3x
Payouts
2x
Top 10
2x
Top 25
3x
Top 50
All
Code4rena
CodeHawks
Jul '23
high
Sandwich attack to steal all ERC-20 tokens in the Fees contract
high
During refinance() new Pool balance debt is subtracted twice
high
Borrower can bypass maxLoanRatio's configuration of a pool via buyLoan()
high
[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control
high
Attacker can steal a loan's collateral and break the protocol
high
update() not getting called right after a WETH amount has been sent will cause users to lose staking rewards
medium
The `borrow` and `refinance` functions can be front-run by the pool lender to set high interest rates
medium
Frontrun can get the full reward, no staking time required
low
Staking contracts should be assert TKN != WETH
Foundry DeFi Stablecoin CodeHawks Audit Contest
1,334.90 USDC • 6 total findings • CodeHawks • kutu
#4
high
Theft of collateral tokens with fewer than 18 decimals
high
There is no incentive to liquidate small positions
medium
DSC protocol can consume stale price data or cannot operate on some EVM chains
medium
Chainlink oracle will return the wrong price if the aggregator hits `minAnswer`
medium
Lack of fallbacks for price feed oracle
low
Precision loss when calculating the health factor
Jan '23
