Skip to content

v10 RC9

Latest
Compare
Choose a tag to compare
@EdNoepel EdNoepel released this 07 Jan 19:50
· 2 commits to master since this release
2d6bbcb

v0.10.0 Release Candidate 9

Audit Fixes and Bug Resolutions

  • Dmitri 1 and 2, Sherlock 018-H, Certora Crit-01(Reserves): Issue with reserves being pumped by borrower fees exceeding kicker fees, potentially drained by liquidating a barely-collateralized loan and manipulating LUP.(#962 #1008 )
  • Certora Crit-01 (Reserves): Potential for an attacker to manipulate liquidity, drawing debt far above fair market value and impacting lender interests and reserve fees.(#962 #1008)
  • Kirill M-05 (Pools): Manipulation of book with collateral to avoid unutilized deposit fee, leading to universal deposit fee implementation. (#983)
  • Sherlock 006-M (Pools): First pool borrower facing extra interest, necessitating adjustments in interest calculations.(#968)
  • Sherlock 007-M (Pools): Unsafe truncation casting used for state variables, highlighting need for safe casting methods.(#967)
  • Sherlock 001-M (Pools): Incorrect use of auctionPrice in BPF calculations affecting bond rewards and penalties.(#970)
  • Dmitri 9, Sherlock 001-M (Pools): Borrowers exploiting high price takes to avoid penalties and impact kicker liquidation bonds.(#973 #997)
  • Kirill M-02 (Pools): Difficulty in kicking loans with TP below MIN_PRICE, leading to proposal for new loan management criteria.(#973)
  • Sherlock 016-H (Pools): Artificial amplification of kicker rewards through batched takes, requiring structural adjustments.(#976)
  • Sherlock 005-M (Pools): Risks of HPB bankruptcy due to unscaled values in debt forgiveness processes.(#971)
  • Kirill M-07 (Pools): Debate over the ability to kick a CRA with unsettled liquidations, contingent on reserve mechanism decisions.(#977)
  • Kirill L-08 (Pools): Reserve auction kick conditions not aligning with intended documentation or functionality.(#974)
  • Sherlock 009-M (Pools): lenderKick function incorrectly setting LUP, affecting interest calculations against hypothetical values.(#972 0b3305d)
  • Prototech 55 (Pools): Concerns about interest accrual potentially overflowing and impacting pool stability. (#954)
  • Kirill L-01 (Pools): Inconsistencies in dust checks for quote tokens, raising questions about user responsibility in token management.(#980)
  • Kirill L-05 (Pools): Presence of redundant or unused variables and parameters, prompting a need for code cleanup.(#967)

Improvements

  • Pools: Cleaned up event logging for take in ERC721 pools
  • Pools: Decreased time inbetween auctions
  • Pools: Removed revertBelowLup argument for moveLiquidity, addQuoteToken
  • Pools: addQuoteToken cannot be called on a bucket whose price exceeds that of the oldest auction
  • Pools: DepositFee now applies to all buckets and charges 8 hours of interest
  • Pools: thresholdPrice is now calculated with 1.04 collateralization factor
  • Pools: Altered auction price function to match WP
  • Pools: Once kicked, borrowers can no longer be removed from auction
  • Rewards: RewardsManager.sol has been removed
  • Invariant: Decoupled RewardsManager invariants from PositionManager as RewardsManager was removed