You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Consider adding a break in the loop of _isInTokenList.
✔
Issue addressed in 3Sigma audit
I-1
INFO
Implicit Limit on User Withdrawal Amounts.
✔
Acknowledged. This is a temporary DOS, and rebalancer off-chain scripts should consider this when executing rebalances. This issue is known by Composable Security audit.
I-2
INFO
Lack of Support for Certain ERC20 Token.
✔
Acknowledged
I-3
INFO
Providers should not have a state of their own, and any storage writes.
✔
State is required when not calling delegatecall.
I-4
INFO
Fuji borrowing vault doesn't handle the case of liquidation of its debt position on actual lending providers.
✔
acknowledged
I-5
INFO
Anyone can sweep the unused funds from the router.
✔
Created a new pattern during 3sgima audit that avoids recurrence of leaving unattended funds in ConnextRouter. Only possibility is "donations" now.
I-6
INFO
Beneficiaries could be changed in one bundle by initially passing address(0) as beneficiary.
✔
Acknowledge. Continuously passing address(0), will eventually result in a revert at the time of execution at the vault.
The text was updated successfully, but these errors were encountered:
Hey @pedrovalido@brozorec, as discussed last week I organized a plan and was strategic on grouping some vulnerabilities by topic. The idea is that we tackle the Critical and High risk vulnerabilities that should definitely be implemented before Private Beta.
This means we do an effort to complete these by next Sunday.
For each vulnerability we should each create a separate issue.
Link the issue to this Epic.
Create a separate branch for each issue based on protocol/fix/macro-findings-critical-high
Implement at least one test that will fail if your change is not implemented.
Listed items from Macro audit report:
The text was updated successfully, but these errors were encountered: