Bandit
Security Researcher
Security Researcher @OpenZeppelin Whitehat Initiate @ImmuneFi Sometimes submitting issues to code4rena and sherlockDefi
High
16
Total
Medium
2
Solo
14
Total
$17.36K
Total Earnings
#383 All Time
15x
Payouts
3x
3rd Places
7x
Top 10
12x
Top 25
All
Sherlock
CodeHawks
Jul '24
Apr '24
Mar '24
Feb '24
Jan '24
Dec '23
Oct '23
Aug '23
high
Malicious lender can use Callbacks to create Loan that cannot be repaid
high
Lender Loses Collateral from Paritailly Repaid Loans that are Defaulted if repayDirect == true
medium
When borrower rolls their loan the lender can frontrun the transaction and change the interest and duration to drain all of borrower's approved tokens
medium
RollLoan can be called on someone else's loan giving them worse conditions or defaulting them in 1 block
Jul '23
Beedle - Oracle free perpetual lending
292.48 USDC • 12 total findings • CodeHawks • BanditSecurity
#11
high
Tokens with less than 18 decimals allow for draining of funds
high
Borrower can use Refinance to cancel auctions so they can extend their loan indefinitely
high
[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control
high
Attacker can steal a loan's collateral and break the protocol
high
Fee on transfer tokens will cause users to lose funds
high
Rewards can be sabotaged by large deposit and withdraw
high
Forcing a borrower to pay a huge debt via the giveLoan()
high
WETH staking rewards accumulated before the first staker deposits remain unutilized and stuck in the `Staking` contract
medium
The `borrow` and `refinance` functions can be front-run by the pool lender to set high interest rates
medium
Malicious lender can increment the loan interest using the auction process
medium
Fixed fee level is used when swap tokens on Uniswap
gas
Borrower can put up a loan which is immediately "insolvent" which can immediately be auctioned off.
Mar '23
Feb '23
Jan '23
