Atlendis

Findings · 25

1. 1 Borrower can drain lender assets by withdrawing the cancellationFee multiple times High
2. 2 Incorrect fee calculation on withdrawal can lead to DoS of withdrawals or loss of assets High
3. 3 Lack of zero-address checks High
4. 4 Problematic approach to data validation Medium
5. 5 Borrower can skip the last coupon payment Medium
6. 6 Initialization functions can be front-run Informational
7. 7 Lenders’ unborrowed deposits can be locked up by a borrower Medium
8. 8 optOut can be called multiple times High
9. 9 Risks related to deflationary, inflationary, or rebasing tokens Medium
10. 10 Rounding down when computing fees benefits users Low
11. 11 Lenders can prevent each other from earning interest Medium
12. 12 Incorrect calculation in getPositionRepartition can lock a user’s position Medium
13. 13 Detached positions are incorrectly calculated Medium
14. 14 Borrower can reduce lender accruals Medium
15. 15 Borrower can start a lending cycle before deposits are made Informational
16. 16 Documentation and naming conventions can be improved Informational
17. 17 Missing validation in detach Informational
18. 18 Contract architecture is overcomplicated Informational
19. 19 Governance is a single point of failure High
20. 20 Pool is put in NON_STANDARD state only after executeTimelock() is called Informational
21. 21 Detached positions cannot be exited during subsequent loans Medium
22. 22 Roles manager can never be updated High
23. 23 Risks with transaction reordering Informational
24. 24 Problematic approach to the handling precision errors Informational
25. 25 Lenders with larger deposits earn less accruals if their position is only partially borrowed Medium

Findings extracted from the published report PDF. See the full report below for details and remediation.