Skip to content

Issues: code-423n4/2024-07-loopfi-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

82 Open 497 Closed
82 Open 497 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Bringing a position from unsafe to safe by liquidation paritally 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-01 primary issue Highest quality submission among a set of duplicates 🤖_24_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sufficient quality report This report is of sufficient quality
#571 opened Oct 14, 2024 by howlbot-integration bot
7
QA Report bug Something isn't working grade-b Q-01 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#547 opened Aug 21, 2024 by howlbot-integration bot
1
QA Report bug Something isn't working edited-by-warden grade-b Q-02 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#546 opened Aug 21, 2024 by howlbot-integration bot
1
QA Report bug Something isn't working grade-b Q-03 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#545 opened Aug 21, 2024 by howlbot-integration bot
1
QA Report bug Something isn't working grade-a Q-04 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#544 opened Aug 21, 2024 by howlbot-integration bot
1
QA Report bug Something isn't working grade-b Q-05 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#542 opened Aug 21, 2024 by howlbot-integration bot
1
QA Report bug Something isn't working grade-b Q-06 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#541 opened Aug 21, 2024 by howlbot-integration bot
1
QA Report 1st place bug Something isn't working grade-a Q-07 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax selected for report This submission will be included/highlighted in the audit report sufficient quality report This report is of sufficient quality
#540 opened Aug 21, 2024 by howlbot-integration bot
4
QA Report bug Something isn't working edited-by-warden grade-a Q-09 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#537 opened Aug 21, 2024 by howlbot-integration bot
1
QA Report bug Something isn't working edited-by-warden grade-a Q-10 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#535 opened Aug 21, 2024 by howlbot-integration bot
1
QA Report bug Something isn't working grade-b Q-11 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#533 opened Aug 21, 2024 by howlbot-integration bot
1
QA Report 1st place bug Something isn't working grade-a Q-12 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#532 opened Aug 21, 2024 by howlbot-integration bot
3
QA Report bug Something isn't working grade-b Q-13 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#531 opened Aug 21, 2024 by howlbot-integration bot
1
QA Report bug Something isn't working grade-a Q-14 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#529 opened Aug 21, 2024 by howlbot-integration bot
1
Wrong repayment amount used in PositionAction::_repay, forcing users to unexpectedly lose funds 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue edited-by-warden M-02 primary issue Highest quality submission among a set of duplicates 🤖_31_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sufficient quality report This report is of sufficient quality
#526 opened Aug 20, 2024 by howlbot-integration bot
7
AuraVault::claim reward calculation does not deduct fees from reward amount, causing DoS or extra rewards lost 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-01 primary issue Highest quality submission among a set of duplicates 🤖_primary AI based primary recommendation 🤖_120_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sufficient quality report This report is of sufficient quality
#401 opened Aug 20, 2024 by howlbot-integration bot
4
Liquidation doesn't account for penalty when calculating collateral to give, allowing users to profit by borrowing and self-liquidating 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-02 primary issue Highest quality submission among a set of duplicates 🤖_24_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sufficient quality report This report is of sufficient quality
#399 opened Aug 20, 2024 by howlbot-integration bot
10
Unauthorized token relocking in _withdrawExpiredLocksFor allows fund locking without user consent bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-220 grade-a QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_primary AI based primary recommendation 🤖_113_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards sufficient quality report This report is of sufficient quality
#362 opened Aug 20, 2024 by howlbot-integration bot
2
SwapAction::getSwapToken will return wrong swap token for balancer EXACT_OUT swaps 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-03 primary issue Highest quality submission among a set of duplicates 🤖_primary AI based primary recommendation 🤖_50_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#248 opened Aug 20, 2024 by howlbot-integration bot
2
INFLATION_PROTECTION_TIME can not be up to a year as intended because it is hardcoded to 1749120350 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-04 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sufficient quality report This report is of sufficient quality
#247 opened Aug 20, 2024 by howlbot-integration bot
3
PositionAction4626::increaseLever will always revert 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working edited-by-warden M-05 primary issue Highest quality submission among a set of duplicates 🤖_01_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#245 opened Aug 20, 2024 by howlbot-integration bot
4
PoolAction::updateLeverJoin wrongly updates assetsIn array, leading to PositionAction4626::_onIncreaseLever to always revert 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working edited-by-warden M-06 primary issue Highest quality submission among a set of duplicates 🤖_128_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#241 opened Aug 20, 2024 by howlbot-integration bot
3
PositionAction4626::_onDecreaseLever wrongly updates tokenOut forcing user's funds to be stuck in the position action contract 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue edited-by-warden M-07 primary issue Highest quality submission among a set of duplicates 🤖_128_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#240 opened Aug 20, 2024 by howlbot-integration bot
9
PoolAction::_balancerExit returns wrong token out amount 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working edited-by-warden M-08 primary issue Highest quality submission among a set of duplicates 🤖_primary AI based primary recommendation 🤖_128_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#239 opened Aug 20, 2024 by howlbot-integration bot
7
maxFlashLoan calculation ignores protocol fee, risking pool insolvency and flash loan failures bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-a primary issue Highest quality submission among a set of duplicates QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_26_group AI based duplicate group recommendation sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#236 opened Aug 20, 2024 by howlbot-integration bot
3
ProTip! Type g p on any issue or pull request to go back to the pull request listing page.