Payouts
2nd Places
3rd Places
Top 10
All
Code4rena
Cantina
Dec '24
medium
Jun '24
high
Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect
medium
Fragmentation fee is not taken if user compensates with newly created position
medium
Borrower is not able to compensate his lenders if he is underwater
medium
`executeBuyCreditMarket` returns the wrong amount of cash and overestimates the amount that needs to be checked in the variable pool
medium
Multicall does not work as intended
medium
LiquidateWithReplacement does not charge swap fees on the borrower
medium
withdraw() users may can't withdraw underlyingBorrowToken properly
May '24
Apr '24
high
Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral
high
Kerosene collateral is not being moved on liquidation, exposing liquidators to loss
high
User can get their Kerosene stuck because of an invalid check on withdraw
high
Flash loan protection mechanism can be bypassed via self-liquidations
high
Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults
medium
Attacker can frontrun to prevent vaults from being removed from the dNFT owner's position
medium
Liquidating positions with bounded Kerosen could be unprofitable for liquidators
medium
Incorrect deployment / missing contract will break functionality
medium
No incentive to liquidate when CR <= 1 as asset received < dyad burned
Mar '24
high
Owner of a position can prevent liquidation due to the 'onERC721Received' callback
medium
V3Vault is not ERC-4626 compliant
medium
Lack of safety buffer in `_checkLoanIsHealthy` could subject users who take out the max loan into a forced liquidation
medium
Due to interest rates update method, Interest-Free Loans are possible and the Cost of DoS are reduced
Feb '24
high
high
high
high
high
high
medium
medium
medium
medium
medium
medium
medium
Jan '24
Nov '23