Trail of Bits
Audit Open Original ↗

Fraxlend and FraxFerry

Type

Security review

Client

Frax Finance

Date

2022-10

Domain

Blockchain

Effort

4 wks

Section

Frax Finance

Trail of Bits's security review of Frax Finance (Oct 2022) identified 13 issues: 1 high, 4 medium, 5 low, 2 informational, and 1 undetermined.

Findings · 13

  1. 1 Lack of two-step process for contract ownership changes Medium
  2. 2 Missing checks of constructor/initialization parameters Low
  3. 3 Incorrect application of penalty fee rate Medium
  4. 4 Improper validation of Chainlink data Low
  5. 5 Risk of oracle outages Informational
  6. 6 Unapproved lenders could receive fTokens Low
  7. 7 FraxlendPairDeployer cannot deploy contracts of fewer than 13,000 bytes Medium
  8. 8 setCreationCode fails to overwrite _secondHalf slice if updated code size is less than 13,000 bytes Undetermined
  9. 9 Missing checks in setter functions Low
  10. 10 Risk of invalid batches due to unsafe cast in depart function High
  11. 11 Transactions that were already executed can be canceled Low
  12. 12 Lack of contract existence check on low-level call Medium
  13. 13 Events could be improved Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related