ID
Severity
Status
Title 28 Findings
Location
C-01
CRITICAL
FIXED

Tick handling in VAMM, LiquidityLogic can lead to losses in certain cases when the market rate falls on the interval boundary

VAMM.sol
SwapLogic.sol
LiquidationLogic.sol
C-02
CRITICAL
FIXED

Excess number of maker provisions in a single market may lead to a gas bomb in LiquidationLogic, FutureLogic, Future

LiquidationLogic.sol
FutureLogic.sol
Future.sol
C-03
CRITICAL
FIXED

Multiple unsettled futures lead to gas bomb in LiquidationLogic

C-04
CRITICAL
FIXED

Current rate manipulation in SwapLogic can lead to misappropriation of collateral from CollateralManager by malicious actor.

SwapLogic.sol
C-05
CRITICAL
FIXED

Rounding in SwapLogic may lead to discrepancies in the amounts of fixed and floating tokens being exchanged in a trade

SwapLogic.sol
M-01
MAJOR
FIXED

Positions during maturityLockout continue to affect margin calculations in MarketLogic

MarketLogic.sol
M-02
MAJOR
ACKNOWLEDGED

Market may be subject to manipulation by an attacker, given sufficient resources and favorable market conditions at the time

M-03
MAJOR
FIXED

In certain cases, when the current rate falls on the LP interval boundary, LP fee delta may become negative

RatePoint.sol
M-04
MAJOR
NO ISSUE

If the market rate is set incorrectly at market initiation, trading in such market will be impossible

VAMM.sol
M-05
MAJOR
NO ISSUE

Trading is halted if the floating rate oracle packages do not contain a correct cryptographic signature

BaseFloatIndexOracle.sol
W-01
WARNING
FIXED

Validate decimals in CollateralManager

CollateralManager.sol
W-02
WARNING
FIXED

No functions to delete maker provisions in FutureStorage

FutureStorage.sol
W-03
WARNING
FIXED

Missing amount validation in CollateralManager

CollateralManager.sol
W-04
WARNING
FIXED

Withdraw function can be called by a user without unsettledFutures in RouterLogic

RouterLogic.sol
W-05
WARNING
FIXED

Negative bounds for rate in VAMM

VAMM.sol
CompoundingRateMath.sol
LinearRateMath.sol
W-06
WARNING
NO ISSUE

Deposits are allowed when there is no ongoing futures in Router

Router.sol
W-07
WARNING
FIXED

persistIndexAtMaturity can be called before maturity in Router

Router.sol
W-08
WARNING
NO ISSUE

tx.origin is not checked in Router

Router.sol
W-09
WARNING
NO ISSUE

tradeRateImpactLimit is used for one trade in VAMM

VAMM.sol
W-10
WARNING
NO ISSUE

Lack of validations on the number of intervals in VAMM

VAMM.sol"
I-01
INFO
NO ISSUE

Freezing futures parameters during maturityLockout

ViewDataProvider.sol
I-02
INFO
FIXED

Prb-math library not audited

I-03
INFO
FIXED

Missing events on initialization of contracts

ContractProvider.sol
MarketStorage.sol
VAMMStorage.sol
I-04
INFO
NO ISSUE

Add all interfaces to interface folders

I-05
INFO
FIXED

Missing validations in CollateralManager

CollateralManager.sol
I-06
INFO
FIXED

Redundant initialization in ContractProvider

I-07
INFO
FIXED

Similar events in CollateralManager, Router

Router.sol
CollateralManager.sol
I-08
INFO
FIXED

Mixing of type names uint and uint256

CollateralManager.sol
FutureStorage.sol

Please select finding