.json ├── Topmark-106.json ├── Topmark-81.json ├── Topmark-85.json ├── Topmark-86.json ├── Topmark-87.json ├── Topmark-88.json ├── Topmark-93.json ├── Topmark-94.json ├── Topmark-96.json ├── Topmark-97.json ├── Topmark-Q.md ├── VAD37-368.json ├── VAD37-369.json ├── VAD37-371.json ├── VAD37-372.json ├── VAD37-436.json ├── VAD37-492.json ├── adeolu-117.json ├── adeolu-121.json ├── adeolu-168.json ├── adeolu-357.json ├── aitor-204.json ├── albahaca-477.json ├── albahaca-510.json ├── albahaca-Analysis.md ├── albahaca-G.md ├── alexander_orjustalex-276.json ├── alexander_orjustalex-296.json ├── alexander_orjustalex-297.json ├── alix40-408.json ├── alix40-412.json ├── alix40-435.json ├── alix40-488.json ├── alix40-49.json ├── alphacipher-483.json ├── alphacipher-485.json ├── alphacipher-487.json ├── alphacipher-491.json ├── atoko-289.json ├── atoko-294.json ├── atoko-304.json ├── atoko-312.json ├── atoko-320.json ├── atoko-344.json ├── ayden-23.json ├── ayden-25.json ├── b0g0-175.json ├── b0g0-187.json ├── b0g0-189.json ├── b0g0-214.json ├── b0g0-278.json ├── b0g0-298.json ├── b0g0-309.json ├── bareli-480.json ├── bareli-489.json ├── bareli-506.json ├── befree3x-251.json ├── befree3x-252.json ├── befree3x-Q.md ├── boredpukar-68.json ├── boredpukar-73.json ├── browep-178.json ├── browep-Q.md ├── btk-254.json ├── btk-258.json ├── btk-374.json ├── btk-385.json ├── callamus-472.json ├── callamus-G.md ├── catwhiskeys-207.json ├── catwhiskeys-208.json ├── cheatc0d3-458.json ├── cheatc0d3-464.json ├── cheatc0d3-469.json ├── cheatc0d3-503.json ├── cheatc0d3-518.json ├── cheatc0d3-Analysis.md ├── clara-441.json ├── clara-Analysis.md ├── crypticdefense-181.json ├── crypticdefense-183.json ├── crypticdefense-246.json ├── crypticdefense-248.json ├── crypticdefense-255.json ├── crypticdefense-257.json ├── crypticdefense-269.json ├── crypticdefense-272.json ├── cryptothemex-288.json ├── cryptothemex-291.json ├── cryptothemex-292.json ├── cryptothemex-322.json ├── cryptothemex-331.json ├── cryptothemex-339.json ├── cryptothemex-G.md ├── cryptothemex-Q.md ├── cryptphi-256.json ├── cryptphi-447.json ├── cryptphi-470.json ├── cryptphi-496.json ├── cryptphi-501.json ├── cryptphi-513.json ├── cryptphi-520.json ├── deepplus-277.json ├── deepplus-280.json ├── dharma09-508.json ├── dharma09-G.md ├── eeshenggoh-116.json ├── emerald7017-311.json ├── emerald7017-313.json ├── emerald7017-314.json ├── emerald7017-315.json ├── emerald7017-Analysis.md ├── erosjohn-218.json ├── erosjohn-226.json ├── falconhoof-455.json ├── falconhoof-457.json ├── falconhoof-459.json ├── falconhoof-460.json ├── falconhoof-461.json ├── falconhoof-467.json ├── fouzantanveer-437.json ├── fouzantanveer-Analysis.md ├── givn-330.json ├── givn-335.json ├── givn-337.json ├── grearlake-410.json ├── grearlake-421.json ├── grearlake-440.json ├── grearlake-451.json ├── grearlake-463.json ├── grearlake-490.json ├── grearlake-498.json ├── grearlake-511.json ├── hassan-truscova-240.json ├── hassan-truscova-360.json ├── hassan-truscova-370.json ├── hassan-truscova-386.json ├── havewemeetbefore-310.json ├── hexbyte-7.json ├── hunter_w3b-442.json ├── hunter_w3b-468.json ├── hunter_w3b-474.json ├── hunter_w3b-478.json ├── hunter_w3b-481.json ├── hunter_w3b-Analysis.md ├── hunter_w3b-Q.md ├── iamandreiski-114.json ├── iamandreiski-158.json ├── iamandreiski-160.json ├── iamandreiski-166.json ├── invitedtea-495.json ├── invitedtea-Analysis.md ├── jesusrod15-162.json ├── jnforja-229.json ├── jnforja-259.json ├── jnforja-375.json ├── kaveyjoe-167.json ├── kaveyjoe-Analysis.md ├── kennedy1030-205.json ├── kennedy1030-215.json ├── kennedy1030-216.json ├── kennedy1030-217.json ├── kennedy1030-219.json ├── kennedy1030-220.json ├── kennedy1030-221.json ├── kfx-211.json ├── kfx-213.json ├── kfx-222.json ├── kfx-223.json ├── kfx-300.json ├── kfx-356.json ├── kinda_very_good-476.json ├── kinda_very_good-500.json ├── kinda_very_good-502.json ├── kinda_very_good-Q.md ├── kodyvim-169.json ├── kodyvim-170.json ├── ktg-184.json ├── ktg-202.json ├── ktg-271.json ├── ktg-303.json ├── ktg-318.json ├── ktg-365.json ├── ktg-Q.md ├── lanrebayode77-125.json ├── lanrebayode77-130.json ├── lanrebayode77-133.json ├── lanrebayode77-134.json ├── lanrebayode77-137.json ├── lanrebayode77-139.json ├── lanrebayode77-140.json ├── lightoasis-16.json ├── lightoasis-28.json ├── lightoasis-32.json ├── lightoasis-33.json ├── lightoasis-34.json ├── lightoasis-38.json ├── lightoasis-40.json ├── lightoasis-50.json ├── lightoasis-52.json ├── lightoasis-Q.md ├── linmiaomiao-475.json ├── linmiaomiao-494.json ├── lrivo-159.json ├── lrivo-Q.md ├── maxim371-136.json ├── maxim371-37.json ├── maxim371-47.json ├── maxim371-65.json ├── maxim371-66.json ├── n1punp-3.json ├── nmirchev8-30.json ├── nmirchev8-51.json ├── nmirchev8-57.json ├── nmirchev8-59.json ├── nnez-36.json ├── novamanbg-29.json ├── novamanbg-35.json ├── novamanbg-8.json ├── paul4912-268.json ├── paul4912-Analysis.md ├── popeye-153.json ├── popeye-Analysis.md ├── pynschon-239.json ├── ravikiranweb3-5.json ├── ravikiranweb3-6.json ├── roguereggiant-69.json ├── roguereggiant-Analysis.md ├── santiellena-388.json ├── santiellena-390.json ├── santiellena-392.json ├── shaka-329.json ├── shaka-332.json ├── shaka-333.json ├── shaka-336.json ├── shamsulhaq123-438.json ├── shamsulhaq123-G.md ├── sil3th-164.json ├── sil3th-165.json ├── sil3th-282.json ├── sil3th-284.json ├── sil3th-287.json ├── sil3th-Q.md ├── slvDev-83.json ├── slvDev-84.json ├── slvDev-G.md ├── slvDev-Q.md ├── stackachu-378.json ├── stonejiajia-100.json ├── stonejiajia-95.json ├── sumitchauhan-354.json ├── sumitchauhan-Analysis.md ├── t4sk-10.json ├── t4sk-135.json ├── t4sk-180.json ├── t4sk-22.json ├── t4sk-24.json ├── t4sk-4.json ├── t4sk-9.json ├── t4sk-90.json ├── t4sk-Q.md ├── th3l1ghtd3m0n-234.json ├── th3l1ghtd3m0n-236.json ├── th3l1ghtd3m0n-89.json ├── thank_you-424.json ├── thank_you-426.json ├── thank_you-427.json ├── thank_you-429.json ├── thank_you-430.json ├── thank_you-431.json ├── thank_you-432.json ├── thank_you-433.json ├── thank_you-434.json ├── thank_you-471.json ├── tpiliposian-17.json ├── tpiliposian-2.json ├── wangxx2026-319.json ├── wangxx2026-347.json ├── wangxx2026-367.json ├── web3Tycoon-225.json ├── web3Tycoon-227.json ├── web3Tycoon-228.json ├── web3Tycoon-376.json ├── web3Tycoon-Q.md ├── y0ng0p3-142.json ├── y0ng0p3-143.json ├── y0ng0p3-144.json ├── y0ng0p3-145.json ├── y0ng0p3-146.json ├── y0ng0p3-147.json ├── y0ng0p3-148.json ├── y0ng0p3-149.json ├── y0ng0p3-150.json ├── y0ng0p3-151.json ├── yongskiws-517.json ├── yongskiws-Analysis.md ├── zaevlad-355.json ├── zaevlad-362.json └── zxriptor-486.json └── report.md /data/0rpse-115.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0rpse", 4 | "risk": "3", 5 | "title": "Liquidations can be blocked by rejecting position NFT", 6 | "issueId": 115, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/115" 8 | } -------------------------------------------------------------------------------- /data/0x11singh99-507.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0x11singh99", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 507, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/507" 8 | } -------------------------------------------------------------------------------- /data/0x11singh99-514.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0x11singh99", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 514, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/514" 8 | } -------------------------------------------------------------------------------- /data/0x175-446.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0x175", 4 | "risk": "3", 5 | "title": "Collateral value can be manipulated due to missing circuit breaker checks", 6 | "issueId": 446, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/446" 8 | } -------------------------------------------------------------------------------- /data/0x175-448.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0x175", 4 | "risk": "3", 5 | "title": "An attacker can cause a DoS when a user repays their loan", 6 | "issueId": 448, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/448" 8 | } -------------------------------------------------------------------------------- /data/0x175-449.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0x175", 4 | "risk": "2", 5 | "title": "Settling a loan in full when deleveraging always reverts", 6 | "issueId": 449, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/449" 8 | } -------------------------------------------------------------------------------- /data/0x175-450.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0x175", 4 | "risk": "3", 5 | "title": "An attacker can cause a permanent DOS when being liquidated", 6 | "issueId": 450, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/450" 8 | } -------------------------------------------------------------------------------- /data/0xAlix2-122.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xAlix2", 4 | "risk": "2", 5 | "title": "Code different than docs", 6 | "issueId": 122, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/122" 8 | } -------------------------------------------------------------------------------- /data/0xAlix2-123.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xAlix2", 4 | "risk": "2", 5 | "title": "Using slot0 to get prices in uniswap", 6 | "issueId": 123, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/123" 8 | } -------------------------------------------------------------------------------- /data/0xAlix2-124.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xAlix2", 4 | "risk": "2", 5 | "title": "Malicous user can front-run the execute function in Autorange causing user transfrom call to always fail", 6 | "issueId": 124, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/124" 8 | } -------------------------------------------------------------------------------- /data/0xAlix2-172.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xAlix2", 4 | "risk": "2", 5 | "title": "`LeverageTransformer::leverageDown` will always on full repayment", 6 | "issueId": 172, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/172" 8 | } -------------------------------------------------------------------------------- /data/0xAlix2-237.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xAlix2", 4 | "risk": "3", 5 | "title": "Loan can never be liquidated if the token owner is a contract that always revert on `onERC721Received`", 6 | "issueId": 237, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/237" 8 | } -------------------------------------------------------------------------------- /data/0xAlix2-41.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xAlix2", 4 | "risk": "3", 5 | "title": "Abscence of available balance check in `V3Vault::borrow`, allowing users to borrow protocol reserves", 6 | "issueId": 41, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/41" 8 | } -------------------------------------------------------------------------------- /data/0xAlix2-42.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xAlix2", 4 | "risk": "3", 5 | "title": "Loan is not liquidatable if a token of the position's pair was un-whitelisted", 6 | "issueId": 42, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/42" 8 | } -------------------------------------------------------------------------------- /data/0xAlix2-43.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xAlix2", 4 | "risk": "3", 5 | "title": "Not decreasing `dailyDebtIncreaseLimitLeft` when user is liquidated causing no one to be able to borrow even if it is allowed ", 6 | "issueId": 43, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/43" 8 | } -------------------------------------------------------------------------------- /data/0xAlix2-44.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xAlix2", 4 | "risk": "2", 5 | "title": "Transformers approvals is not being cleared on loan settlement", 6 | "issueId": 44, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/44" 8 | } -------------------------------------------------------------------------------- /data/0xAlix2-45.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xAlix2", 4 | "risk": "2", 5 | "title": "Users can DoS anyone trying to liquidate him/her", 6 | "issueId": 45, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/45" 8 | } -------------------------------------------------------------------------------- /data/0xAlix2-453.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xAlix2", 4 | "risk": "2", 5 | "title": "NFT can get stuck forever, if `create` was called and the vault was passed as the receiver", 6 | "issueId": 453, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/453" 8 | } -------------------------------------------------------------------------------- /data/0xAlix2-60.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xAlix2", 4 | "risk": "2", 5 | "title": "Auto-compound will always revert if user has fees in one token", 6 | "issueId": 60, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/60" 8 | } -------------------------------------------------------------------------------- /data/0xAnah-456.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xAnah", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 456, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/456" 8 | } -------------------------------------------------------------------------------- /data/0xBugSlayer-76.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xBugSlayer", 4 | "risk": "3", 5 | "title": "[H-1] - User can easily create a position, that can't be liquidated ", 6 | "issueId": 76, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/76" 8 | } -------------------------------------------------------------------------------- /data/0xDemon-111.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xDemon", 4 | "risk": "2", 5 | "title": "The ERC-4626 standard is not followed correctly", 6 | "issueId": 111, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/111" 8 | } -------------------------------------------------------------------------------- /data/0xDemon-112.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xDemon", 4 | "risk": "2", 5 | "title": "V3Vault.mint() and V3Vault.repay() with permitData can be DoS", 6 | "issueId": 112, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/112" 8 | } -------------------------------------------------------------------------------- /data/0xDemon-407.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xDemon", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 407, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/407" 8 | } -------------------------------------------------------------------------------- /data/0xGreyWolf-250.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xGreyWolf", 4 | "risk": "3", 5 | "title": "The `onlyOwner` can drain up to 99% of the reserves via `V3Vault::withdrawReserves`", 6 | "issueId": 250, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/250" 8 | } -------------------------------------------------------------------------------- /data/0xGreyWolf-281.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xGreyWolf", 4 | "risk": "2", 5 | "title": "`V3Vault` lacks slippage protection on functions `deposit()`, `mint()`, `withdraw()` and `redeem()` ", 6 | "issueId": 281, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/281" 8 | } -------------------------------------------------------------------------------- /data/0xGreyWolf-293.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xGreyWolf", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 293, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/293" 8 | } -------------------------------------------------------------------------------- /data/0xGreyWolf-384.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xGreyWolf", 4 | "risk": "3", 5 | "title": "In `V3Vault::liquidate`, the borrower can liquidate his/her own debt position ", 6 | "issueId": 384, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/384" 8 | } -------------------------------------------------------------------------------- /data/0xGreyWolf-394.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xGreyWolf", 4 | "risk": "3", 5 | "title": "There is no `Safety Mechanism Activation` implemented that will emergency `pause` when two price feeds exceed threshold ", 6 | "issueId": 394, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/394" 8 | } -------------------------------------------------------------------------------- /data/0xGreyWolf-Q.md: -------------------------------------------------------------------------------- 1 | # Custom errors and revert statement was only introduced in Solidity version 0.8.4 but contracts use ^0.8.0 2 | 3 | ## Description 4 | The `revert-error` pattern cannot be implemented until the introduction of custom error and revert statements in Solidity version `0.8.4`. These contracts will not compile in Solidity versions 0.8.0, 0.8.1, 0.8.2, and 0.8.3. 5 | 6 | Here's an example of `revert-error` pattern. 7 | ```solidity 8 | if(msg.sender != owner) revert Unauthorized; 9 | ``` 10 | Reference: https://soliditylang.org/blog/2021/04/21/solidity-0.8.4-release-announcement/ 11 | 12 | ## Mitigation 13 | Fixate to a newer version of not older than 0.8.4 but be mindful of the newer versions' issues as well. -------------------------------------------------------------------------------- /data/0xLuckyLuke-380.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xLuckyLuke", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 380, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/380" 8 | } -------------------------------------------------------------------------------- /data/0xLuckyLuke-381.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xLuckyLuke", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 381, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/381" 8 | } -------------------------------------------------------------------------------- /data/0xLuckyLuke-382.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xLuckyLuke", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 382, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/382" 8 | } -------------------------------------------------------------------------------- /data/0xPhantom-316.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xPhantom", 4 | "risk": "2", 5 | "title": "A user can deposit and get no shares ", 6 | "issueId": 316, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/316" 8 | } -------------------------------------------------------------------------------- /data/0xPhantom-338.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xPhantom", 4 | "risk": "3", 5 | "title": "A borrower can use the liquidity of the vault without paying any fees if he repay in the same block", 6 | "issueId": 338, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/338" 8 | } -------------------------------------------------------------------------------- /data/0xPhantom-373.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xPhantom", 4 | "risk": "2", 5 | "title": "A user can lost his created position if another user repay 0.", 6 | "issueId": 373, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/373" 8 | } -------------------------------------------------------------------------------- /data/0xPhantom-387.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xPhantom", 4 | "risk": "3", 5 | "title": "The lender can not have all the fees of the borrowers", 6 | "issueId": 387, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/387" 8 | } -------------------------------------------------------------------------------- /data/0xPhantom-405.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xPhantom", 4 | "risk": "2", 5 | "title": "I user can repay and his debt didn't decrease", 6 | "issueId": 405, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/405" 8 | } -------------------------------------------------------------------------------- /data/0xblackskull-383.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xblackskull", 4 | "risk": "3", 5 | "title": "Usage of `slot0` is extremely easy to manipulate", 6 | "issueId": 383, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/383" 8 | } -------------------------------------------------------------------------------- /data/0xblackskull-391.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xblackskull", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 391, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/391" 8 | } -------------------------------------------------------------------------------- /data/0xblackskull-395.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xblackskull", 4 | "risk": "3", 5 | "title": "Usage of `slot0` is extremely easy to manipulate", 6 | "issueId": 395, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/395" 8 | } -------------------------------------------------------------------------------- /data/0xbrett8571-241.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xbrett8571", 4 | "risk": "2", 5 | "title": "`execute()` function in the `AutoCompound` contract is vulnerable to reentrancy, potentially allowing an attacker to drain unclaimed fees from other positions.", 6 | "issueId": 241, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/241" 8 | } -------------------------------------------------------------------------------- /data/0xbrett8571-242.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xbrett8571", 4 | "risk": "2", 5 | "title": "`createWithPermit()` function in the `V3Vault` contract is vulnerable to signature replay attacks, allowing an attacker to potentially steal a user's collateral deposit.", 6 | "issueId": 242, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/242" 8 | } -------------------------------------------------------------------------------- /data/0xbrett8571-243.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xbrett8571", 4 | "risk": "2", 5 | "title": "`configToken()` function in the `AutoRange` contract has insufficient access control, potentially allowing unauthorized entities to manipulate the range and pricing of Uniswap V3 LP positions.", 6 | "issueId": 243, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/243" 8 | } -------------------------------------------------------------------------------- /data/0xbrett8571-244.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xbrett8571", 4 | "risk": "2", 5 | "title": "`_routerSwap()` function in the `Swapper` contract allows users to execute arbitrary call data on approved external swap routers, potentially leading to fund theft if the routers have vulnerabilities or are compromised.", 6 | "issueId": 244, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/244" 8 | } -------------------------------------------------------------------------------- /data/0xbrett8571-245.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xbrett8571", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 245, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/245" 8 | } -------------------------------------------------------------------------------- /data/0xepley-504.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xepley", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 504, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/504" 8 | } -------------------------------------------------------------------------------- /data/0xhacksmithh-439.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xhacksmithh", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 439, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/439" 8 | } -------------------------------------------------------------------------------- /data/0xhashiman-512.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xhashiman", 4 | "risk": "2", 5 | "title": "Hardcoded slippage value", 6 | "issueId": 512, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/512" 8 | } -------------------------------------------------------------------------------- /data/0xjuan-110.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xjuan", 4 | "risk": "2", 5 | "title": "AutoRange execution can be front-ran to avoid protocol fee, causing loss for protocol", 6 | "issueId": 110, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/110" 8 | } -------------------------------------------------------------------------------- /data/0xjuan-141.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xjuan", 4 | "risk": "3", 5 | "title": "V3Utils.execute() does not have caller validation, leading to stolen NFT positions from users", 6 | "issueId": 141, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/141" 8 | } -------------------------------------------------------------------------------- /data/0xjuan-206.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xjuan", 4 | "risk": "2", 5 | "title": "Incorrect value of state.newLendExchangeRateX96 is used within `V3Vault::liquidate()`", 6 | "issueId": 206, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/206" 8 | } -------------------------------------------------------------------------------- /data/0xjuan-53.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xjuan", 4 | "risk": "3", 5 | "title": "Incorrect liquidation fee calculation during underwater liquidation, disincentivizing liquidators to participate", 6 | "issueId": 53, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/53" 8 | } -------------------------------------------------------------------------------- /data/0xjuan-54.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xjuan", 4 | "risk": "3", 5 | "title": "Owner of a position can prevent liquidation due to the 'onERC721Received' callback", 6 | "issueId": 54, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/54" 8 | } -------------------------------------------------------------------------------- /data/0xjuan-55.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xjuan", 4 | "risk": "3", 5 | "title": "Weak user validation in AutoExit::configToken allows anyone to change config of anyone's token", 6 | "issueId": 55, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/55" 8 | } -------------------------------------------------------------------------------- /data/0xjuan-56.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xjuan", 4 | "risk": "2", 5 | "title": "Malicious user can prevent liquidation via front-running and repaying 1 wei worth, causing `debtShares` check to revert", 6 | "issueId": 56, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/56" 8 | } -------------------------------------------------------------------------------- /data/0xjuan-67.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xjuan", 4 | "risk": "3", 5 | "title": "Auto Exit execution transfers leftover tokens to the Vault instead of the user, causing fund loss", 6 | "issueId": 67, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/67" 8 | } -------------------------------------------------------------------------------- /data/0xk3y-484.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xk3y", 4 | "risk": "2", 5 | "title": "No check for active Sequencer in V3Oracle.sol", 6 | "issueId": 484, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/484" 8 | } -------------------------------------------------------------------------------- /data/0xk3y-515.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xk3y", 4 | "risk": "2", 5 | "title": "Dangerous use of deadline parameter in AutoCompound.sol", 6 | "issueId": 515, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/515" 8 | } -------------------------------------------------------------------------------- /data/0xloscar01-279.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xloscar01", 4 | "risk": "3", 5 | "title": "`V3Vault::liquidate` users can avoid liquidation by rejecting ERC721 transfers", 6 | "issueId": 279, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/279" 8 | } -------------------------------------------------------------------------------- /data/0xmuxyz-182.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xmuxyz", 4 | "risk": "2", 5 | "title": "A malicious actor can DOS that subsequent lenders deposit their asset to be lent", 6 | "issueId": 182, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/182" 8 | } -------------------------------------------------------------------------------- /data/0xspryon-191.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xspryon", 4 | "risk": "3", 5 | "title": "V3Oracle::_getReferencePoolPriceX96() is susceptible to flashloan exploits", 6 | "issueId": 191, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/191" 8 | } -------------------------------------------------------------------------------- /data/0xspryon-192.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xspryon", 4 | "risk": "3", 5 | "title": "Lack of slippage protection in V3Vault::_deposit() and V3Vault::_withdraw()", 6 | "issueId": 192, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/192" 8 | } -------------------------------------------------------------------------------- /data/0xspryon-193.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xspryon", 4 | "risk": "2", 5 | "title": "Unhandled Chainlink revert allows oracle DoS", 6 | "issueId": 193, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/193" 8 | } -------------------------------------------------------------------------------- /data/0xspryon-194.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xspryon", 4 | "risk": "2", 5 | "title": "V3Vault::deposit(), V3Vault::withdraw(), V3Vault::mint() and V3Vault::redeem() do not check for the maximums values", 6 | "issueId": 194, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/194" 8 | } -------------------------------------------------------------------------------- /data/0xspryon-195.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xspryon", 4 | "risk": "2", 5 | "title": "Lack of an effective emergency system", 6 | "issueId": 195, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/195" 8 | } -------------------------------------------------------------------------------- /data/0xspryon-197.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xspryon", 4 | "risk": "2", 5 | "title": "Dangerous use of deadline parameter", 6 | "issueId": 197, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/197" 8 | } -------------------------------------------------------------------------------- /data/0xspryon-198.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xspryon", 4 | "risk": "2", 5 | "title": "Calls to nonfungiblePositionManager.increaseLiquidity, nonfungiblePositionManager.decreaseLiquidity and nonfungiblePositionManager.mint are missing slippage protection in AutoCompound, V3Vault and AutoRange contracts", 6 | "issueId": 198, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/198" 8 | } -------------------------------------------------------------------------------- /data/0xspryon-199.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xspryon", 4 | "risk": "2", 5 | "title": "Reading price for assets on the forex markets outside the forex market hours", 6 | "issueId": 199, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/199" 8 | } -------------------------------------------------------------------------------- /data/0xspryon-200.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xspryon", 4 | "risk": "2", 5 | "title": "The deposit - withdraw - trade transaction lack of expiration timestamp check", 6 | "issueId": 200, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/200" 8 | } -------------------------------------------------------------------------------- /data/0xspryon-201.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "0xspryon", 4 | "risk": "2", 5 | "title": "previewRedeem and redeem functions deviate from the ERC4626 specification", 6 | "issueId": 201, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/201" 8 | } -------------------------------------------------------------------------------- /data/14si2o_Flint-340.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "14si2o_Flint", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 340, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/340" 8 | } -------------------------------------------------------------------------------- /data/14si2o_Flint-343.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "14si2o_Flint", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 343, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/343" 8 | } -------------------------------------------------------------------------------- /data/14si2o_Flint-345.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "14si2o_Flint", 4 | "risk": "3", 5 | "title": "Inflation attack due to the absence of dead shares and the reliance on balanceOf", 6 | "issueId": 345, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/345" 8 | } -------------------------------------------------------------------------------- /data/14si2o_Flint-346.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "14si2o_Flint", 4 | "risk": "3", 5 | "title": "Liquidation only transfers fees to liquidator, while part or all of the decreased liquidity is transferred back to the defaulting owner.", 6 | "issueId": 346, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/346" 8 | } -------------------------------------------------------------------------------- /data/14si2o_Flint-348.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "14si2o_Flint", 4 | "risk": "2", 5 | "title": " Use of slot0 to get sqrtPriceX96 in several places in the protocol, allowing for some situations that are vulnerable to price manipulation.", 6 | "issueId": 348, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/348" 8 | } -------------------------------------------------------------------------------- /data/14si2o_Flint-349.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "14si2o_Flint", 4 | "risk": "2", 5 | "title": " Incorrect implementation of ERC4626 standard. ", 6 | "issueId": 349, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/349" 8 | } -------------------------------------------------------------------------------- /data/14si2o_Flint-350.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "14si2o_Flint", 4 | "risk": "2", 5 | "title": "No slippage protection for AutoCompound::execute::increaseLiquidity. ", 6 | "issueId": 350, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/350" 8 | } -------------------------------------------------------------------------------- /data/14si2o_Flint-351.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "14si2o_Flint", 4 | "risk": "2", 5 | "title": " Incomplete price validation Chainlink", 6 | "issueId": 351, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/351" 8 | } -------------------------------------------------------------------------------- /data/AMOW-317.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "AMOW", 4 | "risk": "2", 5 | "title": "Users can avoid being liquidated by repaying 1 wei ", 6 | "issueId": 317, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/317" 8 | } -------------------------------------------------------------------------------- /data/AerialRaider-15.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "AerialRaider", 4 | "risk": "2", 5 | "title": "\"Call Without Gas Budget\" in the transform function in the V3Vault contract", 6 | "issueId": 15, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/15" 8 | } -------------------------------------------------------------------------------- /data/AerialRaider-18.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "AerialRaider", 4 | "risk": "2", 5 | "title": "Potential for a division by zero in _requireMaxDifference function in the V3Oracle contract", 6 | "issueId": 18, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/18" 8 | } -------------------------------------------------------------------------------- /data/AerialRaider-19.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "AerialRaider", 4 | "risk": "2", 5 | "title": "\"Calls Without Gas Budget\" vulnerabilities in the withdrawETH and the _transferToken functions in the Automator contract ", 6 | "issueId": 19, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/19" 8 | } -------------------------------------------------------------------------------- /data/AerialRaider-20.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "AerialRaider", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 20, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/20" 8 | } -------------------------------------------------------------------------------- /data/AerialRaider-21.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "AerialRaider", 4 | "risk": "2", 5 | "title": "\"Call Without Gas Budget\" in the _transferToken function at line 867 of the V3Utils contract ", 6 | "issueId": 21, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/21" 8 | } -------------------------------------------------------------------------------- /data/AerialRaider-26.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "AerialRaider", 4 | "risk": "2", 5 | "title": "Enhance the security of the FlashloanLiquidator contract and ensure that the uniswapV3FlashCallback function can only be called by the expected Uniswap V3 pool addresses", 6 | "issueId": 26, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/26" 8 | } -------------------------------------------------------------------------------- /data/AerialRaider-31.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "AerialRaider", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 31, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/31" 8 | } -------------------------------------------------------------------------------- /data/Ali-_-Y-235.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Ali-_-Y", 4 | "risk": "3", 5 | "title": "Prevent Liquidation", 6 | "issueId": 235, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/235" 8 | } -------------------------------------------------------------------------------- /data/Arabadzhiev-393.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Arabadzhiev", 4 | "risk": "2", 5 | "title": "Some contracts that implement the `uniswapV3SwapCallback` can be drained using address collision", 6 | "issueId": 393, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/393" 8 | } -------------------------------------------------------------------------------- /data/ArsenLupin-299.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "ArsenLupin", 4 | "risk": "3", 5 | "title": "Attacker can mint shares using arbitrary token, because the permitTransferFrom doesn't check the assets", 6 | "issueId": 299, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/299" 8 | } -------------------------------------------------------------------------------- /data/Arz-425.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Arz", 4 | "risk": "2", 5 | "title": "The daily debt and lend limit are set to 110% instead of 10%", 6 | "issueId": 425, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/425" 8 | } -------------------------------------------------------------------------------- /data/Arz-443.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Arz", 4 | "risk": "3", 5 | "title": "An attacker can create a non liquidatable position by making onERC721Received() revert", 6 | "issueId": 443, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/443" 8 | } -------------------------------------------------------------------------------- /data/Arz-466.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Arz", 4 | "risk": "2", 5 | "title": "An attacker can easily bypass the collateral value limit factor checks", 6 | "issueId": 466, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/466" 8 | } -------------------------------------------------------------------------------- /data/AuditorPraise-58.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "AuditorPraise", 4 | "risk": "3", 5 | "title": "Malicious user can borrow with Uniswap V3 LP position NFTs that has very little or no liquidity as collateral", 6 | "issueId": 58, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/58" 8 | } -------------------------------------------------------------------------------- /data/AuditorPraise-61.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "AuditorPraise", 4 | "risk": "3", 5 | "title": "`_requireLoanIsHealthy` is almost useless as it doesn't check the liquidity of the tokenId", 6 | "issueId": 61, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/61" 8 | } -------------------------------------------------------------------------------- /data/AuditorPraise-62.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "AuditorPraise", 4 | "risk": "3", 5 | "title": "`collateralFactorX32` which is the value of a token as collateral is a static value this can hinder liquidations in certain scenarios", 6 | "issueId": 62, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/62" 8 | } -------------------------------------------------------------------------------- /data/AuditorPraise-63.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "AuditorPraise", 4 | "risk": "3", 5 | "title": "`V3Vault.deposit()` may always revert DailyLendIncreaseLimit() ", 6 | "issueId": 63, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/63" 8 | } -------------------------------------------------------------------------------- /data/AuditorPraise-64.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "AuditorPraise", 4 | "risk": "2", 5 | "title": "Owner using `V3Vault.withdrawReserves()` could drain the balance of `Asset` in some scenarios halting borrows ", 6 | "issueId": 64, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/64" 8 | } -------------------------------------------------------------------------------- /data/AuditorPraise-70.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "AuditorPraise", 4 | "risk": "3", 5 | "title": "In transform mode, new position sent isn't checked to ensure it has liquidity", 6 | "issueId": 70, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/70" 8 | } -------------------------------------------------------------------------------- /data/AuditorPraise-71.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "AuditorPraise", 4 | "risk": "3", 5 | "title": "AutoCompound.execute() will always revert [DoS]", 6 | "issueId": 71, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/71" 8 | } -------------------------------------------------------------------------------- /data/AuditorPraise-75.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "AuditorPraise", 4 | "risk": "3", 5 | "title": "AutoRange.execute() will always revert", 6 | "issueId": 75, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/75" 8 | } -------------------------------------------------------------------------------- /data/Aymen0909-321.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Aymen0909", 4 | "risk": "2", 5 | "title": "Wrong calculation of the daily lend & debt limits in `_resetDailyLendIncreaseLimit` and `_resetDailyDebtIncreaseLimit`", 6 | "issueId": 321, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/321" 8 | } -------------------------------------------------------------------------------- /data/Aymen0909-323.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Aymen0909", 4 | "risk": "3", 5 | "title": "Risk of reentrancy `onERC721Received` function to manipulate collateral token configs shares", 6 | "issueId": 323, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/323" 8 | } -------------------------------------------------------------------------------- /data/Aymen0909-324.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Aymen0909", 4 | "risk": "2", 5 | "title": "Wrong global lending limit check in `_deposit` function", 6 | "issueId": 324, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/324" 8 | } -------------------------------------------------------------------------------- /data/Aymen0909-325.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Aymen0909", 4 | "risk": "2", 5 | "title": "`liquidate` function forgets to increase the daily debt limit `dailyDebtIncreaseLimitLeft`", 6 | "issueId": 325, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/325" 8 | } -------------------------------------------------------------------------------- /data/Aymen0909-326.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Aymen0909", 4 | "risk": "3", 5 | "title": "Borrowers can avoid liquidation by repaying small amounts", 6 | "issueId": 326, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/326" 8 | } -------------------------------------------------------------------------------- /data/Aymen0909-327.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Aymen0909", 4 | "risk": "3", 5 | "title": "Users can drain protocol reserves using `borrow` function", 6 | "issueId": 327, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/327" 8 | } -------------------------------------------------------------------------------- /data/Aymen0909-328.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Aymen0909", 4 | "risk": "2", 5 | "title": "`V3Vault` lacks slippage protection on deposit/withdraw operations", 6 | "issueId": 328, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/328" 8 | } -------------------------------------------------------------------------------- /data/Aymen0909-334.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Aymen0909", 4 | "risk": "2", 5 | "title": "`V3Vault` doesn't comply fully with EIP4626 standards", 6 | "issueId": 334, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/334" 8 | } -------------------------------------------------------------------------------- /data/Bauchibred-101.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Bauchibred", 4 | "risk": "2", 5 | "title": "Uniswap oracle should not be used as a source of pricing on L2s", 6 | "issueId": 101, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/101" 8 | } -------------------------------------------------------------------------------- /data/Bauchibred-102.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Bauchibred", 4 | "risk": "2", 5 | "title": "In-range ticks would wrongly revert as out of range while adjusting tokens via a vault or transform", 6 | "issueId": 102, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/102" 8 | } -------------------------------------------------------------------------------- /data/Bauchibred-107.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Bauchibred", 4 | "risk": "3", 5 | "title": "First depositor can break minting of shares", 6 | "issueId": 107, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/107" 8 | } -------------------------------------------------------------------------------- /data/Bauchibred-108.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Bauchibred", 4 | "risk": "3", 5 | "title": " AmountOuts are hardcoded to 0 while adjusting the tokens", 6 | "issueId": 108, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/108" 8 | } -------------------------------------------------------------------------------- /data/Bauchibred-109.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Bauchibred", 4 | "risk": "2", 5 | "title": "Protocol implements an incorrect `price difference ` logic which could lead to using a different mode than was specified", 6 | "issueId": 109, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/109" 8 | } -------------------------------------------------------------------------------- /data/Bauchibred-119.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Bauchibred", 4 | "risk": "2", 5 | "title": "No grace period applied which would then allow positions to be liquidated after sequencer goes down since now users don't have enough time to deposit funds", 6 | "issueId": 119, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/119" 8 | } -------------------------------------------------------------------------------- /data/Bauchibred-120.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Bauchibred", 4 | "risk": "3", 5 | "title": " No slippage protection while swapping via the pool", 6 | "issueId": 120, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/120" 8 | } -------------------------------------------------------------------------------- /data/Bauchibred-127.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Bauchibred", 4 | "risk": "3", 5 | "title": " `_getReferencePoolPriceX96()` will show incorrect price for negative tick deltas in current implementation cause it doesn't round up for them", 6 | "issueId": 127, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/127" 8 | } -------------------------------------------------------------------------------- /data/Bauchibred-128.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Bauchibred", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 128, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/128" 8 | } -------------------------------------------------------------------------------- /data/Bauchibred-129.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Bauchibred", 4 | "risk": "2", 5 | "title": "RouterSwapParams lacks a deadlining logic and could lead to unfavourable swaps", 6 | "issueId": 129, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/129" 8 | } -------------------------------------------------------------------------------- /data/Bauchibred-152.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Bauchibred", 4 | "risk": "3", 5 | "title": " `getAmountsForLiquidity()` used in V3Oracle..sol uses `mulDiv` from UniswapV3 which expects overflow behaviour but overflows can't happen.", 6 | "issueId": 152, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/152" 8 | } -------------------------------------------------------------------------------- /data/Bauchibred-154.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Bauchibred", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 154, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/154" 8 | } -------------------------------------------------------------------------------- /data/Bauchibred-209.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Bauchibred", 4 | "risk": "2", 5 | "title": "Protocol implements an incorrect `price difference ` logic which could lead to using a different mode than was specified", 6 | "issueId": 209, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/209" 8 | } -------------------------------------------------------------------------------- /data/Bauchibred-98.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Bauchibred", 4 | "risk": "3", 5 | "title": "The logic behind `MIN_PRICE_DIFFERENCE` is heavily flawed as it allows for heavy arbitraging", 6 | "issueId": 98, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/98" 8 | } -------------------------------------------------------------------------------- /data/Bauchibred-99.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Bauchibred", 4 | "risk": "3", 5 | "title": " No deadline or slippage protection while increasing liquidity", 6 | "issueId": 99, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/99" 8 | } -------------------------------------------------------------------------------- /data/Bigsam-285.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Bigsam", 4 | "risk": "2", 5 | "title": "Incorrect Assertion will lead to a Denial of service in the Borrow function", 6 | "issueId": 285, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/285" 8 | } -------------------------------------------------------------------------------- /data/Bigsam-302.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Bigsam", 4 | "risk": "2", 5 | "title": "Users will never be able to clear (repay) 100% of their loan balance(almost impossible ), It will require a high level of precision from the user for currentShares == shares.", 6 | "issueId": 302, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/302" 8 | } -------------------------------------------------------------------------------- /data/BowTiedOriole-420.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "BowTiedOriole", 4 | "risk": "2", 5 | "title": "`ResetDailyIncreaseLimit` incorrectly calculates 10% of the existing debt/lend supply", 6 | "issueId": 420, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/420" 8 | } -------------------------------------------------------------------------------- /data/BowTiedOriole-423.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "BowTiedOriole", 4 | "risk": "2", 5 | "title": "Rounding error when using all X32 constants", 6 | "issueId": 423, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/423" 8 | } -------------------------------------------------------------------------------- /data/BowTiedOriole-444.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "BowTiedOriole", 4 | "risk": "2", 5 | "title": "Slippage not checked when decreasing liquidity during liquidation", 6 | "issueId": 444, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/444" 8 | } -------------------------------------------------------------------------------- /data/BowTiedOriole-452.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "BowTiedOriole", 4 | "risk": "2", 5 | "title": "Lack of Slippage Protection in `withdraw`/`redeem` Function of the Vault", 6 | "issueId": 452, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/452" 8 | } -------------------------------------------------------------------------------- /data/CRYP70-363.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "CRYP70", 4 | "risk": "3", 5 | "title": "Lack of safety buffer in `_checkLoanIsHealthy` could subject users who take out the max loan into a forced liquidation", 6 | "issueId": 363, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/363" 8 | } -------------------------------------------------------------------------------- /data/CRYP70-364.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "CRYP70", 4 | "risk": "2", 5 | "title": "Incorrect `POOL_INIT_CODE_HASH` when attempting to call `_getPool` in the V3Oracle may return the incorrect pool address resulting in a revert when attempting to borrow", 6 | "issueId": 364, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/364" 8 | } -------------------------------------------------------------------------------- /data/CRYP70-366.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "CRYP70", 4 | "risk": "2", 5 | "title": "Insufficient access controls in the `LeverageTransformer` may allow an attacker to siphon funds from positions if it is approved", 6 | "issueId": 366, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/366" 8 | } -------------------------------------------------------------------------------- /data/CaeraDenoir-445.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "CaeraDenoir", 4 | "risk": "3", 5 | "title": "`executeWithPermit` can be frontrun and handle execution to anyone.", 6 | "issueId": 445, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/445" 8 | } -------------------------------------------------------------------------------- /data/CaeraDenoir-465.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "CaeraDenoir", 4 | "risk": "3", 5 | "title": "Full repayments can be prevented by frontrunning the payment itself.", 6 | "issueId": 465, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/465" 8 | } -------------------------------------------------------------------------------- /data/CaeraDenoir-499.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "CaeraDenoir", 4 | "risk": "3", 5 | "title": "Borrower can prevent being liquidated.", 6 | "issueId": 499, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/499" 8 | } -------------------------------------------------------------------------------- /data/DanielArmstrong-113.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "DanielArmstrong", 4 | "risk": "2", 5 | "title": "Managing dailyIncreaseLimit is not sufficient.", 6 | "issueId": 113, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/113" 8 | } -------------------------------------------------------------------------------- /data/DanielArmstrong-359.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "DanielArmstrong", 4 | "risk": "3", 5 | "title": "Debt may be bigger than lent assets.", 6 | "issueId": 359, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/359" 8 | } -------------------------------------------------------------------------------- /data/DanielArmstrong-78.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "DanielArmstrong", 4 | "risk": "2", 5 | "title": "Daily amounts of lend and debt can exceed limits.", 6 | "issueId": 78, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/78" 8 | } -------------------------------------------------------------------------------- /data/DanielArmstrong-79.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "DanielArmstrong", 4 | "risk": "3", 5 | "title": "There is an error in applying the daily increase limit.", 6 | "issueId": 79, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/79" 8 | } -------------------------------------------------------------------------------- /data/DanielArmstrong-80.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "DanielArmstrong", 4 | "risk": "3", 5 | "title": "There is an error in applying daily debt increase limit.", 6 | "issueId": 80, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/80" 8 | } -------------------------------------------------------------------------------- /data/En3cyptedDegenExt-156.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "En3cyptedDegenExt", 4 | "risk": "3", 5 | "title": "Potential Reentrancy", 6 | "issueId": 156, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/156" 8 | } -------------------------------------------------------------------------------- /data/FastChecker-396.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "FastChecker", 4 | "risk": "2", 5 | "title": "The calculation of `Max Daily Debt Increase (MDDI)` has error. The calculation formula in the `V3Vault.sol#__resetDailyLendIncreaseLimit`function that calculates `Max Daily Debt Increase (MDDI)` is incorrect.", 6 | "issueId": 396, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/396" 8 | } -------------------------------------------------------------------------------- /data/FastChecker-398.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "FastChecker", 4 | "risk": "2", 5 | "title": "During one day, `lent increase` and `debt increase` may exceed `Max Daily Debt Increase (MDDI)` and `Max Daily Lent Increase`.", 6 | "issueId": 398, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/398" 8 | } -------------------------------------------------------------------------------- /data/FastChecker-399.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "FastChecker", 4 | "risk": "2", 5 | "title": "During one day, `lent increase` and `debt increase` may exceed `Max Daily Debt Increase (MDDI)` and `Max Daily Lent Increase`.", 6 | "issueId": 399, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/399" 8 | } -------------------------------------------------------------------------------- /data/FastChecker-400.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "FastChecker", 4 | "risk": "2", 5 | "title": "`DailyLendIncreaseLimitLeft` and `dailyDebtIncreaseLimitLeft` are not adjusted accurately.", 6 | "issueId": 400, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/400" 8 | } -------------------------------------------------------------------------------- /data/FastChecker-403.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "FastChecker", 4 | "risk": "3", 5 | "title": "`Debt` is larger than `lent`, so `available` can be zero.", 6 | "issueId": 403, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/403" 8 | } -------------------------------------------------------------------------------- /data/FastChecker-404.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "FastChecker", 4 | "risk": "2", 5 | "title": "The user may not be able to liquidate all `debt` of `token` with `isShare = false`.", 6 | "issueId": 404, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/404" 8 | } -------------------------------------------------------------------------------- /data/Fitro-132.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Fitro", 4 | "risk": "2", 5 | "title": "Automator.sol :: _validateSwap() Usage of slot.0 to obtain sqrtPriceLimitX96 can lead to price manipulation.", 6 | "issueId": 132, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/132" 8 | } -------------------------------------------------------------------------------- /data/Giorgio-377.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Giorgio", 4 | "risk": "3", 5 | "title": " borrower can exit the position without repaying loan when depositing a new nonfungiblePositionManager NFT", 6 | "issueId": 377, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/377" 8 | } -------------------------------------------------------------------------------- /data/Giorgio-389.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Giorgio", 4 | "risk": "2", 5 | "title": "Liquidation reward sent to msg.sender instead of recipient ", 6 | "issueId": 389, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/389" 8 | } -------------------------------------------------------------------------------- /data/Giorgio-406.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Giorgio", 4 | "risk": "3", 5 | "title": "Liquidation can be frontrunned and bad position kept unhealthy", 6 | "issueId": 406, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/406" 8 | } -------------------------------------------------------------------------------- /data/Giorgio-422.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Giorgio", 4 | "risk": "2", 5 | "title": "Missing slippage in the _sendPositionValue() function, will DoS liquidations", 6 | "issueId": 422, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/422" 8 | } -------------------------------------------------------------------------------- /data/Giorgio-428.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Giorgio", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 428, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/428" 8 | } -------------------------------------------------------------------------------- /data/Giorgio-462.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Giorgio", 4 | "risk": "3", 5 | "title": "low TWAP interval / slot0 results in easily manipulated oracles ", 6 | "issueId": 462, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/462" 8 | } -------------------------------------------------------------------------------- /data/Giorgio-482.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Giorgio", 4 | "risk": "2", 5 | "title": "_getReferencePoolPriceX96 will show incorrect price for negative ticks cause it doesn't round up for negative ticks.", 6 | "issueId": 482, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/482" 8 | } -------------------------------------------------------------------------------- /data/Giorgio-497.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Giorgio", 4 | "risk": "2", 5 | "title": "Missing slippage in deposit(), withdraw(), redeem() and mint()", 6 | "issueId": 497, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/497" 8 | } -------------------------------------------------------------------------------- /data/Hound-11.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Hound", 4 | "crew": [ 5 | "DadeKuma" 6 | ], 7 | "risk": "2", 8 | "title": "Missing price checks for Chainlink oracle", 9 | "issueId": 11, 10 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/11" 11 | } -------------------------------------------------------------------------------- /data/Hound-12.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Hound", 4 | "crew": [ 5 | "DadeKuma" 6 | ], 7 | "risk": "2", 8 | "title": "Missing L2 sequencer checks for Chainlink oracle", 9 | "issueId": 12, 10 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/12" 11 | } -------------------------------------------------------------------------------- /data/Hound-13.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Hound", 4 | "crew": [ 5 | "DadeKuma" 6 | ], 7 | "risk": "2", 8 | "title": "Chainlink oracle will return the wrong price if the aggregator hits `minAnswer`", 9 | "issueId": 13, 10 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/13" 11 | } -------------------------------------------------------------------------------- /data/Hound-14.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Hound", 4 | "crew": [ 5 | "DadeKuma" 6 | ], 7 | "risk": "2", 8 | "title": "Some `ERC20` can revert on a zero value `transfer`", 9 | "issueId": 14, 10 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/14" 11 | } -------------------------------------------------------------------------------- /data/InAllHonesty-161.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "InAllHonesty", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 161, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/161" 8 | } -------------------------------------------------------------------------------- /data/JCK-516.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "JCK", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 516, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/516" 8 | } -------------------------------------------------------------------------------- /data/JCN-230.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "JCN", 4 | "risk": "2", 5 | "title": "A malicious actor can grief users who are attempting to repay their entire debt", 6 | "issueId": 230, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/230" 8 | } -------------------------------------------------------------------------------- /data/JCN-231.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "JCN", 4 | "risk": "2", 5 | "title": "Liquidations can be temporarily DoS-ed, potentially increasing the chances of the protocol incurring bad debt", 6 | "issueId": 231, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/231" 8 | } -------------------------------------------------------------------------------- /data/JCN-232.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "JCN", 4 | "risk": "2", 5 | "title": "Users' newly created positions can be prematurely closed and removed from the vault directly after they are created", 6 | "issueId": 232, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/232" 8 | } -------------------------------------------------------------------------------- /data/JCN-352.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "JCN", 4 | "risk": "3", 5 | "title": "During liquidations, the raw collateral of a position is compared against an inflated debt value, resulting in fake bad debt being reported ", 6 | "issueId": 352, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/352" 8 | } -------------------------------------------------------------------------------- /data/JcFichtner-224.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "JcFichtner", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 224, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/224" 8 | } -------------------------------------------------------------------------------- /data/JecikPo-379.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "JecikPo", 4 | "risk": "2", 5 | "title": "Liquidation DoS through dust repayments", 6 | "issueId": 379, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/379" 8 | } -------------------------------------------------------------------------------- /data/JecikPo-409.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "JecikPo", 4 | "risk": "2", 5 | "title": "Large decimal of referenceToken causes overflow at oracle price calculation", 6 | "issueId": 409, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/409" 8 | } -------------------------------------------------------------------------------- /data/JecikPo-473.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "JecikPo", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 473, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/473" 8 | } -------------------------------------------------------------------------------- /data/JohnSmith-413.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "JohnSmith", 4 | "risk": "3", 5 | "title": "Liquidations cannot be performed, revert on NFT received", 6 | "issueId": 413, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/413" 8 | } -------------------------------------------------------------------------------- /data/JohnSmith-414.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "JohnSmith", 4 | "risk": "3", 5 | "title": "Users can prevent liquidations, repaying just 1 debt share", 6 | "issueId": 414, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/414" 8 | } -------------------------------------------------------------------------------- /data/JohnSmith-415.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "JohnSmith", 4 | "risk": "2", 5 | "title": " Users can lend and borrow above allowed limitations", 6 | "issueId": 415, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/415" 8 | } -------------------------------------------------------------------------------- /data/JohnSmith-416.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "JohnSmith", 4 | "risk": "2", 5 | "title": "Malicious user can borrow above allowed limitations", 6 | "issueId": 416, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/416" 8 | } -------------------------------------------------------------------------------- /data/JohnSmith-417.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "JohnSmith", 4 | "risk": "2", 5 | "title": "Lenders can frontrun and withdraw assets before liquidation of insolvent loans to avoid loss", 6 | "issueId": 417, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/417" 8 | } -------------------------------------------------------------------------------- /data/JohnSmith-418.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "JohnSmith", 4 | "risk": "2", 5 | "title": "User griefing auto-range of other users by giving auto-range transformer other users tokenId", 6 | "issueId": 418, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/418" 8 | } -------------------------------------------------------------------------------- /data/JohnSmith-419.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "JohnSmith", 4 | "risk": "2", 5 | "title": "Lenders cannot withdraw, if borrowers keep borrowing", 6 | "issueId": 419, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/419" 8 | } -------------------------------------------------------------------------------- /data/K42-266.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "K42", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 266, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/266" 8 | } -------------------------------------------------------------------------------- /data/KupiaSec-260.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "KupiaSec", 4 | "risk": "3", 5 | "title": "When borrowers use `AutoExit`, protocol can collect reward not only from fees but also from liquidity even if `onlyFee` is set true.", 6 | "issueId": 260, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/260" 8 | } -------------------------------------------------------------------------------- /data/KupiaSec-261.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "KupiaSec", 4 | "risk": "3", 5 | "title": "`V3Oracle._getReferenceTokenPriceX96()` may revert due to the integer overflow", 6 | "issueId": 261, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/261" 8 | } -------------------------------------------------------------------------------- /data/KupiaSec-262.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "KupiaSec", 4 | "risk": "2", 5 | "title": "`V3Vault._resetDailyLendIncreaseLimit()` and `V3Vault._resetDailyDebtIncreaseLimit()` return incorrect `dailyLendIncreaseLimitLeft` and `dailyDebtIncreaseLimitLeft` respectively.", 6 | "issueId": 262, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/262" 8 | } -------------------------------------------------------------------------------- /data/KupiaSec-263.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "KupiaSec", 4 | "risk": "2", 5 | "title": "Improper validation in `V3Vault._deposit()`.", 6 | "issueId": 263, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/263" 8 | } -------------------------------------------------------------------------------- /data/KupiaSec-264.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "KupiaSec", 4 | "risk": "2", 5 | "title": "Whenever borrowers try to repay their debt fully `V3Vault._updateAndCheckCollateral()` is called twice and this occurs unexpected events.", 6 | "issueId": 264, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/264" 8 | } -------------------------------------------------------------------------------- /data/KupiaSec-265.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "KupiaSec", 4 | "risk": "2", 5 | "title": "Borrowers can't repay fully using `LeverageTransformer.leverageDown` because it will always revert.", 6 | "issueId": 265, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/265" 8 | } -------------------------------------------------------------------------------- /data/Limbooo-249.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Limbooo", 4 | "risk": "2", 5 | "title": "V3Vault is not ERC-4626 compliant", 6 | "issueId": 249, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/249" 8 | } -------------------------------------------------------------------------------- /data/MSaptarshi-138.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "MSaptarshi", 4 | "risk": "2", 5 | "title": "Tokens are left in the protocol when the swap at the destination chain fails", 6 | "issueId": 138, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/138" 8 | } -------------------------------------------------------------------------------- /data/MSaptarshi-157.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "MSaptarshi", 4 | "risk": "2", 5 | "title": "Sandwich attack probability while swapping", 6 | "issueId": 157, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/157" 8 | } -------------------------------------------------------------------------------- /data/MSaptarshi-186.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "MSaptarshi", 4 | "risk": "3", 5 | "title": "Lenders can can stop withdraw operation accordingly", 6 | "issueId": 186, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/186" 8 | } -------------------------------------------------------------------------------- /data/MSaptarshi-27.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "MSaptarshi", 4 | "risk": "3", 5 | "title": "onERC721Received callback is never called when new tokens are minted or transferred", 6 | "issueId": 27, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/27" 8 | } -------------------------------------------------------------------------------- /data/MSaptarshi-270.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "MSaptarshi", 4 | "risk": "3", 5 | "title": "Price deviation could lead to a borrower liquidating its position", 6 | "issueId": 270, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/270" 8 | } -------------------------------------------------------------------------------- /data/MSaptarshi-273.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "MSaptarshi", 4 | "risk": "2", 5 | "title": "Risk of incorrect pricing by Oracle", 6 | "issueId": 273, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/273" 8 | } -------------------------------------------------------------------------------- /data/MSaptarshi-274.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "MSaptarshi", 4 | "risk": "2", 5 | "title": "If a token's oracle goes down or price falls below zero, liquidations will be frozen", 6 | "issueId": 274, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/274" 8 | } -------------------------------------------------------------------------------- /data/MSaptarshi-353.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "MSaptarshi", 4 | "risk": "3", 5 | "title": "Repayment sent to 0 address", 6 | "issueId": 353, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/353" 8 | } -------------------------------------------------------------------------------- /data/MSaptarshi-39.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "MSaptarshi", 4 | "risk": "2", 5 | "title": " Missing checks for whether Arbitrum Sequencer is active", 6 | "issueId": 39, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/39" 8 | } -------------------------------------------------------------------------------- /data/MSaptarshi-46.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "MSaptarshi", 4 | "risk": "2", 5 | "title": "latestRoundData()`` has no check for round completeness", 6 | "issueId": 46, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/46" 8 | } -------------------------------------------------------------------------------- /data/MSaptarshi-48.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "MSaptarshi", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 48, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/48" 8 | } -------------------------------------------------------------------------------- /data/MSaptarshi-82.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "MSaptarshi", 4 | "risk": "3", 5 | "title": " Usage of slot0 is extremely easy to manipulate", 6 | "issueId": 82, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/82" 8 | } -------------------------------------------------------------------------------- /data/MSaptarshi-Q.md: -------------------------------------------------------------------------------- 1 | # [L-01] Unsafe Casting 2 | https://github.com/code-423n4/2024-03-revert-lend/blob/435b054f9ad2404173f36f0f74a5096c894b12b7/src/V3Oracle.sol#L342C24-L342C30 3 | There are also other instances where it is casted from uint to int 4 | 5 | ## Recomendation 6 | Use OZ safeCasting while casting 7 | 8 | # [L-02] Natspec comment might not be giving out the exact intended behavior in`AutoCompound::execute()` 9 | 10 | The comment-> 11 | `Can only be called only from configured operator account, or vault via transform` 12 | ``` 13 | if (!operators[msg.sender] && !vaults[msg.sender]) { 14 | revert Unauthorized(); 15 | } 16 | ``` 17 | ## Recommendation 18 | Edit the comments telling the intended behavior 19 | # [NC -01] Code structure not suggested 20 | Refer to the solidity docs for the code structure -------------------------------------------------------------------------------- /data/MatricksDeCoder-210.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "MatricksDeCoder", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 210, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/210" 8 | } -------------------------------------------------------------------------------- /data/MatricksDeCoder-212.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "MatricksDeCoder", 4 | "risk": "2", 5 | "title": "Vault is vulnerable to ERC4626 inflation attack ", 6 | "issueId": 212, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/212" 8 | } -------------------------------------------------------------------------------- /data/Mike_Bello90-454.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Mike_Bello90", 4 | "risk": "2", 5 | "title": "DecreaseLiquidity with block.timestamp as Deadline can Cause Problems in Liquidations.", 6 | "issueId": 454, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/454" 8 | } -------------------------------------------------------------------------------- /data/Mike_Bello90-493.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Mike_Bello90", 4 | "risk": "2", 5 | "title": "Calling IncreaseLiquidity in AutoCompound without Slippage Protection and block.timestamp as Deadline can Cause Loss of Funds.", 6 | "issueId": 493, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/493" 8 | } -------------------------------------------------------------------------------- /data/MohammedRizwan-185.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "MohammedRizwan", 4 | "risk": "3", 5 | "title": "Using `slot0` for `sqrtPriceX96` in order to calculate amount could lead to price manipulation", 6 | "issueId": 185, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/185" 8 | } -------------------------------------------------------------------------------- /data/MohammedRizwan-188.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "MohammedRizwan", 4 | "risk": "2", 5 | "title": "Ethereum address collision can be used to steal funds via swap callbacks", 6 | "issueId": 188, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/188" 8 | } -------------------------------------------------------------------------------- /data/Myd-305.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Myd", 4 | "risk": "2", 5 | "title": "Inadequate validation in _routerSwap allows potential exploits via external routers.", 6 | "issueId": 305, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/305" 8 | } -------------------------------------------------------------------------------- /data/Myd-306.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Myd", 4 | "risk": "2", 5 | "title": "No deadline enforcement risks front-running and sandwich attacks.", 6 | "issueId": 306, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/306" 8 | } -------------------------------------------------------------------------------- /data/Myd-307.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Myd", 4 | "risk": "2", 5 | "title": "Approval risks enable fund drainage by compromised external contracts.", 6 | "issueId": 307, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/307" 8 | } -------------------------------------------------------------------------------- /data/Myd-308.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Myd", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 308, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/308" 8 | } -------------------------------------------------------------------------------- /data/Norah-275.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Norah", 4 | "risk": "2", 5 | "title": "Attacker can invalidate all the initial transactions of `createWithPermit()`", 6 | "issueId": 275, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/275" 8 | } -------------------------------------------------------------------------------- /data/Norah-283.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Norah", 4 | "risk": "2", 5 | "title": "Attacker can exploit dailyLimit functionality to invalidate victims transaction.", 6 | "issueId": 283, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/283" 8 | } -------------------------------------------------------------------------------- /data/Norah-286.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Norah", 4 | "risk": "2", 5 | "title": "Attacker can exploit Global Limit mechanism to invalidate other users transaction.", 6 | "issueId": 286, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/286" 8 | } -------------------------------------------------------------------------------- /data/Norah-301.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Norah", 4 | "risk": "2", 5 | "title": "Borrower can avoid being liquidated by front-running it with small repay", 6 | "issueId": 301, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/301" 8 | } -------------------------------------------------------------------------------- /data/Norah-361.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Norah", 4 | "risk": "2", 5 | "title": "V3Oracle will undervalue position when \"sqrtRatioX96 == sqrtRatioAX96\"", 6 | "issueId": 361, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/361" 8 | } -------------------------------------------------------------------------------- /data/Norah-401.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Norah", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 401, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/401" 8 | } -------------------------------------------------------------------------------- /data/Norah-402.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Norah", 4 | "risk": "2", 5 | "title": " Failure to Reset Reserves to Zero in Reserve Backed Liquidation", 6 | "issueId": 402, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/402" 8 | } -------------------------------------------------------------------------------- /data/Ocean_Sky-267.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Ocean_Sky", 4 | "risk": "2", 5 | "title": "vaultInfo is not fully compliant with ERC-4626", 6 | "issueId": 267, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/267" 8 | } -------------------------------------------------------------------------------- /data/Ocean_Sky-290.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Ocean_Sky", 4 | "risk": "3", 5 | "title": "Malicious borrower can DOS the liquidation", 6 | "issueId": 290, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/290" 8 | } -------------------------------------------------------------------------------- /data/Ocean_Sky-411.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Ocean_Sky", 4 | "risk": "2", 5 | "title": "Chainlink data feed failure can DOS the liquidation despite of having backup TWAP oracle", 6 | "issueId": 411, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/411" 8 | } -------------------------------------------------------------------------------- /data/Rhaydden-179.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Rhaydden", 4 | "risk": "2", 5 | "title": "V3Vault.sol does not adhere to EIP4626 standards because of the Preview functions", 6 | "issueId": 179, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/179" 8 | } -------------------------------------------------------------------------------- /data/Rhaydden-253.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Rhaydden", 4 | "risk": "2", 5 | "title": "Uniswap V3 Liquidation Slippage Vulnerability in V3Vault.sol", 6 | "issueId": 253, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/253" 8 | } -------------------------------------------------------------------------------- /data/SAQ-358.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "SAQ", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 358, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/358" 8 | } -------------------------------------------------------------------------------- /data/SAQ-509.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "SAQ", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 509, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/509" 8 | } -------------------------------------------------------------------------------- /data/SM3_SS-519.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "SM3_SS", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 519, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/519" 8 | } -------------------------------------------------------------------------------- /data/SY_S-479.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "SY_S", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 479, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/479" 8 | } -------------------------------------------------------------------------------- /data/SanketKogekar-171.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "SanketKogekar", 4 | "risk": "2", 5 | "title": "The function `AutoExit.sol::execute()` fails to verify the `params.tokenId`", 6 | "issueId": 171, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/171" 8 | } -------------------------------------------------------------------------------- /data/SanketKogekar-173.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "SanketKogekar", 4 | "risk": "2", 5 | "title": "The function `AutoExit.sol::execute()` deducts the reward from the token amounts after performing swaps or liquidity removals, potentially causing loss for the users.", 6 | "issueId": 173, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/173" 8 | } -------------------------------------------------------------------------------- /data/SanketKogekar-174.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "SanketKogekar", 4 | "risk": "2", 5 | "title": "The function `AutoExit.sol::execute()` does not consider extreme market conditions where the actual slippage might exceed bounds, potentially resulting in unfavourable swaps resulting in loss for users", 6 | "issueId": 174, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/174" 8 | } -------------------------------------------------------------------------------- /data/Sathish9098-505.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Sathish9098", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 505, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/505" 8 | } -------------------------------------------------------------------------------- /data/Silvermist-203.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Silvermist", 4 | "risk": "2", 5 | "title": "A lack of slippage protection can lead to a significant loss of user funds", 6 | "issueId": 203, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/203" 8 | } -------------------------------------------------------------------------------- /data/Silvermist-233.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Silvermist", 4 | "risk": "3", 5 | "title": "Use of slot0 to get sqrtPriceX96 can lead to price manipulation", 6 | "issueId": 233, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/233" 8 | } -------------------------------------------------------------------------------- /data/Silvermist-341.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Silvermist", 4 | "risk": "2", 5 | "title": "The V3Vault is not compliant with ERC4626 standart", 6 | "issueId": 341, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/341" 8 | } -------------------------------------------------------------------------------- /data/SpicyMeatball-238.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "SpicyMeatball", 4 | "risk": "3", 5 | "title": "_getReferenceTokenPriceX96 may overflow in some cases", 6 | "issueId": 238, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/238" 8 | } -------------------------------------------------------------------------------- /data/SpicyMeatball-247.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "SpicyMeatball", 4 | "risk": "3", 5 | "title": "Loan owner can evade liquidation", 6 | "issueId": 247, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/247" 8 | } -------------------------------------------------------------------------------- /data/SpicyMeatball-342.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "SpicyMeatball", 4 | "risk": "3", 5 | "title": "User can evade liquidation by changing his debtShare ", 6 | "issueId": 342, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/342" 8 | } -------------------------------------------------------------------------------- /data/Tigerfrake-103.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Tigerfrake", 4 | "risk": "2", 5 | "title": "Missing Ownership check in execute() may result in potential manipulation of other users' assets and Liquidity positions. ", 6 | "issueId": 103, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/103" 8 | } -------------------------------------------------------------------------------- /data/Tigerfrake-126.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Tigerfrake", 4 | "risk": "2", 5 | "title": "Missing same token check in swapAndIncreaseLiquidity() allows swapping a token for itself which is against the protocol", 6 | "issueId": 126, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/126" 8 | } -------------------------------------------------------------------------------- /data/Tigerfrake-131.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Tigerfrake", 4 | "risk": "2", 5 | "title": "Lack of slippage control on V3Vault::deposit()", 6 | "issueId": 131, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/131" 8 | } -------------------------------------------------------------------------------- /data/Tigerfrake-155.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Tigerfrake", 4 | "risk": "2", 5 | "title": "Unbounded token array in Automator::withdrawBalances() function may results in Potential DoS. ", 6 | "issueId": 155, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/155" 8 | } -------------------------------------------------------------------------------- /data/Tigerfrake-163.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Tigerfrake", 4 | "risk": "2", 5 | "title": "Missing nonReentrant modifier on AutoCompound::executeWithVault() ", 6 | "issueId": 163, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/163" 8 | } -------------------------------------------------------------------------------- /data/Tigerfrake-176.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Tigerfrake", 4 | "risk": "2", 5 | "title": "Missing deadline check in decreaseLiquidityAndCollect() allow pending transactions to be maliciously executed", 6 | "issueId": 176, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/176" 8 | } -------------------------------------------------------------------------------- /data/Tigerfrake-177.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Tigerfrake", 4 | "risk": "2", 5 | "title": "Missing Fee Amounts Validation may result in Financial Loss for users", 6 | "issueId": 177, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/177" 8 | } -------------------------------------------------------------------------------- /data/Tigerfrake-190.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Tigerfrake", 4 | "risk": "2", 5 | "title": "Missing Fee Amounts Validation may result in Financial Loss for users", 6 | "issueId": 190, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/190" 8 | } -------------------------------------------------------------------------------- /data/Tigerfrake-196.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Tigerfrake", 4 | "risk": "2", 5 | "title": "Missing deadline check during swaps", 6 | "issueId": 196, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/196" 8 | } -------------------------------------------------------------------------------- /data/Tigerfrake-295.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Tigerfrake", 4 | "risk": "2", 5 | "title": "The reward mechanism can be abused by the first depositor", 6 | "issueId": 295, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/295" 8 | } -------------------------------------------------------------------------------- /data/Tigerfrake-397.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Tigerfrake", 4 | "risk": "2", 5 | "title": "Liquidations Paused While Repayments enabled allows borrowers to potentially avoid liquidation", 6 | "issueId": 397, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/397" 8 | } -------------------------------------------------------------------------------- /data/Tigerfrake-91.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Tigerfrake", 4 | "risk": "3", 5 | "title": "An approved caller will not be able to transform loans for which they have been approved as long as they are not the loanOwner", 6 | "issueId": 91, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/91" 8 | } -------------------------------------------------------------------------------- /data/Tigerfrake-92.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Tigerfrake", 4 | "risk": "2", 5 | "title": "There is no possible means of setting limits in V3Vault contact as long as the emergencyAdmin is not owner.", 6 | "issueId": 92, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/92" 8 | } -------------------------------------------------------------------------------- /data/Timenov-118.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Timenov", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 118, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/118" 8 | } -------------------------------------------------------------------------------- /data/Timenov-72.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Timenov", 4 | "risk": "2", 5 | "title": "User can call transformer with malicious data", 6 | "issueId": 72, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/72" 8 | } -------------------------------------------------------------------------------- /data/Timenov-74.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Timenov", 4 | "risk": "3", 5 | "title": "Anyone can call `leverageUp` and `leverageDown` functions", 6 | "issueId": 74, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/74" 8 | } -------------------------------------------------------------------------------- /data/Timenov-77.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Timenov", 4 | "risk": "2", 5 | "title": "Anyone can use tokenId in execute", 6 | "issueId": 77, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/77" 8 | } -------------------------------------------------------------------------------- /data/Topmark-104.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Topmark", 4 | "risk": "3", 5 | "title": "Unintended Denial of Service when Verified Chainlink and Verified Twap Price is used by Oracle", 6 | "issueId": 104, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/104" 8 | } -------------------------------------------------------------------------------- /data/Topmark-105.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Topmark", 4 | "risk": "3", 5 | "title": "Wrong Fee Growth due to Overflow Error", 6 | "issueId": 105, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/105" 8 | } -------------------------------------------------------------------------------- /data/Topmark-106.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Topmark", 4 | "risk": "2", 5 | "title": "Max TWAP Tick Difference Validation Error due to Incomplete Validation", 6 | "issueId": 106, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/106" 8 | } -------------------------------------------------------------------------------- /data/Topmark-81.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Topmark", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 81, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/81" 8 | } -------------------------------------------------------------------------------- /data/Topmark-85.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Topmark", 4 | "risk": "2", 5 | "title": "Inconsistent Lent Calculation in V3Vault contract", 6 | "issueId": 85, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/85" 8 | } -------------------------------------------------------------------------------- /data/Topmark-86.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Topmark", 4 | "risk": "2", 5 | "title": "liquidationValue will be lost due to wrong Assumption of Fee Valuation in Oracle Contract", 6 | "issueId": 86, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/86" 8 | } -------------------------------------------------------------------------------- /data/Topmark-87.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Topmark", 4 | "risk": "3", 5 | "title": "Deposit would Not Revert when Total Supply is too Excessive to handle globalLendLimit ", 6 | "issueId": 87, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/87" 8 | } -------------------------------------------------------------------------------- /data/Topmark-88.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Topmark", 4 | "risk": "2", 5 | "title": "Daily Lend and Debt Increase Limit Left can be Reset for the very first time when a full day is not complete Yet", 6 | "issueId": 88, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/88" 8 | } -------------------------------------------------------------------------------- /data/Topmark-93.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Topmark", 4 | "risk": "2", 5 | "title": "Bad Actor can Dos Daily Increase Limit Functionality", 6 | "issueId": 93, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/93" 8 | } -------------------------------------------------------------------------------- /data/Topmark-94.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Topmark", 4 | "risk": "3", 5 | "title": "Owned Token Index is not Deleted after Removal which could Break Protocol", 6 | "issueId": 94, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/94" 8 | } -------------------------------------------------------------------------------- /data/Topmark-96.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Topmark", 4 | "risk": "3", 5 | "title": "Wrong Minimum Amount Validation Which would allow Swap below minimum Threshold", 6 | "issueId": 96, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/96" 8 | } -------------------------------------------------------------------------------- /data/Topmark-97.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "Topmark", 4 | "risk": "2", 5 | "title": "Denial of Service when Price Difference is Equal Minimum Allowed Price Difference", 6 | "issueId": 97, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/97" 8 | } -------------------------------------------------------------------------------- /data/VAD37-368.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "VAD37", 4 | "risk": "3", 5 | "title": "`V3Vault.sol` permit signature does not check receiving token address is USDC", 6 | "issueId": 368, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/368" 8 | } -------------------------------------------------------------------------------- /data/VAD37-369.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "VAD37", 4 | "risk": "3", 5 | "title": "`V3Vault.sol` accept NFT from pool no one is using with low liquidity. Allow oracle price manipulation and steal tokens from the pool", 6 | "issueId": 369, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/369" 8 | } -------------------------------------------------------------------------------- /data/VAD37-371.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "VAD37", 4 | "risk": "3", 5 | "title": "Complication of problems with `V3Vault.repay()`. It will frequently fail on MAINNET. Possible damage to user finance", 6 | "issueId": 371, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/371" 8 | } -------------------------------------------------------------------------------- /data/VAD37-372.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "VAD37", 4 | "risk": "2", 5 | "title": "`_resetDailyDebtIncreaseLimit()` should use `newDebtExchangeRateX96` instead of `newLendExchangeRateX96`", 6 | "issueId": 372, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/372" 8 | } -------------------------------------------------------------------------------- /data/VAD37-436.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "VAD37", 4 | "risk": "2", 5 | "title": "`V3Vault.reserveFactorX32` take away interest profit from lender into reserve without mechanism to increase it or return/reward it back to user", 6 | "issueId": 436, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/436" 8 | } -------------------------------------------------------------------------------- /data/VAD37-492.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "VAD37", 4 | "risk": "3", 5 | "title": "When liquidate bad loan, protocol does not pay out of reserve as intended and only pay out of lender pocket. Missing update exchangeRate after bad loan calculation.", 6 | "issueId": 492, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/492" 8 | } -------------------------------------------------------------------------------- /data/adeolu-117.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "adeolu", 4 | "risk": "2", 5 | "title": "approval to transform not reverted back after each successful transform", 6 | "issueId": 117, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/117" 8 | } -------------------------------------------------------------------------------- /data/adeolu-121.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "adeolu", 4 | "risk": "2", 5 | "title": "slippage risk in FlashloanLiquidator.liquidate()", 6 | "issueId": 121, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/121" 8 | } -------------------------------------------------------------------------------- /data/adeolu-168.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "adeolu", 4 | "risk": "2", 5 | "title": "can DOS user call ", 6 | "issueId": 168, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/168" 8 | } -------------------------------------------------------------------------------- /data/adeolu-357.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "adeolu", 4 | "risk": "2", 5 | "title": "liquidity position fees earned can be smaller than expected. ", 6 | "issueId": 357, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/357" 8 | } -------------------------------------------------------------------------------- /data/aitor-204.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "aitor", 4 | "risk": "2", 5 | "title": "Day limits without user limits could lead to a DoS attack", 6 | "issueId": 204, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/204" 8 | } -------------------------------------------------------------------------------- /data/albahaca-477.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "albahaca", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 477, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/477" 8 | } -------------------------------------------------------------------------------- /data/albahaca-510.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "albahaca", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 510, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/510" 8 | } -------------------------------------------------------------------------------- /data/alexander_orjustalex-276.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "alexander_orjustalex", 4 | "risk": "3", 5 | "title": "User can decrease their liquidity without changing the global interest rate", 6 | "issueId": 276, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/276" 8 | } -------------------------------------------------------------------------------- /data/alexander_orjustalex-296.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "alexander_orjustalex", 4 | "risk": "3", 5 | "title": "Users can perform DoS when someone tries to liquidate them", 6 | "issueId": 296, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/296" 8 | } -------------------------------------------------------------------------------- /data/alexander_orjustalex-297.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "alexander_orjustalex", 4 | "risk": "3", 5 | "title": "User can trigger a DoS upon someone trying to liquidate them", 6 | "issueId": 297, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/297" 8 | } -------------------------------------------------------------------------------- /data/alix40-408.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "alix40", 4 | "risk": "3", 5 | "title": "Liqidations on unhealthy Positions could be blocked by Owner by using the `onERC721Received` Hook", 6 | "issueId": 408, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/408" 8 | } -------------------------------------------------------------------------------- /data/alix40-412.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "alix40", 4 | "risk": "2", 5 | "title": "Newly minted Debt Positions Could be instantly be Liquidated by Bots ", 6 | "issueId": 412, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/412" 8 | } -------------------------------------------------------------------------------- /data/alix40-435.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "alix40", 4 | "risk": "3", 5 | "title": "Due to interest rates update method, Interest-Free Loans are possible and the Cost of DoS are reduced", 6 | "issueId": 435, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/435" 8 | } -------------------------------------------------------------------------------- /data/alix40-488.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "alix40", 4 | "risk": "2", 5 | "title": "Users Uniswap Positions could be locked forever in Vault, because of Missing Input Validation", 6 | "issueId": 488, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/488" 8 | } -------------------------------------------------------------------------------- /data/alix40-49.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "alix40", 4 | "risk": "2", 5 | "title": "`V3Vault.sol` is not compliant with EIP4626", 6 | "issueId": 49, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/49" 8 | } -------------------------------------------------------------------------------- /data/alphacipher-483.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "alphacipher", 4 | "risk": "3", 5 | "title": "`AutoExit::execute()` function allows an attacker to drain the liquidity of a Uniswap v3 pool by repeatedly calling the function with the same `tokenId` and `liquidity` values", 6 | "issueId": 483, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/483" 8 | } -------------------------------------------------------------------------------- /data/alphacipher-485.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "alphacipher", 4 | "risk": "3", 5 | "title": "`AutoCompound::execute` function that can allow an attacker to steal funds from the contract", 6 | "issueId": 485, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/485" 8 | } -------------------------------------------------------------------------------- /data/alphacipher-487.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "alphacipher", 4 | "risk": "2", 5 | "title": "`InterestRateModel::getRatesPerSecondX96` borrow rate to be calculated incorrectly when the utilization rate is equal to the kink", 6 | "issueId": 487, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/487" 8 | } -------------------------------------------------------------------------------- /data/alphacipher-491.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "alphacipher", 4 | "risk": "3", 5 | "title": "The `Swapper::_routerSwap` function does not check whether the amount of tokens received from the swap is equal to the expected amount of tokens.", 6 | "issueId": 491, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/491" 8 | } -------------------------------------------------------------------------------- /data/atoko-289.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "atoko", 4 | "risk": "2", 5 | "title": "Missing Nonce in Signature Verification for Permit Function", 6 | "issueId": 289, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/289" 8 | } -------------------------------------------------------------------------------- /data/atoko-294.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "atoko", 4 | "risk": "2", 5 | "title": "invalid input validation could lead to unauthorized data risks", 6 | "issueId": 294, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/294" 8 | } -------------------------------------------------------------------------------- /data/atoko-304.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "atoko", 4 | "risk": "2", 5 | "title": "Lack of Safety Margin in Loan Health Assessment", 6 | "issueId": 304, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/304" 8 | } -------------------------------------------------------------------------------- /data/atoko-312.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "atoko", 4 | "risk": "2", 5 | "title": "Borrower can cause Dos by frontrunning liquidation and repaying as low as 1 Wei to current debt", 6 | "issueId": 312, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/312" 8 | } -------------------------------------------------------------------------------- /data/atoko-320.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "atoko", 4 | "risk": "2", 5 | "title": "_checkLoanIsHealthy does not account for fees", 6 | "issueId": 320, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/320" 8 | } -------------------------------------------------------------------------------- /data/atoko-344.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "atoko", 4 | "risk": "2", 5 | "title": "Mitigating Bad Debt and Losses in the Liquidation Process", 6 | "issueId": 344, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/344" 8 | } -------------------------------------------------------------------------------- /data/ayden-23.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "ayden", 4 | "risk": "3", 5 | "title": "User can specify any erc20 token deposit into vault", 6 | "issueId": 23, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/23" 8 | } -------------------------------------------------------------------------------- /data/ayden-25.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "ayden", 4 | "risk": "3", 5 | "title": "User safeTransferFrom to transfer NFT back to owner can lead to loan is enable to be liquidated", 6 | "issueId": 25, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/25" 8 | } -------------------------------------------------------------------------------- /data/b0g0-175.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "b0g0", 4 | "risk": "3", 5 | "title": "V3Oracle susceptible to price manipulation", 6 | "issueId": 175, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/175" 8 | } -------------------------------------------------------------------------------- /data/b0g0-187.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "b0g0", 4 | "risk": "2", 5 | "title": "V3Oracle does not check if Arbitrum L2 sequencer is down for Chainlink feeds", 6 | "issueId": 187, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/187" 8 | } -------------------------------------------------------------------------------- /data/b0g0-189.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "b0g0", 4 | "risk": "2", 5 | "title": "V3Oracle will use the wrong price if Chainlink returns price outside min/max range", 6 | "issueId": 189, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/189" 8 | } -------------------------------------------------------------------------------- /data/b0g0-214.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "b0g0", 4 | "risk": "3", 5 | "title": "V3Vault::transform does not validate the `data` input and allows a depositor to exploit any position approved on the transformer", 6 | "issueId": 214, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/214" 8 | } -------------------------------------------------------------------------------- /data/b0g0-278.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "b0g0", 4 | "risk": "2", 5 | "title": "An outdated lendExchangeRate might be used during liquidation", 6 | "issueId": 278, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/278" 8 | } -------------------------------------------------------------------------------- /data/b0g0-298.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "b0g0", 4 | "risk": "2", 5 | "title": "Caller of transform can re-enter vault before transformation has completed and distort debt calculation", 6 | "issueId": 298, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/298" 8 | } -------------------------------------------------------------------------------- /data/b0g0-309.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "b0g0", 4 | "risk": "2", 5 | "title": "During transformation the caller can re-enter the Vault through the onERC721Received function", 6 | "issueId": 309, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/309" 8 | } -------------------------------------------------------------------------------- /data/bareli-480.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "bareli", 4 | "risk": "3", 5 | "title": "Underflow could happened when calculating Uniswap V3 position's fee growth and can cause operations to revert", 6 | "issueId": 480, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/480" 8 | } -------------------------------------------------------------------------------- /data/bareli-489.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "bareli", 4 | "risk": "2", 5 | "title": "Chainlink's `latestRoundData` might return stale results", 6 | "issueId": 489, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/489" 8 | } -------------------------------------------------------------------------------- /data/bareli-506.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "bareli", 4 | "risk": "2", 5 | "title": "wrong implement of ' _resetDailyLendIncreaseLimit' and '_resetDailyDebtIncreaseLimit'", 6 | "issueId": 506, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/506" 8 | } -------------------------------------------------------------------------------- /data/befree3x-251.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "befree3x", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 251, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/251" 8 | } -------------------------------------------------------------------------------- /data/befree3x-252.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "befree3x", 4 | "risk": "2", 5 | "title": " `V3Vault::_deposit` use a wrong condition to check for the Global Lend Limit", 6 | "issueId": 252, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/252" 8 | } -------------------------------------------------------------------------------- /data/boredpukar-68.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "boredpukar", 4 | "risk": "3", 5 | "title": "Insufficient Pre-Swap Balance Validation and Post-Swap Slippage Control", 6 | "issueId": 68, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/68" 8 | } -------------------------------------------------------------------------------- /data/boredpukar-73.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "boredpukar", 4 | "risk": "3", 5 | "title": "Usage of `slot0` to fetch `sqrtPriceX96` value can lead to price manipulation", 6 | "issueId": 73, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/73" 8 | } -------------------------------------------------------------------------------- /data/browep-178.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "browep", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 178, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/178" 8 | } -------------------------------------------------------------------------------- /data/browep-Q.md: -------------------------------------------------------------------------------- 1 | Multiple misspellings of "receive", "receives", "received". 2 | 3 | ``` 4 | $ find . -name "*.sol" | xargs grep -n recieve 5 | ./src/transformers/V3Utils.sol:633: // check if recieved correct amount of tokens 6 | ./src/V3Vault.sol:230: /// @return liquidationValue If position is liquidatable - the value of the (partial) position which the liquidator recieves - otherwise 0 7 | ./src/V3Vault.sol:399: /// @param recipient Address to recieve the position in the vault 8 | ./src/V3Vault.sol:407: /// @param recipient Address to recieve the position in the vault 9 | ./src/V3Vault.sol:427: /// @notice Whenever a token is recieved it either creates a new loan, or modifies an existing one when in transform mode. 10 | ``` 11 | -------------------------------------------------------------------------------- /data/btk-254.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "btk", 4 | "risk": "2", 5 | "title": "_getAvailableBalance should round up when calculating the lent", 6 | "issueId": 254, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/254" 8 | } -------------------------------------------------------------------------------- /data/btk-258.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "btk", 4 | "risk": "2", 5 | "title": "decreaseLiquidity hardcode the slippage protection as 0", 6 | "issueId": 258, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/258" 8 | } -------------------------------------------------------------------------------- /data/btk-374.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "btk", 4 | "risk": "2", 5 | "title": "Missing slippage check for lenders", 6 | "issueId": 374, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/374" 8 | } -------------------------------------------------------------------------------- /data/btk-385.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "btk", 4 | "risk": "2", 5 | "title": "The V3Vault is not EIP-4626 compliant", 6 | "issueId": 385, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/385" 8 | } -------------------------------------------------------------------------------- /data/callamus-472.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "callamus", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 472, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/472" 8 | } -------------------------------------------------------------------------------- /data/catwhiskeys-207.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "catwhiskeys", 4 | "risk": "2", 5 | "title": "`AutoCompound::withdrawBalances()` can be DoSed due to the Gas Exhaustion Attack", 6 | "issueId": 207, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/207" 8 | } -------------------------------------------------------------------------------- /data/catwhiskeys-208.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "catwhiskeys", 4 | "risk": "2", 5 | "title": "Overflow of the loop increment", 6 | "issueId": 208, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/208" 8 | } -------------------------------------------------------------------------------- /data/cheatc0d3-458.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "cheatc0d3", 4 | "risk": "2", 5 | "title": "Insufficient Slippage Handling in decreaseLiquidityAndCollect Function", 6 | "issueId": 458, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/458" 8 | } -------------------------------------------------------------------------------- /data/cheatc0d3-464.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "cheatc0d3", 4 | "risk": "3", 5 | "title": "Frontrunning and Price Manipulation can Brick Liquidation for other Users", 6 | "issueId": 464, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/464" 8 | } -------------------------------------------------------------------------------- /data/cheatc0d3-469.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "cheatc0d3", 4 | "risk": "3", 5 | "title": "Inaccurate Uncollected Fees and Amounts Calculations Due to Price Manipulation", 6 | "issueId": 469, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/469" 8 | } -------------------------------------------------------------------------------- /data/cheatc0d3-503.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "cheatc0d3", 4 | "risk": "3", 5 | "title": "V3Vault is Vulnerable to Inflation Due to Donation Attacks", 6 | "issueId": 503, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/503" 8 | } -------------------------------------------------------------------------------- /data/cheatc0d3-518.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "cheatc0d3", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 518, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/518" 8 | } -------------------------------------------------------------------------------- /data/clara-441.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "clara", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 441, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/441" 8 | } -------------------------------------------------------------------------------- /data/crypticdefense-181.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "crypticdefense", 4 | "risk": "3", 5 | "title": "Attacker can perform sandwich attack on `withdraw/redeem`", 6 | "issueId": 181, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/181" 8 | } -------------------------------------------------------------------------------- /data/crypticdefense-183.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "crypticdefense", 4 | "risk": "2", 5 | "title": "`V3Vault.sol` `transform()`, `borrow()` , `decreaseLiquidityAndCollect()` will revert due to rounding issues", 6 | "issueId": 183, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/183" 8 | } -------------------------------------------------------------------------------- /data/crypticdefense-246.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "crypticdefense", 4 | "risk": "2", 5 | "title": "`V3Vault::maxRedeem` does not comply with ERC4626", 6 | "issueId": 246, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/246" 8 | } -------------------------------------------------------------------------------- /data/crypticdefense-248.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "crypticdefense", 4 | "risk": "2", 5 | "title": "Users will have to repay more when specifying shares to repay rather than assets", 6 | "issueId": 248, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/248" 8 | } -------------------------------------------------------------------------------- /data/crypticdefense-255.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "crypticdefense", 4 | "risk": "2", 5 | "title": "`V3Oracle::getValue` is susceptible to precision loss due to division before multiplication", 6 | "issueId": 255, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/255" 8 | } -------------------------------------------------------------------------------- /data/crypticdefense-257.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "crypticdefense", 4 | "risk": "3", 5 | "title": "Loss of funds due to manipulation of `slot0` ", 6 | "issueId": 257, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/257" 8 | } -------------------------------------------------------------------------------- /data/crypticdefense-269.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "crypticdefense", 4 | "risk": "2", 5 | "title": "Missing Slippage Control", 6 | "issueId": 269, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/269" 8 | } -------------------------------------------------------------------------------- /data/crypticdefense-272.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "crypticdefense", 4 | "risk": "3", 5 | "title": "Liquidity owner can burn their NFT position to permanently lock borrower funds", 6 | "issueId": 272, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/272" 8 | } -------------------------------------------------------------------------------- /data/cryptothemex-288.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "cryptothemex", 4 | "risk": "3", 5 | "title": "Reentrancy vulnerabilities (theft of ethers)", 6 | "issueId": 288, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/288" 8 | } -------------------------------------------------------------------------------- /data/cryptothemex-291.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "cryptothemex", 4 | "risk": "3", 5 | "title": "Reentrancy vulnerabilities (theft of ethers)", 6 | "issueId": 291, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/291" 8 | } -------------------------------------------------------------------------------- /data/cryptothemex-292.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "cryptothemex", 4 | "risk": "2", 5 | "title": "Reentrancy vulnerabilities (no theft of ethers)", 6 | "issueId": 292, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/292" 8 | } -------------------------------------------------------------------------------- /data/cryptothemex-322.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "cryptothemex", 4 | "risk": "2", 5 | "title": "`increaseAllowance/decreaseAllowance` won't work on mainnet for USDT", 6 | "issueId": 322, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/322" 8 | } -------------------------------------------------------------------------------- /data/cryptothemex-331.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "cryptothemex", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 331, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/331" 8 | } -------------------------------------------------------------------------------- /data/cryptothemex-339.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "cryptothemex", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 339, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/339" 8 | } -------------------------------------------------------------------------------- /data/cryptphi-256.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "cryptphi", 4 | "risk": "2", 5 | "title": "User might execute PositionToken of token set by previous token owner.", 6 | "issueId": 256, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/256" 8 | } -------------------------------------------------------------------------------- /data/cryptphi-447.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "cryptphi", 4 | "risk": "3", 5 | "title": "Free Loan Clearance in V3Vault for transformerAllowList user to borrow more token through onERC721Received()", 6 | "issueId": 447, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/447" 8 | } -------------------------------------------------------------------------------- /data/cryptphi-470.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "cryptphi", 4 | "risk": "3", 5 | "title": "Execute call can be hijacked to steal tokens during swap or increase liquidity for token owner in AutoRange Contract", 6 | "issueId": 470, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/470" 8 | } -------------------------------------------------------------------------------- /data/cryptphi-496.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "cryptphi", 4 | "risk": "2", 5 | "title": "Self-Liquidation by tokenOwner is possible", 6 | "issueId": 496, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/496" 8 | } -------------------------------------------------------------------------------- /data/cryptphi-501.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "cryptphi", 4 | "risk": "2", 5 | "title": "tokenOwner can self liquidate through FlashLoanLiquidator Contract", 6 | "issueId": 501, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/501" 8 | } -------------------------------------------------------------------------------- /data/cryptphi-513.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "cryptphi", 4 | "risk": "3", 5 | "title": "No access control to check caller of leverage functions in LeverageTransformer contract is approved vault", 6 | "issueId": 513, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/513" 8 | } -------------------------------------------------------------------------------- /data/cryptphi-520.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "cryptphi", 4 | "risk": "3", 5 | "title": "Any user can become approved to steal tokens from LeverageTransformer contract", 6 | "issueId": 520, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/520" 8 | } -------------------------------------------------------------------------------- /data/deepplus-277.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "deepplus", 4 | "risk": "2", 5 | "title": "When `onlyFees` of config is true in `AutoExit.sol`, the reward is calculated incorrectly.", 6 | "issueId": 277, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/277" 8 | } -------------------------------------------------------------------------------- /data/deepplus-280.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "deepplus", 4 | "risk": "2", 5 | "title": "The daily increase limit for depositing and borrowing is meaningless indeed since it is calculated as 110% of total assets.", 6 | "issueId": 280, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/280" 8 | } -------------------------------------------------------------------------------- /data/dharma09-508.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "dharma09", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 508, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/508" 8 | } -------------------------------------------------------------------------------- /data/eeshenggoh-116.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "eeshenggoh", 4 | "risk": "3", 5 | "title": "Inflation Attack from frontrunning", 6 | "issueId": 116, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/116" 8 | } -------------------------------------------------------------------------------- /data/emerald7017-311.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "emerald7017", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 311, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/311" 8 | } -------------------------------------------------------------------------------- /data/emerald7017-313.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "emerald7017", 4 | "risk": "2", 5 | "title": "Lacks of explicit validation risking malicious token exploits and vulnerabilities.", 6 | "issueId": 313, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/313" 8 | } -------------------------------------------------------------------------------- /data/emerald7017-314.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "emerald7017", 4 | "risk": "2", 5 | "title": "Direct ERC-20 transfers risk reentrancy vulnerabilities, unexpected behavior. ", 6 | "issueId": 314, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/314" 8 | } -------------------------------------------------------------------------------- /data/emerald7017-315.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "emerald7017", 4 | "risk": "2", 5 | "title": "Liquidation mechanism risks premature liquidations, predatory behavior, protocol instability.", 6 | "issueId": 315, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/315" 8 | } -------------------------------------------------------------------------------- /data/erosjohn-218.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "erosjohn", 4 | "risk": "2", 5 | "title": "V3Vault.sol#liquidate debtShares check too strict can be DOSed", 6 | "issueId": 218, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/218" 8 | } -------------------------------------------------------------------------------- /data/erosjohn-226.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "erosjohn", 4 | "risk": "2", 5 | "title": "V3Vault.sol#maxWithdraw does not take the borrowed assets into account which will result in possible revert when withdrawing the assets", 6 | "issueId": 226, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/226" 8 | } -------------------------------------------------------------------------------- /data/falconhoof-455.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "falconhoof", 4 | "risk": "2", 5 | "title": "No `minLoanSize` means liquidators will have no incentive to liquidate small positions", 6 | "issueId": 455, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/455" 8 | } -------------------------------------------------------------------------------- /data/falconhoof-457.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "falconhoof", 4 | "risk": "2", 5 | "title": "Vault does not conform to ERC4626", 6 | "issueId": 457, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/457" 8 | } -------------------------------------------------------------------------------- /data/falconhoof-459.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "falconhoof", 4 | "risk": "3", 5 | "title": "Protocol can be repeatedly gas griefed in `AutoRange` external call", 6 | "issueId": 459, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/459" 8 | } -------------------------------------------------------------------------------- /data/falconhoof-460.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "falconhoof", 4 | "risk": "2", 5 | "title": "Lack of deadline in `NonfungiblePositionManager` interactions means transactions can be maliciously executed", 6 | "issueId": 460, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/460" 8 | } -------------------------------------------------------------------------------- /data/falconhoof-461.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "falconhoof", 4 | "risk": "3", 5 | "title": "Borrower can evade liquidation indefintiely by front running liquidation attempts", 6 | "issueId": 461, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/461" 8 | } -------------------------------------------------------------------------------- /data/falconhoof-467.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "falconhoof", 4 | "risk": "3", 5 | "title": "Borrower can evade liquidation and gas grief liquidators using malicious `onERC721Received` implementation", 6 | "issueId": 467, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/467" 8 | } -------------------------------------------------------------------------------- /data/fouzantanveer-437.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "fouzantanveer", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 437, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/437" 8 | } -------------------------------------------------------------------------------- /data/givn-330.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "givn", 4 | "risk": "3", 5 | "title": "Liquidation can be frontrun by liquidatee and reverted", 6 | "issueId": 330, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/330" 8 | } -------------------------------------------------------------------------------- /data/givn-335.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "givn", 4 | "risk": "3", 5 | "title": "Liquidation can be reverted by a malicious user", 6 | "issueId": 335, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/335" 8 | } -------------------------------------------------------------------------------- /data/givn-337.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "givn", 4 | "risk": "2", 5 | "title": "Missing slippage protection in V3Vault", 6 | "issueId": 337, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/337" 8 | } -------------------------------------------------------------------------------- /data/grearlake-410.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "grearlake", 4 | "risk": "2", 5 | "title": "V3Oracle._getReferencePoolPriceX96() return wrong price when tick is negative", 6 | "issueId": 410, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/410" 8 | } -------------------------------------------------------------------------------- /data/grearlake-421.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "grearlake", 4 | "risk": "2", 5 | "title": "Risk when settings `twapSeconds` for token's feedConfig: price can be manipulated", 6 | "issueId": 421, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/421" 8 | } -------------------------------------------------------------------------------- /data/grearlake-440.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "grearlake", 4 | "risk": "2", 5 | "title": "Attacker can avoid being liquidated without repay full by front-running and partial repay", 6 | "issueId": 440, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/440" 8 | } -------------------------------------------------------------------------------- /data/grearlake-451.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "grearlake", 4 | "risk": "2", 5 | "title": "No slippage check during withdraw/deposit", 6 | "issueId": 451, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/451" 8 | } -------------------------------------------------------------------------------- /data/grearlake-463.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "grearlake", 4 | "risk": "2", 5 | "title": "Griefing attack: attack can prevent full repay by repay dust amount for position", 6 | "issueId": 463, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/463" 8 | } -------------------------------------------------------------------------------- /data/grearlake-490.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "grearlake", 4 | "risk": "3", 5 | "title": "If 2 tokens have different decimals, price returned from `_getReferencePoolPriceX96()` can be wrong", 6 | "issueId": 490, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/490" 8 | } -------------------------------------------------------------------------------- /data/grearlake-498.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "grearlake", 4 | "risk": "2", 5 | "title": "Wrong number of ticks returned, which can lead to unexpected revert", 6 | "issueId": 498, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/498" 8 | } -------------------------------------------------------------------------------- /data/grearlake-511.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "grearlake", 4 | "risk": "2", 5 | "title": "Griefing attack: attacker can create multiple borrow with dust amount to make protocol suffer bad debt due to lack of incentive to liquidate them", 6 | "issueId": 511, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/511" 8 | } -------------------------------------------------------------------------------- /data/hassan-truscova-240.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "hassan-truscova", 4 | "risk": "2", 5 | "title": "The exchange rate change in the case of Lossy Strategy will cause the Vault to be under-collateralized for ERC4626 Yield Vaults", 6 | "issueId": 240, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/240" 8 | } -------------------------------------------------------------------------------- /data/hassan-truscova-360.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "hassan-truscova", 4 | "risk": "2", 5 | "title": "Lack of Slippage Protection in `_sendPositionValue` Function Interaction with Uniswap V3", 6 | "issueId": 360, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/360" 8 | } -------------------------------------------------------------------------------- /data/hassan-truscova-370.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "hassan-truscova", 4 | "risk": "2", 5 | "title": "ownedTokensIndex is SHARED by different owners, as a result, _removeTokenFromOwner might remove the wrong tokenId", 6 | "issueId": 370, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/370" 8 | } -------------------------------------------------------------------------------- /data/hassan-truscova-386.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "hassan-truscova", 4 | "risk": "3", 5 | "title": "Unable to redeem from Vault", 6 | "issueId": 386, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/386" 8 | } -------------------------------------------------------------------------------- /data/havewemeetbefore-310.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "havewemeetbefore", 4 | "risk": "3", 5 | "title": "AutoCompound Holding Can Be Drained By Reentrancy Attack", 6 | "issueId": 310, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/310" 8 | } -------------------------------------------------------------------------------- /data/hexbyte-7.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "hexbyte", 4 | "risk": "2", 5 | "title": "Use try-catch for Chainlink calls, multisigs can block access ", 6 | "issueId": 7, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/7" 8 | } -------------------------------------------------------------------------------- /data/hunter_w3b-442.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "hunter_w3b", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 442, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/442" 8 | } -------------------------------------------------------------------------------- /data/hunter_w3b-468.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "hunter_w3b", 4 | "risk": "3", 5 | "title": "Reentrancy in the `V3Vault::_deposit()` function", 6 | "issueId": 468, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/468" 8 | } -------------------------------------------------------------------------------- /data/hunter_w3b-474.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "hunter_w3b", 4 | "risk": "2", 5 | "title": "`V3Vault::_calculateGlobalInterest` Rounding error", 6 | "issueId": 474, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/474" 8 | } -------------------------------------------------------------------------------- /data/hunter_w3b-478.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "hunter_w3b", 4 | "risk": "3", 5 | "title": "`priceX96` and `verifyPriceX96` variables are used wrong `V3Oracle::_getReferenceTokenPriceX96`", 6 | "issueId": 478, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/478" 8 | } -------------------------------------------------------------------------------- /data/hunter_w3b-481.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "hunter_w3b", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 481, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/481" 8 | } -------------------------------------------------------------------------------- /data/iamandreiski-114.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "iamandreiski", 4 | "risk": "2", 5 | "title": "Liquidations can be indefinitely postponed/avoided by token owners which refuse to accept the NFT", 6 | "issueId": 114, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/114" 8 | } -------------------------------------------------------------------------------- /data/iamandreiski-158.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "iamandreiski", 4 | "risk": "3", 5 | "title": "Tokens can't be removed as a collateral without breaking some liquidations and other core functions", 6 | "issueId": 158, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/158" 8 | } -------------------------------------------------------------------------------- /data/iamandreiski-160.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "iamandreiski", 4 | "risk": "2", 5 | "title": "No check for sequencer uptime can lead to stale prices + stale exchange / interest rates", 6 | "issueId": 160, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/160" 8 | } -------------------------------------------------------------------------------- /data/iamandreiski-166.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "iamandreiski", 4 | "risk": "2", 5 | "title": "Modifying the collateralFactor setting can default existing loans", 6 | "issueId": 166, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/166" 8 | } -------------------------------------------------------------------------------- /data/invitedtea-495.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "invitedtea", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 495, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/495" 8 | } -------------------------------------------------------------------------------- /data/jesusrod15-162.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "jesusrod15", 4 | "risk": "3", 5 | "title": " users can steal funds using permitData when call certain functions", 6 | "issueId": 162, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/162" 8 | } -------------------------------------------------------------------------------- /data/jnforja-229.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "jnforja", 4 | "risk": "2", 5 | "title": "`V3Vault::createWithPermit` and `V3Utils::executeWithPermit` can be griefed by front-running `INonfungiblePositionManager::permit`", 6 | "issueId": 229, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/229" 8 | } -------------------------------------------------------------------------------- /data/jnforja-259.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "jnforja", 4 | "risk": "2", 5 | "title": "V3Vault is not ERC-4626 compliant", 6 | "issueId": 259, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/259" 8 | } -------------------------------------------------------------------------------- /data/jnforja-375.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "jnforja", 4 | "risk": "3", 5 | "title": "Attackers can front-run calls to `V3Vault::liquidate` and make them revert", 6 | "issueId": 375, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/375" 8 | } -------------------------------------------------------------------------------- /data/kaveyjoe-167.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "kaveyjoe", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 167, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/167" 8 | } -------------------------------------------------------------------------------- /data/kennedy1030-205.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "kennedy1030", 4 | "risk": "3", 5 | "title": "Improper validation of liquidation reward in `FlashloanLiquidator.uniswapV3FlashCallback()`.", 6 | "issueId": 205, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/205" 8 | } -------------------------------------------------------------------------------- /data/kennedy1030-215.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "kennedy1030", 4 | "risk": "3", 5 | "title": "Integer overflow may happen in `V3Oracle._getReferenceTokenPriceX96()`.", 6 | "issueId": 215, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/215" 8 | } -------------------------------------------------------------------------------- /data/kennedy1030-216.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "kennedy1030", 4 | "risk": "3", 5 | "title": "`AutoExit` could receive a reward calculated from the entire position's fund even if `onlyFee` is true in `AutoExit.execute()`.", 6 | "issueId": 216, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/216" 8 | } -------------------------------------------------------------------------------- /data/kennedy1030-217.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "kennedy1030", 4 | "risk": "2", 5 | "title": "# Title: Improper limit validation of `totalSupply` in `V3Vault._deposit()`.", 6 | "issueId": 217, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/217" 8 | } -------------------------------------------------------------------------------- /data/kennedy1030-219.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "kennedy1030", 4 | "risk": "2", 5 | "title": "Improper calculation of `dailyLendIncreaseLimitLeft` in `V3Vault._resetDailyLendIncreaseLimit()`.", 6 | "issueId": 219, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/219" 8 | } -------------------------------------------------------------------------------- /data/kennedy1030-220.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "kennedy1030", 4 | "risk": "2", 5 | "title": "Improper return of `chainlinkReferencePriceX96` in `V3Oracle._getReferenceTokenPriceX96()`.", 6 | "issueId": 220, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/220" 8 | } -------------------------------------------------------------------------------- /data/kennedy1030-221.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "kennedy1030", 4 | "risk": "2", 5 | "title": "Any full settlement carried out by `LeverageTransformer.leverageDown()` is consistently reverted.", 6 | "issueId": 221, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/221" 8 | } -------------------------------------------------------------------------------- /data/kfx-211.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "kfx", 4 | "risk": "2", 5 | "title": "The effective daily lend and debt limits are much larger than intended", 6 | "issueId": 211, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/211" 8 | } -------------------------------------------------------------------------------- /data/kfx-213.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "kfx", 4 | "risk": "2", 5 | "title": "The repository is vulnerable to `permit` front-running attacks.", 6 | "issueId": 213, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/213" 8 | } -------------------------------------------------------------------------------- /data/kfx-222.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "kfx", 4 | "risk": "2", 5 | "title": "Repayments and liquidations can be forced to revert by an attacker that repays miniscule amount of shares", 6 | "issueId": 222, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/222" 8 | } -------------------------------------------------------------------------------- /data/kfx-223.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "kfx", 4 | "risk": "2", 5 | "title": "Positions should be liquidable if they are unhealthy according to the oracle price's implied value", 6 | "issueId": 223, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/223" 8 | } -------------------------------------------------------------------------------- /data/kfx-300.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "kfx", 4 | "risk": "2", 5 | "title": "Chainlink price computation may overflow for some valid price values", 6 | "issueId": 300, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/300" 8 | } -------------------------------------------------------------------------------- /data/kfx-356.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "kfx", 4 | "risk": "3", 5 | "title": "Lend exchange rate can become zero, effectively bricking the vault", 6 | "issueId": 356, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/356" 8 | } -------------------------------------------------------------------------------- /data/kinda_very_good-476.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "kinda_very_good", 4 | "risk": "3", 5 | "title": "A malicious actor can create a position with a recipient contract that does not follow the IERC721Receiver standard, hence being unliquidatable whilst still having access to the arbitrage the funds in the NFT via the V3Vault::transfrom function", 6 | "issueId": 476, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/476" 8 | } -------------------------------------------------------------------------------- /data/kinda_very_good-500.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "kinda_very_good", 4 | "risk": "3", 5 | "title": "Borrowers can stop liquidations by front running them with miniscule repays ", 6 | "issueId": 500, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/500" 8 | } -------------------------------------------------------------------------------- /data/kinda_very_good-502.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "kinda_very_good", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 502, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/502" 8 | } -------------------------------------------------------------------------------- /data/kinda_very_good-Q.md: -------------------------------------------------------------------------------- 1 | The V3Vault.createWithPermit can be front run malicious actor calling permit themselves on the uniswap npm contract hence gas griefing the user -------------------------------------------------------------------------------- /data/kodyvim-169.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "kodyvim", 4 | "risk": "2", 5 | "title": "Incorrect prices would be returned for negative ticks", 6 | "issueId": 169, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/169" 8 | } -------------------------------------------------------------------------------- /data/kodyvim-170.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "kodyvim", 4 | "risk": "2", 5 | "title": "Missing slippage exposes position minting to unlimited slippage", 6 | "issueId": 170, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/170" 8 | } -------------------------------------------------------------------------------- /data/ktg-184.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "ktg", 4 | "risk": "2", 5 | "title": "Gas theft / Dos in AutoRange execute function.", 6 | "issueId": 184, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/184" 8 | } -------------------------------------------------------------------------------- /data/ktg-202.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "ktg", 4 | "risk": "3", 5 | "title": "Users cannot stop loss in AutoRange and AutoExit ", 6 | "issueId": 202, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/202" 8 | } -------------------------------------------------------------------------------- /data/ktg-271.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "ktg", 4 | "risk": "3", 5 | "title": "Users can profit by calling Vault functions on the same block", 6 | "issueId": 271, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/271" 8 | } -------------------------------------------------------------------------------- /data/ktg-303.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "ktg", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 303, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/303" 8 | } -------------------------------------------------------------------------------- /data/ktg-318.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "ktg", 4 | "risk": "2", 5 | "title": "AutoRange does not check if lowerTick and upperTick is compatible with tick spacing", 6 | "issueId": 318, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/318" 8 | } -------------------------------------------------------------------------------- /data/ktg-365.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "ktg", 4 | "risk": "2", 5 | "title": "Users's tokens stuck in AutoCompound after Vault is disabled.", 6 | "issueId": 365, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/365" 8 | } -------------------------------------------------------------------------------- /data/lanrebayode77-125.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "lanrebayode77", 4 | "risk": "2", 5 | "title": "DOS of permit related functions", 6 | "issueId": 125, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/125" 8 | } -------------------------------------------------------------------------------- /data/lanrebayode77-130.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "lanrebayode77", 4 | "risk": "2", 5 | "title": "Incorrect price manipulation check", 6 | "issueId": 130, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/130" 8 | } -------------------------------------------------------------------------------- /data/lanrebayode77-133.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "lanrebayode77", 4 | "risk": "2", 5 | "title": "Bypassing max borrow of a collateral ", 6 | "issueId": 133, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/133" 8 | } -------------------------------------------------------------------------------- /data/lanrebayode77-134.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "lanrebayode77", 4 | "risk": "3", 5 | "title": "Exploiting transform() to get free flash loan.", 6 | "issueId": 134, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/134" 8 | } -------------------------------------------------------------------------------- /data/lanrebayode77-137.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "lanrebayode77", 4 | "risk": "3", 5 | "title": "User token might remain stuck in the V3Vault contract if collateral threshold has been surpassed.", 6 | "issueId": 137, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/137" 8 | } -------------------------------------------------------------------------------- /data/lanrebayode77-139.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "lanrebayode77", 4 | "risk": "3", 5 | "title": "Liquidation can be frontrunned with dust repayment", 6 | "issueId": 139, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/139" 8 | } -------------------------------------------------------------------------------- /data/lanrebayode77-140.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "lanrebayode77", 4 | "risk": "2", 5 | "title": "dailyDebtIncreaseLimitLeft is not updated in liquidate().", 6 | "issueId": 140, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/140" 8 | } -------------------------------------------------------------------------------- /data/lightoasis-16.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "lightoasis", 4 | "risk": "3", 5 | "title": "The first depositor can break the minting of shares.", 6 | "issueId": 16, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/16" 8 | } -------------------------------------------------------------------------------- /data/lightoasis-28.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "lightoasis", 4 | "risk": "3", 5 | "title": "Liquidations could use price data from an invalid Chainlink response", 6 | "issueId": 28, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/28" 8 | } -------------------------------------------------------------------------------- /data/lightoasis-32.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "lightoasis", 4 | "risk": "2", 5 | "title": "Missing circuit breaker checks in getValue() for Chainlink's price feed ", 6 | "issueId": 32, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/32" 8 | } -------------------------------------------------------------------------------- /data/lightoasis-33.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "lightoasis", 4 | "risk": "3", 5 | "title": "Reentrancy issue in V3Vault.sol.create()", 6 | "issueId": 33, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/33" 8 | } -------------------------------------------------------------------------------- /data/lightoasis-34.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "lightoasis", 4 | "risk": "3", 5 | "title": "If the borrower enters token blacklist, LP may never be able to retrieve Liquidity", 6 | "issueId": 34, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/34" 8 | } -------------------------------------------------------------------------------- /data/lightoasis-38.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "lightoasis", 4 | "risk": "3", 5 | "title": "Dangerous use of deadline parameter when interacting with Uniswap's INonfungiblePositionManager", 6 | "issueId": 38, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/38" 8 | } -------------------------------------------------------------------------------- /data/lightoasis-40.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "lightoasis", 4 | "risk": "2", 5 | "title": "Hardcoded slippage values could lead to problems during liquidation.", 6 | "issueId": 40, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/40" 8 | } -------------------------------------------------------------------------------- /data/lightoasis-50.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "lightoasis", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 50, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/50" 8 | } -------------------------------------------------------------------------------- /data/lightoasis-52.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "lightoasis", 4 | "risk": "2", 5 | "title": "User deposits don't have min. return checks", 6 | "issueId": 52, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/52" 8 | } -------------------------------------------------------------------------------- /data/linmiaomiao-475.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "linmiaomiao", 4 | "risk": "3", 5 | "title": "using 18 decimals ERC20 tokens as reference token will cause overflow in price calculation", 6 | "issueId": 475, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/475" 8 | } -------------------------------------------------------------------------------- /data/linmiaomiao-494.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "linmiaomiao", 4 | "risk": "2", 5 | "title": "Wrong globalLendLimit check", 6 | "issueId": 494, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/494" 8 | } -------------------------------------------------------------------------------- /data/lrivo-159.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "lrivo", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 159, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/159" 8 | } -------------------------------------------------------------------------------- /data/maxim371-136.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "maxim371", 4 | "risk": "3", 5 | "title": "Swapper.sol::_poolSwap ", 6 | "issueId": 136, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/136" 8 | } -------------------------------------------------------------------------------- /data/maxim371-37.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "maxim371", 4 | "risk": "3", 5 | "title": "V3Oracle.sol::_getReferencePoolPriceX96 will be sandwitched attacked with flashloan", 6 | "issueId": 37, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/37" 8 | } -------------------------------------------------------------------------------- /data/maxim371-47.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "maxim371", 4 | "risk": "2", 5 | "title": "V3Oracle.sol::setTokenConfig", 6 | "issueId": 47, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/47" 8 | } -------------------------------------------------------------------------------- /data/maxim371-65.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "maxim371", 4 | "risk": "2", 5 | "title": "unitialized loop in AutoCompound.sol::withdrawBalances leads to unintended consequences", 6 | "issueId": 65, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/65" 8 | } -------------------------------------------------------------------------------- /data/maxim371-66.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "maxim371", 4 | "risk": "2", 5 | "title": "AutoRange.sol::execute code logic leads to unintended consequnces", 6 | "issueId": 66, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/66" 8 | } -------------------------------------------------------------------------------- /data/n1punp-3.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "n1punp", 4 | "risk": "3", 5 | "title": "V3Oracle will cause reverts in blackswan event where users (and liquidators) cannot modify the positions, which may lead to underwater positions (due to TWAP not being able to catch up)", 6 | "issueId": 3, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/3" 8 | } -------------------------------------------------------------------------------- /data/nmirchev8-30.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "nmirchev8", 4 | "risk": "3", 5 | "title": "Front-running to ERC20 permit2 would lock signer funds in vault ", 6 | "issueId": 30, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/30" 8 | } -------------------------------------------------------------------------------- /data/nmirchev8-51.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "nmirchev8", 4 | "risk": "3", 5 | "title": "If borrower is not `IERC721Receiver`, his position cannot be liquidated and can accrue a lot of bad dept ", 6 | "issueId": 51, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/51" 8 | } -------------------------------------------------------------------------------- /data/nmirchev8-57.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "nmirchev8", 4 | "risk": "3", 5 | "title": "No slippage protection when decreasing liquidity could lead to liquidator funds being lost", 6 | "issueId": 57, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/57" 8 | } -------------------------------------------------------------------------------- /data/nmirchev8-59.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "nmirchev8", 4 | "risk": "2", 5 | "title": " User can DoS being liquidated if he repays only `1` share, before someone tries to liquidate him", 6 | "issueId": 59, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/59" 8 | } -------------------------------------------------------------------------------- /data/nnez-36.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "nnez", 4 | "risk": "3", 5 | "title": "Malicious contract can prevent liquidation on its position by reverting on `onERC721Received`", 6 | "issueId": 36, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/36" 8 | } -------------------------------------------------------------------------------- /data/novamanbg-29.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "novamanbg", 4 | "risk": "2", 5 | "title": "Gas griefing/theft is possible on unsafe external call", 6 | "issueId": 29, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/29" 8 | } -------------------------------------------------------------------------------- /data/novamanbg-35.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "novamanbg", 4 | "risk": "3", 5 | "title": "`executeWithPermit` puts a users position in danger", 6 | "issueId": 35, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/35" 8 | } -------------------------------------------------------------------------------- /data/novamanbg-8.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "novamanbg", 4 | "risk": "3", 5 | "title": "An NFT transfer in liquidate function can be used to make positions that cannot be liquidated", 6 | "issueId": 8, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/8" 8 | } -------------------------------------------------------------------------------- /data/paul4912-268.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "paul4912", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 268, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/268" 8 | } -------------------------------------------------------------------------------- /data/popeye-153.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "popeye", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 153, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/153" 8 | } -------------------------------------------------------------------------------- /data/pynschon-239.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "pynschon", 4 | "risk": "2", 5 | "title": "Vault incorrectly uses `totalSupply()` to check if `GlobalLendLimit` was reached", 6 | "issueId": 239, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/239" 8 | } -------------------------------------------------------------------------------- /data/ravikiranweb3-5.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "ravikiranweb3", 4 | "risk": "3", 5 | "title": "FlashloanLiquidator::uniswapV3FlashCallback() is vulnerable to attack via an EOA manipulating the callback function", 6 | "issueId": 5, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/5" 8 | } -------------------------------------------------------------------------------- /data/ravikiranweb3-6.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "ravikiranweb3", 4 | "risk": "3", 5 | "title": "FlashloanLiquidator::uniswapV3SwapCallback() is vulnerable to attack via an EOA manipulating the callback function", 6 | "issueId": 6, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/6" 8 | } -------------------------------------------------------------------------------- /data/roguereggiant-69.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "roguereggiant", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 69, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/69" 8 | } -------------------------------------------------------------------------------- /data/santiellena-388.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "santiellena", 4 | "risk": "3", 5 | "title": "Forged permit data enables zero-cost payments", 6 | "issueId": 388, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/388" 8 | } -------------------------------------------------------------------------------- /data/santiellena-390.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "santiellena", 4 | "risk": "2", 5 | "title": " `V3Utils::execute` is missing `msg.sender` check", 6 | "issueId": 390, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/390" 8 | } -------------------------------------------------------------------------------- /data/santiellena-392.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "santiellena", 4 | "risk": "2", 5 | "title": "`V3Vault::mint` with `permitData` can be DoS’d", 6 | "issueId": 392, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/392" 8 | } -------------------------------------------------------------------------------- /data/shaka-329.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "shaka", 4 | "risk": "2", 5 | "title": "Daily limits are calculated incorrectly", 6 | "issueId": 329, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/329" 8 | } -------------------------------------------------------------------------------- /data/shaka-332.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "shaka", 4 | "risk": "2", 5 | "title": "`V3Vault` does not implement correctly `maxDeposit` and `maxMint`", 6 | "issueId": 332, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/332" 8 | } -------------------------------------------------------------------------------- /data/shaka-333.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "shaka", 4 | "risk": "2", 5 | "title": "Liquidations can be DoSed by repaying minimum amount", 6 | "issueId": 333, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/333" 8 | } -------------------------------------------------------------------------------- /data/shaka-336.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "shaka", 4 | "risk": "2", 5 | "title": "Loans can be liquidated in the block after their creation", 6 | "issueId": 336, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/336" 8 | } -------------------------------------------------------------------------------- /data/shamsulhaq123-438.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "shamsulhaq123", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 438, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/438" 8 | } -------------------------------------------------------------------------------- /data/sil3th-164.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "sil3th", 4 | "risk": "3", 5 | "title": "`_checkLoanIsHealthy` does not Account for fees Causing Loss of Protocol funds. ", 6 | "issueId": 164, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/164" 8 | } -------------------------------------------------------------------------------- /data/sil3th-165.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "sil3th", 4 | "risk": "2", 5 | "title": "`createWithPermit` does not do a Zero Address Check", 6 | "issueId": 165, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/165" 8 | } -------------------------------------------------------------------------------- /data/sil3th-282.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "sil3th", 4 | "risk": "2", 5 | "title": "Inactive _operator can still execute swaps and take fees.", 6 | "issueId": 282, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/282" 8 | } -------------------------------------------------------------------------------- /data/sil3th-284.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "sil3th", 4 | "risk": "2", 5 | "title": "Looping over unbounded array can result in a state of DoS", 6 | "issueId": 284, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/284" 8 | } -------------------------------------------------------------------------------- /data/sil3th-287.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "sil3th", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 287, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/287" 8 | } -------------------------------------------------------------------------------- /data/slvDev-83.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "slvDev", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 83, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/83" 8 | } -------------------------------------------------------------------------------- /data/slvDev-84.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "slvDev", 4 | "risk": "G", 5 | "title": "Gas Optimizations", 6 | "issueId": 84, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/84" 8 | } -------------------------------------------------------------------------------- /data/stackachu-378.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "stackachu", 4 | "risk": "3", 5 | "title": "Borrower can block liquidation by reverting in onERC721Received", 6 | "issueId": 378, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/378" 8 | } -------------------------------------------------------------------------------- /data/stonejiajia-100.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "stonejiajia", 4 | "risk": "2", 5 | "title": "Permits have built-in replay protection and can be submitted by anyone, they can be frontrun. ", 6 | "issueId": 100, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/100" 8 | } -------------------------------------------------------------------------------- /data/stonejiajia-95.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "stonejiajia", 4 | "risk": "2", 5 | "title": "The deposite withdraw function lacks nonReentrant protection, which may pose a risk of reentrancy attacks.", 6 | "issueId": 95, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/95" 8 | } -------------------------------------------------------------------------------- /data/sumitchauhan-354.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "sumitchauhan", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 354, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/354" 8 | } -------------------------------------------------------------------------------- /data/t4sk-10.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "t4sk", 4 | "risk": "2", 5 | "title": "Asymmetric calculation of price difference", 6 | "issueId": 10, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/10" 8 | } -------------------------------------------------------------------------------- /data/t4sk-135.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "t4sk", 4 | "risk": "2", 5 | "title": "V3Vault user can borrow above daily debt limit", 6 | "issueId": 135, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/135" 8 | } -------------------------------------------------------------------------------- /data/t4sk-180.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "t4sk", 4 | "risk": "2", 5 | "title": "Repayment with asset can leave dust", 6 | "issueId": 180, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/180" 8 | } -------------------------------------------------------------------------------- /data/t4sk-22.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "t4sk", 4 | "risk": "2", 5 | "title": "V3Oracle._getReferenceTokenPriceX96 resets cachedChainlinkReferencePriceX96 to 0", 6 | "issueId": 22, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/22" 8 | } -------------------------------------------------------------------------------- /data/t4sk-24.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "t4sk", 4 | "risk": "3", 5 | "title": "V3Oracle._getReferenceTokenPriceX96 can easily overflow if reference token has 18 decimals", 6 | "issueId": 24, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/24" 8 | } -------------------------------------------------------------------------------- /data/t4sk-4.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "t4sk", 4 | "risk": "2", 5 | "title": "Missing check on jumpMultiplierPerYearX96 can lead to lower interest rate above the kink", 6 | "issueId": 4, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/4" 8 | } -------------------------------------------------------------------------------- /data/t4sk-9.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "t4sk", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 9, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/9" 8 | } -------------------------------------------------------------------------------- /data/t4sk-90.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "t4sk", 4 | "risk": "2", 5 | "title": "V3Vault - deposit beyond dailyLendLimit", 6 | "issueId": 90, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/90" 8 | } -------------------------------------------------------------------------------- /data/th3l1ghtd3m0n-234.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "th3l1ghtd3m0n", 4 | "risk": "2", 5 | "title": "Dangerous use of deadline parameter", 6 | "issueId": 234, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/234" 8 | } -------------------------------------------------------------------------------- /data/th3l1ghtd3m0n-236.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "th3l1ghtd3m0n", 4 | "risk": "2", 5 | "title": "`mint`, `increaseLiquidity` and `decreaseLiquidity` missing slippage protection", 6 | "issueId": 236, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/236" 8 | } -------------------------------------------------------------------------------- /data/th3l1ghtd3m0n-89.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "th3l1ghtd3m0n", 4 | "risk": "2", 5 | "title": "`V3Vault.sol` cannot always receive the expected amount of deposits/repays when `permitData.length > 0`", 6 | "issueId": 89, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/89" 8 | } -------------------------------------------------------------------------------- /data/thank_you-424.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "thank_you", 4 | "risk": "2", 5 | "title": "Daily limit invariant can break when setting limits without daily limit updates", 6 | "issueId": 424, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/424" 8 | } -------------------------------------------------------------------------------- /data/thank_you-426.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "thank_you", 4 | "risk": "3", 5 | "title": "Vault.liquidate() doesn't send liquidation reward to recipient", 6 | "issueId": 426, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/426" 8 | } -------------------------------------------------------------------------------- /data/thank_you-427.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "thank_you", 4 | "risk": "2", 5 | "title": "setReserveFactor fails to update global interest before updating reserve factor", 6 | "issueId": 427, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/427" 8 | } -------------------------------------------------------------------------------- /data/thank_you-429.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "thank_you", 4 | "risk": "2", 5 | "title": "Lowering collateral factor can lead to immediate liquidations", 6 | "issueId": 429, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/429" 8 | } -------------------------------------------------------------------------------- /data/thank_you-430.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "thank_you", 4 | "risk": "2", 5 | "title": "totalDebtShares is applied to tokens when the NFT position doesn't hold any of the asset", 6 | "issueId": 430, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/430" 8 | } -------------------------------------------------------------------------------- /data/thank_you-431.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "thank_you", 4 | "risk": "2", 5 | "title": "Users can liquidate Vault loan with token other than Vault asset", 6 | "issueId": 431, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/431" 8 | } -------------------------------------------------------------------------------- /data/thank_you-432.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "thank_you", 4 | "risk": "3", 5 | "title": "Users can repay Vault with non-assets and repay loan", 6 | "issueId": 432, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/432" 8 | } -------------------------------------------------------------------------------- /data/thank_you-433.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "thank_you", 4 | "risk": "3", 5 | "title": "Users can deposit Vault non-assets and receive shares", 6 | "issueId": 433, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/433" 8 | } -------------------------------------------------------------------------------- /data/thank_you-434.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "thank_you", 4 | "risk": "2", 5 | "title": "Depositing assets doesn't contain a slippage check", 6 | "issueId": 434, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/434" 8 | } -------------------------------------------------------------------------------- /data/thank_you-471.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "thank_you", 4 | "risk": "2", 5 | "title": "Collateral factor calculates collateral factor unfairly when position doesn't have any tokens", 6 | "issueId": 471, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/471" 8 | } -------------------------------------------------------------------------------- /data/tpiliposian-17.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "tpiliposian", 4 | "risk": "2", 5 | "title": "Missing caller validation for leveragetransformer's functions", 6 | "issueId": 17, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/17" 8 | } -------------------------------------------------------------------------------- /data/tpiliposian-2.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "tpiliposian", 4 | "risk": "2", 5 | "title": "Create and Execute with permit can be blocked", 6 | "issueId": 2, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/2" 8 | } -------------------------------------------------------------------------------- /data/wangxx2026-319.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "wangxx2026", 4 | "risk": "3", 5 | "title": "Unscrupulous users can block being liquidated", 6 | "issueId": 319, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/319" 8 | } -------------------------------------------------------------------------------- /data/wangxx2026-347.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "wangxx2026", 4 | "risk": "2", 5 | "title": "Some methods do not fully support ERC4642", 6 | "issueId": 347, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/347" 8 | } -------------------------------------------------------------------------------- /data/wangxx2026-367.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "wangxx2026", 4 | "risk": "2", 5 | "title": "Forced limit updates can result in unexpected increases in the day's limit", 6 | "issueId": 367, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/367" 8 | } -------------------------------------------------------------------------------- /data/web3Tycoon-225.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "web3Tycoon", 4 | "risk": "3", 5 | "title": "A position can frontrun the liquidators when they call `liquidate` in `V3Vault.sol`.", 6 | "issueId": 225, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/225" 8 | } -------------------------------------------------------------------------------- /data/web3Tycoon-227.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "web3Tycoon", 4 | "risk": "2", 5 | "title": "wrong use of signs in `AutoExit` causing the `Execute` function to revert", 6 | "issueId": 227, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/227" 8 | } -------------------------------------------------------------------------------- /data/web3Tycoon-228.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "web3Tycoon", 4 | "risk": "Q", 5 | "title": "QA Report", 6 | "issueId": 228, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/228" 8 | } -------------------------------------------------------------------------------- /data/web3Tycoon-376.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "web3Tycoon", 4 | "risk": "3", 5 | "title": "Funds may get locked in `V3Utils` when `instructions.targetcontract` is not valid", 6 | "issueId": 376, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/376" 8 | } -------------------------------------------------------------------------------- /data/web3Tycoon-Q.md: -------------------------------------------------------------------------------- 1 | Missing event in `LeverageTransformer` in both `leverageUp` and `leverageDown` 2 | an event should be emmitted onces this two execution are successful. -------------------------------------------------------------------------------- /data/y0ng0p3-142.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "y0ng0p3", 4 | "risk": "3", 5 | "title": "V3Oracle::_getReferencePoolPriceX96() is susceptible to flashloan exploits", 6 | "issueId": 142, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/142" 8 | } -------------------------------------------------------------------------------- /data/y0ng0p3-143.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "y0ng0p3", 4 | "risk": "3", 5 | "title": "Lack of slippage protection in V3Vault::_deposit() and V3Vault::_withdraw()", 6 | "issueId": 143, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/143" 8 | } -------------------------------------------------------------------------------- /data/y0ng0p3-144.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "y0ng0p3", 4 | "risk": "2", 5 | "title": "Unhandled Chainlink revert allows oracle DoS", 6 | "issueId": 144, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/144" 8 | } -------------------------------------------------------------------------------- /data/y0ng0p3-145.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "y0ng0p3", 4 | "risk": "2", 5 | "title": "V3Vault::deposit(), V3Vault::withdraw(), V3Vault::mint() and V3Vault::redeem() do not check for the maximums values", 6 | "issueId": 145, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/145" 8 | } -------------------------------------------------------------------------------- /data/y0ng0p3-146.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "y0ng0p3", 4 | "risk": "2", 5 | "title": "Lack of an effective emergency system", 6 | "issueId": 146, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/146" 8 | } -------------------------------------------------------------------------------- /data/y0ng0p3-147.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "y0ng0p3", 4 | "risk": "2", 5 | "title": "Dangerous use of deadline parameter", 6 | "issueId": 147, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/147" 8 | } -------------------------------------------------------------------------------- /data/y0ng0p3-148.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "y0ng0p3", 4 | "risk": "2", 5 | "title": "Calls to nonfungiblePositionManager.increaseLiquidity, nonfungiblePositionManager.decreaseLiquidity and nonfungiblePositionManager.mint are missing slippage protection in AutoCompound, V3Vault and AutoRange contracts", 6 | "issueId": 148, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/148" 8 | } -------------------------------------------------------------------------------- /data/y0ng0p3-149.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "y0ng0p3", 4 | "risk": "2", 5 | "title": "Reading price for assets on the forex markets outside the forex market hours", 6 | "issueId": 149, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/149" 8 | } -------------------------------------------------------------------------------- /data/y0ng0p3-150.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "y0ng0p3", 4 | "risk": "2", 5 | "title": "The deposit - withdraw - trade transaction lack of expiration timestamp check", 6 | "issueId": 150, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/150" 8 | } -------------------------------------------------------------------------------- /data/y0ng0p3-151.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "y0ng0p3", 4 | "risk": "2", 5 | "title": "previewRedeem and redeem functions deviate from the ERC4626 specification", 6 | "issueId": 151, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/151" 8 | } -------------------------------------------------------------------------------- /data/yongskiws-517.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "yongskiws", 4 | "risk": "Analysis", 5 | "title": "Analysis", 6 | "issueId": 517, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/517" 8 | } -------------------------------------------------------------------------------- /data/zaevlad-355.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "zaevlad", 4 | "risk": "2", 5 | "title": "A malicious user can steal tokens from the Swapper ", 6 | "issueId": 355, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/355" 8 | } -------------------------------------------------------------------------------- /data/zaevlad-362.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "zaevlad", 4 | "risk": "2", 5 | "title": "AutoExit and AutoRange contracts execution process can be DoSed", 6 | "issueId": 362, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/362" 8 | } -------------------------------------------------------------------------------- /data/zxriptor-486.json: -------------------------------------------------------------------------------- 1 | { 2 | "contest": 342, 3 | "handle": "zxriptor", 4 | "risk": "2", 5 | "title": "User can front-run liquidation by repaying the minimum of tokens and gain time to not be liquidated", 6 | "issueId": 486, 7 | "issueUrl": "https://github.com/code-423n4/2024-03-revert-lend-findings/issues/486" 8 | } --------------------------------------------------------------------------------