Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA Report #127

Open
c4-bot-9 opened this issue Jul 2, 2024 · 7 comments
Open

QA Report #127

c4-bot-9 opened this issue Jul 2, 2024 · 7 comments
Labels
1st place bug Something isn't working grade-a Q-10 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax selected for report This submission will be included/highlighted in the audit report

Comments

@c4-bot-9
Copy link
Contributor

c4-bot-9 commented Jul 2, 2024

See the markdown file with the details of this report here.
@c4-bot-9 c4-bot-9 added bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels Jul 2, 2024
c4-bot-9 added a commit that referenced this issue Jul 2, 2024
@c4-bot-9
ether_sky issue #127
d32305d
c4-bot-9 added a commit that referenced this issue Jul 2, 2024
@c4-bot-9
ether_sky data for issue #127
13bbe91
@c4-judge
Copy link
Contributor

hansfriese marked the issue as grade-a

This was referenced Jul 12, 2024
Closed
Closed
@c4-judge c4-judge added the selected for report This submission will be included/highlighted in the audit report label Jul 13, 2024
@c4-judge
Copy link
Contributor

hansfriese marked the issue as selected for report

@thebrittfactor thebrittfactor removed the selected for report This submission will be included/highlighted in the audit report label Jul 15, 2024
@thebrittfactor
Copy link
Contributor

C4 staff have removed the selected for report label until QA votes are finalized.

@hansfriese
Copy link

+2 for #102, #19

@thebrittfactor thebrittfactor added the selected for report This submission will be included/highlighted in the audit report label Jul 22, 2024
@C4-Staff C4-Staff added the Q-10 label Jul 22, 2024
@thebrittfactor
Copy link
Contributor

For awarding purposes, C4 staff have marked as 1st place and selected for report.

@hansfriese
Copy link

hansfriese commented Jul 23, 2024
edited
Loading

[L-1] There should be a grace period for repayment.
Low

[L-2] Users cannot borrow USDC from a lender who has less than the minimumCreditBorrowAToken amount of borrowA tokens.
Upgraded to Medium - #423

[L-3] The buyCreditMarket transaction can be reverted due to an amount check.
Upgraded to Medium - #423

[L-4] The validateVariablePoolHasEnoughLiquidity check in the buyCreditMarket function is incorrect.
Upgraded to Medium - #424

[L-5] When the protocol is paused, debt positions can become overdue because repayments are also paused.
Known issue from ReadMe

[L-6] Lenders can potentially lose funds in the buyCreditMarket function.
Low

[L-7] Users who have a loan offer should have some USDC to create a loan.
Low

[L-8] The isMulticall flag is not correctly reset to false in the multicall function.
Low

plus 2 downgraded Lows(#102 and #19)

@thebrittfactor
Copy link
Contributor

Just a note that C4 is excluding the invalid entries from the official report.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1st place bug Something isn't working grade-a Q-10 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax selected for report This submission will be included/highlighted in the audit report
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@hansfriese @c4-judge @C4-Staff @thebrittfactor @c4-bot-9