96, 485, 485, 485, 485, 485, 485, 485, 485, 485, 485, 505, 505, 505, 505, 505, 505, 505, 505, 505, 664, 664, 664, 664, 664, 664, 664, 664, 664, 664, 664, 664, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382
Array entries are added but are never removed. The array is also iterated over while making state changes, which means that it’s possible for an attacker to add so many entries to the array that when it’s iterated over by another user, the transaction runs out of gas before all of the iterations are complete, leading to a DOS/bricking of the contract.
File: contracts/TapiocaWrapper.sol
/// @audit harvestFees() : harvestableTapiocaOFTs[] :
96 /// @notice Harvest fees from all the deployed TOFT contracts. Fees are transferred to the owner.
97 function harvestFees() external {
98 for (uint256 i = 0; i < harvestableTapiocaOFTs.length; i++) {
99 harvestableTapiocaOFTs[i].harvestFees();
100: }
File: contracts/governance/twTAP.sol
/// @audit claimRewards() : rewardTokens[] :
/// @audit setTwTap() : rewardTokens[] :
/// @audit 0() : rewardTokens[] :
/// @audit claimAndSendRewards() : rewardTokens[] :
/// @audit exitPositionAndSendTap() : rewardTokens[] :
/// @audit participate() : rewardTokens[] :
/// @audit newEpoch() : rewardTokens[] :
/// @audit exitPosition() : rewardTokens[] :
/// @audit releaseTap() : rewardTokens[] :
/// @audit exerciseOption() : rewardTokens[] :
485 uint256 len = amounts.length;
486 unchecked {
487 for (uint256 i = 0; i < len; ++i) {
488 uint256 amount = amounts[i];
489 if (amount > 0) {
490 // Math is safe: amount calculated safely in claimable()
491 claimed[_tokenId][i] += amount;
492 rewardTokens[i].safeTransfer(_to, amount);
493 }
494: }
/// @audit claimAndSendRewards() : rewardTokens[] :
/// @audit setTwTap() : rewardTokens[] :
/// @audit 0() : rewardTokens[] :
/// @audit exitPositionAndSendTap() : rewardTokens[] :
/// @audit participate() : rewardTokens[] :
/// @audit newEpoch() : rewardTokens[] :
/// @audit exitPosition() : rewardTokens[] :
/// @audit releaseTap() : rewardTokens[] :
/// @audit exerciseOption() : rewardTokens[] :
505 unchecked {
506 uint256 len = _rewardTokens.length;
507 for (uint256 i = 0; i < len; ) {
508 uint256 claimableIndex = rewardTokenIndex[_rewardTokens[i]];
509 uint256 amount = amounts[i];
510
511 if (amount > 0) {
512 // Math is safe: amount calculated safely in claimable()
513 claimed[_tokenId][claimableIndex] += amount;
514 rewardTokens[claimableIndex].safeTransfer(_to, amount);
515 }
516 ++i;
517: }
File: contracts/markets/bigBang/BigBang.sol
/// @audit liquidate() : assets[] : toAmount(), _isSolvent()
/// @audit accrue() : assets[] : toAmount(), _isSolvent()
/// @audit liquidate() : assets[] : toAmount(), _computeMaxAndMinLTVInAsset(), _liquidateUser()
/// @audit accrue() : assets[] : toAmount(), _computeMaxAndMinLTVInAsset(), _liquidateUser()
/// @audit liquidate() : assets[] : toAmount(), _isSolvent(), _liquidateUser()
/// @audit accrue() : assets[] : toAmount(), _isSolvent(), _liquidateUser()
/// @audit liquidate() : assets[] : toAmount(), _updateBorrowAndCollateralShare(), _liquidateUser()
/// @audit accrue() : assets[] : toAmount(), _updateBorrowAndCollateralShare(), _liquidateUser()
/// @audit liquidate() : assets[] : toShare(), _liquidateUser()
/// @audit accrue() : assets[] : toShare(), _liquidateUser()
/// @audit liquidate() : assets[] : toShare(), _updateBorrowAndCollateralShare(), _liquidateUser()
/// @audit accrue() : assets[] : toShare(), _updateBorrowAndCollateralShare(), _liquidateUser()
664 ) private {
665 uint256 liquidatedCount = 0;
666 for (uint256 i = 0; i < users.length; i++) {
667 address user = users[i];
668 if (!_isSolvent(user, _exchangeRate)) {
669 liquidatedCount++;
670 _liquidateUser(
671 user,
672 maxBorrowParts[i],
673 swapper,
674 _exchangeRate,
675 swapData
676 );
677 }
678: }
File: contracts/markets/singularity/SGLLiquidation.sol
/// @audit init() : assets[] : toAmount(), _isSolvent()
/// @audit liquidate() : assets[] : toAmount(), _isSolvent()
/// @audit sellCollateral() : assets[] : toAmount(), _isSolvent()
/// @audit repay() : assets[] : toAmount(), _isSolvent()
/// @audit buyCollateral() : assets[] : toAmount(), _isSolvent()
/// @audit borrow() : assets[] : toAmount(), _isSolvent()
/// @audit removeCollateral() : assets[] : toAmount(), _isSolvent()
/// @audit addCollateral() : assets[] : toAmount(), _isSolvent()
/// @audit multiHopBuyCollateral() : assets[] : toAmount(), _isSolvent()
/// @audit multiHopSellCollateral() : assets[] : toAmount(), _isSolvent()
/// @audit init() : assets[] : toAmount(), _computeAssetAmountToSolvency()
/// @audit liquidate() : assets[] : toAmount(), _computeAssetAmountToSolvency()
/// @audit sellCollateral() : assets[] : toAmount(), _computeAssetAmountToSolvency()
/// @audit repay() : assets[] : toAmount(), _computeAssetAmountToSolvency()
/// @audit buyCollateral() : assets[] : toAmount(), _computeAssetAmountToSolvency()
/// @audit borrow() : assets[] : toAmount(), _computeAssetAmountToSolvency()
/// @audit removeCollateral() : assets[] : toAmount(), _computeAssetAmountToSolvency()
/// @audit addCollateral() : assets[] : toAmount(), _computeAssetAmountToSolvency()
/// @audit multiHopBuyCollateral() : assets[] : toAmount(), _computeAssetAmountToSolvency()
/// @audit multiHopSellCollateral() : assets[] : toAmount(), _computeAssetAmountToSolvency()
/// @audit init() : assets[] : toShare()
/// @audit liquidate() : assets[] : toShare()
/// @audit sellCollateral() : assets[] : toShare()
/// @audit repay() : assets[] : toShare()
/// @audit buyCollateral() : assets[] : toShare()
/// @audit borrow() : assets[] : toShare()
/// @audit removeCollateral() : assets[] : toShare()
/// @audit addCollateral() : assets[] : toShare()
/// @audit multiHopBuyCollateral() : assets[] : toShare()
/// @audit multiHopSellCollateral() : assets[] : toShare()
105 Rebase memory _totalBorrow = totalBorrow;
106
107 for (uint256 i = 0; i < users.length; i++) {
108 address user = users[i];
109 if (!_isSolvent(user, _exchangeRate)) {
110 uint256 borrowAmount = _computeAssetAmountToSolvency(
111 user,
112 _exchangeRate
113 );
114
115 if (borrowAmount == 0) {
116 continue;
117 }
118
119 uint256 borrowPart;
120 {
121 uint256 availableBorrowPart = userBorrowPart[user];
122 borrowPart = _totalBorrow.toBase(borrowAmount, false);
123 userBorrowPart[user] = availableBorrowPart - borrowPart;
124 }
125 uint256 amountWithBonus = borrowAmount +
126 (borrowAmount * liquidationMultiplier) /
127 FEE_PRECISION;
128 uint256 collateralShare = yieldBox.toShare(
129 collateralId,
130 (amountWithBonus * _exchangeRate) / EXCHANGE_RATE_PRECISION,
131 false
132 );
133 userCollateralShare[user] -= collateralShare;
134 emit LogRemoveCollateral(
135 user,
136 address(liquidationQueue),
137 collateralShare
138 );
139 emit LogRepay(
140 address(liquidationQueue),
141 user,
142 borrowAmount,
143 borrowPart
144 );
145
146 // Keep totals
147 allCollateralShare += collateralShare;
148 allBorrowAmount += borrowAmount;
149 allBorrowPart += borrowPart;
150 }
151: }
/// @audit liquidate() : assets[] : toAmount(), _isSolvent()
/// @audit init() : assets[] : toAmount(), _isSolvent()
/// @audit sellCollateral() : assets[] : toAmount(), _isSolvent()
/// @audit repay() : assets[] : toAmount(), _isSolvent()
/// @audit buyCollateral() : assets[] : toAmount(), _isSolvent()
/// @audit borrow() : assets[] : toAmount(), _isSolvent()
/// @audit removeCollateral() : assets[] : toAmount(), _isSolvent()
/// @audit addCollateral() : assets[] : toAmount(), _isSolvent()
/// @audit multiHopBuyCollateral() : assets[] : toAmount(), _isSolvent()
/// @audit multiHopSellCollateral() : assets[] : toAmount(), _isSolvent()
/// @audit liquidate() : assets[] : toAmount(), _computeMaxAndMinLTVInAsset(), _liquidateUser()
/// @audit init() : assets[] : toAmount(), _computeMaxAndMinLTVInAsset(), _liquidateUser()
/// @audit sellCollateral() : assets[] : toAmount(), _computeMaxAndMinLTVInAsset(), _liquidateUser()
/// @audit repay() : assets[] : toAmount(), _computeMaxAndMinLTVInAsset(), _liquidateUser()
/// @audit buyCollateral() : assets[] : toAmount(), _computeMaxAndMinLTVInAsset(), _liquidateUser()
/// @audit borrow() : assets[] : toAmount(), _computeMaxAndMinLTVInAsset(), _liquidateUser()
/// @audit removeCollateral() : assets[] : toAmount(), _computeMaxAndMinLTVInAsset(), _liquidateUser()
/// @audit addCollateral() : assets[] : toAmount(), _computeMaxAndMinLTVInAsset(), _liquidateUser()
/// @audit multiHopBuyCollateral() : assets[] : toAmount(), _computeMaxAndMinLTVInAsset(), _liquidateUser()
/// @audit multiHopSellCollateral() : assets[] : toAmount(), _computeMaxAndMinLTVInAsset(), _liquidateUser()
/// @audit liquidate() : assets[] : toAmount(), _isSolvent(), _liquidateUser()
/// @audit init() : assets[] : toAmount(), _isSolvent(), _liquidateUser()
/// @audit sellCollateral() : assets[] : toAmount(), _isSolvent(), _liquidateUser()
/// @audit repay() : assets[] : toAmount(), _isSolvent(), _liquidateUser()
/// @audit buyCollateral() : assets[] : toAmount(), _isSolvent(), _liquidateUser()
/// @audit borrow() : assets[] : toAmount(), _isSolvent(), _liquidateUser()
/// @audit removeCollateral() : assets[] : toAmount(), _isSolvent(), _liquidateUser()
/// @audit addCollateral() : assets[] : toAmount(), _isSolvent(), _liquidateUser()
/// @audit multiHopBuyCollateral() : assets[] : toAmount(), _isSolvent(), _liquidateUser()
/// @audit multiHopSellCollateral() : assets[] : toAmount(), _isSolvent(), _liquidateUser()
/// @audit liquidate() : assets[] : toAmount(), _updateBorrowAndCollateralShare(), _liquidateUser()
/// @audit init() : assets[] : toAmount(), _updateBorrowAndCollateralShare(), _liquidateUser()
/// @audit sellCollateral() : assets[] : toAmount(), _updateBorrowAndCollateralShare(), _liquidateUser()
/// @audit repay() : assets[] : toAmount(), _updateBorrowAndCollateralShare(), _liquidateUser()
/// @audit buyCollateral() : assets[] : toAmount(), _updateBorrowAndCollateralShare(), _liquidateUser()
/// @audit borrow() : assets[] : toAmount(), _updateBorrowAndCollateralShare(), _liquidateUser()
/// @audit removeCollateral() : assets[] : toAmount(), _updateBorrowAndCollateralShare(), _liquidateUser()
/// @audit addCollateral() : assets[] : toAmount(), _updateBorrowAndCollateralShare(), _liquidateUser()
/// @audit multiHopBuyCollateral() : assets[] : toAmount(), _updateBorrowAndCollateralShare(), _liquidateUser()
/// @audit multiHopSellCollateral() : assets[] : toAmount(), _updateBorrowAndCollateralShare(), _liquidateUser()
/// @audit liquidate() : assets[] : toShare(), _liquidateUser()
/// @audit init() : assets[] : toShare(), _liquidateUser()
/// @audit sellCollateral() : assets[] : toShare(), _liquidateUser()
/// @audit repay() : assets[] : toShare(), _liquidateUser()
/// @audit buyCollateral() : assets[] : toShare(), _liquidateUser()
/// @audit borrow() : assets[] : toShare(), _liquidateUser()
/// @audit removeCollateral() : assets[] : toShare(), _liquidateUser()
/// @audit addCollateral() : assets[] : toShare(), _liquidateUser()
/// @audit multiHopBuyCollateral() : assets[] : toShare(), _liquidateUser()
/// @audit multiHopSellCollateral() : assets[] : toShare(), _liquidateUser()
/// @audit liquidate() : assets[] : toShare(), _updateBorrowAndCollateralShare(), _liquidateUser()
/// @audit init() : assets[] : toShare(), _updateBorrowAndCollateralShare(), _liquidateUser()
/// @audit sellCollateral() : assets[] : toShare(), _updateBorrowAndCollateralShare(), _liquidateUser()
/// @audit repay() : assets[] : toShare(), _updateBorrowAndCollateralShare(), _liquidateUser()
/// @audit buyCollateral() : assets[] : toShare(), _updateBorrowAndCollateralShare(), _liquidateUser()
/// @audit borrow() : assets[] : toShare(), _updateBorrowAndCollateralShare(), _liquidateUser()
/// @audit removeCollateral() : assets[] : toShare(), _updateBorrowAndCollateralShare(), _liquidateUser()
/// @audit addCollateral() : assets[] : toShare(), _updateBorrowAndCollateralShare(), _liquidateUser()
/// @audit multiHopBuyCollateral() : assets[] : toShare(), _updateBorrowAndCollateralShare(), _liquidateUser()
/// @audit multiHopSellCollateral() : assets[] : toShare(), _updateBorrowAndCollateralShare(), _liquidateUser()
382 ) private {
383 uint256 liquidatedCount = 0;
384 for (uint256 i = 0; i < users.length; i++) {
385 address user = users[i];
386 if (!_isSolvent(user, _exchangeRate)) {
387 liquidatedCount++;
388 _liquidateUser(
389 user,
390 maxBorrowParts[i],
391 swapper,
392 _exchangeRate,
393 swapData
394 );
395 }
396: }
other
The text was updated successfully, but these errors were encountered:
All reactions