Reserve Protocol

Findings · 15

1. 1 Solidity compiler optimizations can be problematic Informational
2. 2 Lack of a two-step process for contract ownership changes High
3. 3 Unbounded and invalidly bounded system parameters may cause undefined behavior Medium
4. 4 All auction initiation attempts may fail High
5. 5 Per-block issuance limit can be bypassed Informational
6. 6 All attempts to initiate auctions of defaulted collateral tokens will fail High
7. 7 Fallen-target auctions can be prevented from occurring Informational
8. 8 Faulty RToken issuance-cancellation process Low
9. 9 Token auctions may not cover entire collateral token deficits Low
10. 10 Inability to validate the recency of Aave and Compound oracle data Informational
11. 11 An RSR seizure could leave the StRSR contract unusable High
12. 12 System owner has excessive privileges High
13. 13 Lack of zero address checks in Deployer constructor Low
14. 14 RTokens can be purchased at a discount Medium
15. 15 Inconsistent use of the FixLib library Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.