Rho Protocol

Tick handling in VAMM, LiquidityLogic can lead to losses in certain cases when the market rate falls on the interval boundary

Excess number of maker provisions in a single market may lead to a gas bomb in LiquidationLogic, FutureLogic, Future

Multiple unsettled futures lead to gas bomb in LiquidationLogic

Current rate manipulation in SwapLogic can lead to misappropriation of collateral from CollateralManager by malicious actor.

Rounding in SwapLogic may lead to discrepancies in the amounts of fixed and floating tokens being exchanged in a trade

Positions during maturityLockout continue to affect margin calculations in MarketLogic

Market may be subject to manipulation by an attacker, given sufficient resources and favorable market conditions at the time

In certain cases, when the current rate falls on the LP interval boundary, LP fee delta may become negative

If the market rate is set incorrectly at market initiation, trading in such market will be impossible

Trading is halted if the floating rate oracle packages do not contain a correct cryptographic signature

Validate decimals in CollateralManager

No functions to delete maker provisions in FutureStorage

Missing amount validation in CollateralManager

Withdraw function can be called by a user without unsettledFutures in RouterLogic

Negative bounds for rate in VAMM

Deposits are allowed when there is no ongoing futures in Router

persistIndexAtMaturity can be called before maturity in Router

tx.origin is not checked in Router

tradeRateImpactLimit is used for one trade in VAMM

Lack of validations on the number of intervals in VAMM

Freezing futures parameters during maturityLockout

Prb-math library not audited

Missing events on initialization of contracts

Add all interfaces to interface folders

Missing validations in CollateralManager

Redundant initialization in ContractProvider

Similar events in CollateralManager, Router

Mixing of type names uint and uint256