Salty.IO Protocol

Findings · 13

1. 1 Risk of denial-of-service attacks on token whitelisting process High
2. 2 Insucient event generation Informational
3. 3 Transactions to add liquidity may be front run High
4. 4 Whitelisted pools may exceed the maximum allowed Low
5. 5 Any user can add liquidity to any pool and bypass the token whitelist Medium
6. 6 Liquidation fee is volatile and may be manipulated Medium
7. 7 Collateral contract deployment results in permanent loss of rewards High
8. 8 Collateral can be withdrawn without repaying USDS loan High
9. 9 Lack of chain ID validation allows signature reuse across forks Informational
10. 10 Chainlink oracles could return stale price data Informational
11. 11 Lack of timely price feed updates may result in loss of funds High
12. 12 USDS stablecoin may become undercollateralized High
13. 13 Zap operations may approve an incorrect number of tokens, leading to reversion Low

Findings extracted from the published report PDF. See the full report below for details and remediation.