Folks Finance Protocol

Findings · 10

1. 1 Ability to drain a pool by reusing a flash_loan_end index High
2. 2 Lack of a two-step process for admin role transfers High
3. 3 Insucient validation of application initialization arguments Low
4. 4 Ability to reuse swap indexes Informational
5. 5 oracle_adapter could be forced to use outdated LP token information in price calculations Medium
6. 6 Incorrect rounding directions in the calculation of borrowed asset amounts Low
7. 7 Risk of global state variable collision High
8. 8 Lack of documentation on strategies in case of system parameter update Low
9. 9 Incorrect decoding of method arguments results in the use of invalid values Low
10. 10 Lack of minimum / maximum bounds on user operation parameters Low

Findings extracted from the published report PDF. See the full report below for details and remediation.