Aladdin f(x) Protocol

Findings · 20

1. 1 Redeeming xToken and fToken simultaneously uses incorrect TWAP price Informational
2. 2 liquidatableCollateralRatio update can force liquidation without warning Low
3. 3 Panicking checked arithmetic may prevent deposits and withdraws to rebalance pool Low
4. 4 Incorrect TWAP price may be used for calculations such as collateral ratio Medium
5. 5 Updating strategy may cause users to lose funds during redemption Medium
6. 6 Time-weighted Chainlink oracle can report inaccurate price Medium
7. 7 Net asset value of fractional and leverage token may reflect invalid price Low
8. 8 Collateral ratio does not account underlying value of collateral in strategy Informational
9. 9 Rewards are withdrawn even if protocol is not suciently collateralized Informational
10. 10 Rebalance pool withdrawal silently fails Low
11. 11 Upgradeable contract initialization calls are commented out Informational
12. 12 Sum of all user shares does not equal total supply Low
13. 13 Lack of validation when updating system configurations Low
14. 14 Lack of slippage checks prevents user from specifying acceptable loss Low
15. 15 Deployments to L2 should check sequencer uptime for Chainlink price feeds Low
16. 16 Treating fToken as $1 creates arbitrage opportunity and unclear incentives Informational
17. 17 Rounding direction for deposits does not favor the protocol Undetermined
18. 18 Reverting when minting xToken can prevent re-collateralization Medium
19. 19 Unclear economic sustainability of allowing user to avoid liquidations Informational
20. 20 Validation of system invariants is error prone Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.