Fuji Finance

Findings · 21

1. 1 Anyone can destroy the FujiVault logic contract if its initialize function was not called during deployment High
2. 2 Providers are implemented with delegatecall Informational
3. 3 Lack of contract existence check on delegatecall will result in unexpected behavior High
4. 4 FujiVault.setFactor is unnecessarily complex and does not properly handle invalid input Informational
5. 5 Preconditions specified in docstrings are not checked by functions Informational
6. 6 The FujiERC1155.burnBatch function implementation is incorrect High
7. 7 Error in the white paper’s equation for the cost of refinancing Informational
8. 8 Errors in the white paper’s equation for index calculation Medium
9. 9 FujiERC1155.setURI does not adhere to the EIP-1155 specification Informational
10. 10 Partial refinancing operations can break the protocol Medium
11. 11 Native support for ether increases the codebase’s complexity Informational
12. 12 Missing events for critical operations Low
13. 13 Indexes are not updated before all operations that require up-to-date indexes High
14. 14 No protection against missing index updates before operations that depend on up-to-date indexes Informational
15. 15 Formula for index calculation is unnecessarily complex Informational
16. 16 Flasher’s initiateFlashloan function does not revert on invalid flashnum values Low
17. 17 Docstrings do not reflect functions’ implementations Low
18. 18 Harvester’s getHarvestTransaction function does not revert on invalid _farmProtocolNum and harvestType values Low
19. 19 Lack of data validation in Controller’s doRefinancing function Low
20. 20 Lack of data validation on function parameters Low
21. 21 Solidity compiler optimizations can be problematic Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.