Skip to content

Issues: code-423n4/2024-08-wildcat-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

44 Open 80 Closed
44 Open 80 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or ⇧ + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
πŸ‘ πŸ‘Ž πŸ˜„ πŸŽ‰ πŸ˜• ❀️ πŸš€ πŸ‘€

Issues list

lender that's mistakenly flagged can lose access to funds bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-b primary issue Highest quality submission among a set of duplicates Q-01 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax πŸ€–_04_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#125 opened Oct 15, 2024 by howlbot-integration bot
3
Users are incentivized to not withdraw immediately after the market is closed. 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-01 primary issue Highest quality submission among a set of duplicates πŸ€–_primary AI based primary recommendation πŸ€–_14_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#121 opened Oct 3, 2024 by howlbot-integration bot
4
QA Report 1st place bug Something isn't working grade-a Q-03 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sufficient quality report This report is of sufficient quality
#119 opened Sep 20, 2024 by howlbot-integration bot
6
QA Report bug Something isn't working grade-a Q-04 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#117 opened Sep 20, 2024 by howlbot-integration bot
1
QA Report 2nd place bug Something isn't working grade-a Q-05 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#116 opened Sep 20, 2024 by howlbot-integration bot
3
QA Report bug Something isn't working edited-by-warden grade-b Q-06 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#115 opened Sep 20, 2024 by howlbot-integration bot
QA Report bug Something isn't working grade-b Q-07 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#114 opened Sep 20, 2024 by howlbot-integration bot
2
QA Report bug Something isn't working grade-a Q-08 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#113 opened Sep 20, 2024 by howlbot-integration bot
1
QA Report bug Something isn't working edited-by-warden grade-b Q-09 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#111 opened Sep 20, 2024 by howlbot-integration bot
QA Report bug Something isn't working grade-b Q-02 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#109 opened Sep 20, 2024 by howlbot-integration bot
4
QA Report 3rd place bug Something isn't working edited-by-warden grade-a Q-10 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#108 opened Sep 20, 2024 by howlbot-integration bot
3
A user with expired credentials can receive tokens and bypass restrictions because credentials check is not enforced in the transfer hook as it is done in the deposit hook bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-24 edited-by-warden grade-b Q-11 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax πŸ€–_primary AI based primary recommendation sufficient quality report This report is of sufficient quality
#102 opened Sep 20, 2024 by howlbot-integration bot
2
Sanctioned user can modify state of the market bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-70 grade-a QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax πŸ€–_04_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#92 opened Sep 20, 2024 by howlbot-integration bot
2
maxTotalSupply can be set to any value, even below the current total supply of the market bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-14 edited-by-warden grade-a QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax πŸ€–_32_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#90 opened Sep 20, 2024 by howlbot-integration bot
2
some protected external non-view functions does not have sphereXGuardExternal() modifier bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-42 grade-b Q-12 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax πŸ€–_38_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#88 opened Sep 20, 2024 by howlbot-integration bot
2
H-01 LibHooksConfig.setHooksAddress is updating address incorrectly bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-3 grade-b Q-13 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax πŸ€–_106_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#85 opened Sep 20, 2024 by howlbot-integration bot
7
onRepay hook can be bypassed bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-61 grade-b Q-14 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax πŸ€–_117_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#84 opened Sep 20, 2024 by howlbot-integration bot
2
FixedTermLoanHooks allow Borrower to update Annual Interest before end of the "Fixed Term Period" 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue M-02 primary issue Highest quality submission among a set of duplicates πŸ€–_12_group AI based duplicate group recommendation selected for report This submission will be included/highlighted in the audit report sufficient quality report This report is of sufficient quality
#77 opened Sep 20, 2024 by howlbot-integration bot
2
A Sanctioned Address Can Directly Repay Debt via repay() and repayOutstandingDebt() in WildcatMarket bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue edited-by-warden grade-b primary issue Highest quality submission among a set of duplicates Q-15 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax πŸ€–_04_group AI based duplicate group recommendation sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue sufficient quality report This report is of sufficient quality
#70 opened Sep 20, 2024 by howlbot-integration bot
4
User could withdraw more than supposed to, forcing last user withdraw to fail 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working edited-by-warden H-01 primary issue Highest quality submission among a set of duplicates πŸ€–_14_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#64 opened Sep 20, 2024 by howlbot-integration bot
5
Inconsistency across multiple repaying functions causing lender to pay extra fees. 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-03 primary issue Highest quality submission among a set of duplicates πŸ€–_primary AI based primary recommendation πŸ€–_68_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sufficient quality report This report is of sufficient quality
#62 opened Sep 20, 2024 by howlbot-integration bot
5
Borrower can fully bypass the onRepay hook bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-b primary issue Highest quality submission among a set of duplicates Q-16 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax πŸ€–_117_group AI based duplicate group recommendation sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue sufficient quality report This report is of sufficient quality
#61 opened Sep 20, 2024 by howlbot-integration bot
5
FixedTermLoanHook looks at block.timestamp instead of expiry 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-04 primary issue Highest quality submission among a set of duplicates πŸ€–_primary AI based primary recommendation πŸ€–_56_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sufficient quality report This report is of sufficient quality
#60 opened Sep 20, 2024 by howlbot-integration bot
5
Role providers can bypass intended restrictions and lower expiry set by other providers 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-05 primary issue Highest quality submission among a set of duplicates πŸ€–_primary AI based primary recommendation πŸ€–_18_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue sufficient quality report This report is of sufficient quality
#57 opened Sep 20, 2024 by howlbot-integration bot
4
No lender is able to exit even after the market is closed 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-06 primary issue Highest quality submission among a set of duplicates πŸ€–_12_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#52 opened Sep 20, 2024 by howlbot-integration bot
4
ProTip! Type g p on any issue or pull request to go back to the pull request listing page.