Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP]Audit-Code4rena-2024-12: Compare the different files With Fix #10

Open
wants to merge 87 commits into
base: audit/code4rena
Choose a base branch
from
Open

[WIP]Audit-Code4rena-2024-12: Compare the different files With Fix #10

wants to merge 87 commits into from

Conversation

thorseldon
Copy link
Contributor

@thorseldon thorseldon commented Dec 2, 2024
edited
Loading

  • This PR including all fix for the audit 2024-07;

  • Adding src/oracles/EETHPriceAdapter.sol;

  • Adding src/oracles/SUSDSPriceAdapter.sol;

  • Changing src/PriceOracle.sol;

  • Changing src/irm/DefaultInterestRateModel.sol;

  • Adding src/yield/susds/YieldSavingsUSDS.sol which is based on the src/yield/sdai/YieldSavingsDai.sol;;

  • Adding src/yield/wusd/YieldWUSDStaking.sol which is based on the src/yield/YieldStakingBase.sol;

  • Files

src/PriceOracle.sol
src/oracles/EETHPriceAdapter.sol
src/oracles/SUSDSPriceAdapter.sol
src/irm/DefaultInterestRateModel.sol
src/libraries/logic/InterestLogic.sol
src/libraries/logic/IsolateLogic.sol
src/libraries/logic/LiquidationLogic.sol
src/libraries/logic/PoolLogic.sol
src/libraries/logic/ValidateLogic.sol
src/libraries/logic/VaultLogic.sol
src/libraries/logic/YieldLogic.sol
src/migrations/BendV1Migration.sol
src/modules/BVault.sol
src/modules/CrossLending.sol
src/modules/IsolateLending.sol
src/modules/Yield.sol
src/yield/YieldAccount.sol
src/yield/YieldRegistry.sol
src/yield/YieldStakingBase.sol
src/yield/etherfi/YieldEthStakingEtherfi.sol
src/yield/lido/YieldEthStakingLido.sol
src/yield/sdai/YieldSavingsDai.sol
src/yield/susds/YieldSavingsUSDS.sol
src/yield/wusd/YieldWUSDStaking.sol

thorseldon and others added 30 commits July 25, 2024 10:52
@thorseldon
support bend v1 migration
4d4b95f
@thorseldon
add testcases for v1 migration
177f157
@thorseldon
deploy v1 migration contract
1aca99b
@thorseldon
rename setApprovalForAll to setAuthorization
27b79f9
@thorseldon
add UIPoolLens module
6355e90
@thorseldon
Merge pull request #3 from BendDAO/migration-bendv1
a1c8687 
Migration Bend V1 to V2
@thorseldon
add getUserAssetList
1eaadf2
@thorseldon
update interest rate when supplyAsCollateral is true
9d05668
@thorseldon
add getIsolateCollateralDataForCalculation
140df73
@thorseldon
update init pool script
a41c5d3
@thorseldon
fix random revert in migrate borrow
b17696f
@thorseldon
new default interest rate model
448b6a2
@thorseldon
update init scripts
607c7ff
@thorseldon
updating unstake fine in yield contracts
bb2edf0
@thorseldon
fix yield upgrade error
91e6ca3
@thorseldon
fix: It's impossible to retrieve collected fines from the yield staki…
80d3bb3 
…ng contract #10; unstake/repay , when botAdmin call , use yieldAccounts[msg.sender] is wrong #37;
@thorseldon
fix: yield upgrade error
8c23827
@thorseldon
fix: Incorrect unwrapNativeTokenInWallet receiver address #4;
b7228b9
@thorseldon
fix: Protocol should update interest rate after changing rate model i…
973b282 
…n the configurator module #5;

Updating fee factor may create issues for the protocol #7;
@thorseldon
fix: Incorrect accounting of utilization, supply / borrow rates due t…
d5747d8 
…o vulnerable implementation in IsolateLogic::executeIsolateLiquidate #12;
@thorseldon
fix: Vulnerable erc20TransferOutBidAmountToLiqudity() will cause inco…
79c5e34 
…rrect accounting of assetData or DOS liquidation. #13;

Anyone can get the NFT collateral token after an Auction without bidding due to missing check on msg.sender #14;
@thorseldon
fix: Incorrect index used to calculate totalSupply, which invalidates…
a478a05 
… asset / staker level yield cap checks #15; executeYieldBorrowERC20() checking yieldCap wrong #35;
@thorseldon
fix: Users cannot unstake from YiedlETHStakingEtherfi.sol, because Yi…
63d057b 
…eldAccount.sol is incompatible with ether.fi's WithdrawRequestNFT.sol #19;
@thorseldon
fix: Liquidator can repay the debt and take non-collateral assets fro…
21d2182 
…m the user #25;
@thorseldon
fix: isolateRedeem() revert in case Revert-on-zero-value-transfers to…
904041a 
…kens #30;
@thorseldon
fix: User are forced to borrow again in order to unlock their NFTs fr…
475dd61 
…om IsolateLending.sol #31;
@thorseldon
fix: YieldEthStakingLido lacks a limit on the max stake amount, which…
b32715d 
… may result in the unstake exceeding MAX_STETH_WITHDRAWAL_AMOUNT, resulting in the token not being retrieved. #36;
@thorseldon
fix: YieldEthStakingEtherfi.protocolDeposit() returns the wrong quant…
4120bce 
…ity #39;
@thorseldon
fix: YieldEthStakingLido.protocolDeposit() returns the wrong quantity…
d24f292 
… #41
@thorseldon
fix: wrapNativeTokenInWallet() always reverts on Arbitrum #42
92eeff8
thorseldon and others added 21 commits October 9, 2024 13:02
@thorseldon
add usds abi file
9b4bdf5
@thorseldon
deploy usds yield on mainnet
cac800c
@thorseldon
using proxy for default irm
e7f5765
@thorseldon
updating asset irm
e2703bf
@thorseldon
update asset irm
b87fdc5
@thorseldon
update scripts
52f8ded
@thorseldon
Merge pull request #7 from BendDAO/feat/sky-usds
304ef0c 
feat: Support Sky USDS
@thorseldon
Merge branch 'main' into feat/irm-add-pool
bf0c410
@thorseldon
Merge pull request #6 from BendDAO/feat/irm-add-pool
9f147d0 
feat: add pool to default irm
@thorseldon
fix compile error
ab40210
@thorseldon
update abis for irm
64d2216
@thorseldon
add token oracle
54650df
@thorseldon
fix error code
a0b2958
@thorseldon
add reentrant testcases
3273a39
@thorseldon
Merge pull request #8 from BendDAO/feat/add-token-oracle
e9faf5c 
feat: add token oracle
@thorseldon
update defautl irm addresses
328258f
@thorseldon
add yield for wusd staking
eb596ea
@thorseldon
add testcases
a3e75b2
@thorseldon
update deploy scripts
b92e1bf
@thorseldon
only one stake per each nft
ac67270
@thorseldon
deploy wusd staking on mainnet
f98baab
@thorseldon thorseldon changed the base branch from audit/code4rena to audit/code4rena-fix-2024-07 December 2, 2024 09:49
@thorseldon thorseldon changed the title [WIP]Audit: Compare the different files [WIP]Audit-Code4rena-2024-12: Compare the different files Dec 2, 2024
@thorseldon thorseldon changed the base branch from audit/code4rena-fix-2024-07 to audit/code4rena December 9, 2024 01:26
@thorseldon thorseldon changed the title [WIP]Audit-Code4rena-2024-12: Compare the different files [WIP]Audit-Code4rena-2024-12: Compare the different files with Fix Dec 9, 2024
@thorseldon thorseldon changed the title [WIP]Audit-Code4rena-2024-12: Compare the different files with Fix [WIP]Audit-Code4rena-2024-12: Compare the different files With Fix Dec 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@thorseldon