Reserve Folio Solidity-Based Contracts

Findings · 9

1. 1 GovernanceDeployer does not enforce minimum values for timelock contract Informational
2. 2 StakingVault is vulnerable to ERC-4626 griefing attack Low
3. 3 Fully on-chain governance creates existential governance attack risks Low
4. 4 Users do not receive shares for low mint requests Informational
5. 5 Missing slippage protection on the Folio contract’s mint function Medium
6. 6 Denial of service vulnerability via configurable initial supply Medium
7. 7 ERC-777 compatibility issue Medium
8. 8 Folio.bid() is vulnerable to denial of service through 1 wei donation attack Medium
9. 9 Wei loss occurs when transferring stETH rebasing tokens Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.