Trail of Bits
Audit Open Original ↗

Parallel Finance

Type

Security review

Client

Parallel Finance

Date

2022-03

Domain

Crypto

Effort

6 wks

Section

Substrate

Trail of Bits's security review of Parallel Finance (Mar 2022) identified 11 issues: 2 medium, 3 low, 4 informational, and 2 undetermined.

Findings · 11

  1. 1 Vulnerable dependencies in the Substrate parachain Medium
  2. 2 Users can avoid accruing interest by repaying a zero amount Medium
  3. 3 Missing validation in Pallet::force_update_market Informational
  4. 4 Missing validation in multiple StakingLedger methods Undetermined
  5. 5 Failed XCM requests left in storage Low
  6. 6 Risk of using stale oracle prices in loans pallet Low
  7. 7 Missing calculations in crowdloans extrinsics Undetermined
  8. 8 Event emitted when update_vault and set_vrf calls do not make updates Informational
  9. 9 The referral code is a sequence of arbitrary bytes Informational
  10. 10 Missing validation of referral code size Low
  11. 11 Code duplication in crowdloans pallet Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related