diff --git a/Audit_Report.pdf b/Audit_Report.pdf new file mode 100644 index 0000000..f1aa525 Binary files /dev/null and b/Audit_Report.pdf differ diff --git a/README.md b/README.md index 146161b..1af1fae 100644 --- a/README.md +++ b/README.md @@ -79,6 +79,16 @@ _No response_ Rewrite the [`_afterTokenTransfer`](https://github.com/sherlock-audit/2024-11-teller-finance-update/blob/0c8535728f97d37a4052d2a25909d28db886a422/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroupShares.sol#L60) hook to be skipped in case of `amount = 0` + + +## Discussion + +**sherlock-admin2** + +The protocol team fixed this issue in the following PRs/commits: +https://github.com/teller-protocol/teller-protocol-v2-audit-2024/pull/76 + + # Issue H-2: Malicious lender can prevent borrower from repayment due to try/catch block revert Source: https://github.com/sherlock-audit/2024-11-teller-finance-update-judging/issues/39 @@ -157,6 +167,16 @@ _No response_ Use .call instead of the try/catch + + +## Discussion + +**sherlock-admin2** + +The protocol team fixed this issue in the following PRs/commits: +https://github.com/teller-protocol/teller-protocol-v2-audit-2024/pull/79 + + # Issue H-3: Using original principal amount as due amount inside `liquidateDefaultedLoanWithIncentive` breaks contract accounting leading to lost assets/broken functionalities Source: https://github.com/sherlock-audit/2024-11-teller-finance-update-judging/issues/43 @@ -266,6 +286,16 @@ _No response_ Instead of the totalPrincipal consider the remaining principal ie. `totalPrincipal - repaidPrincipal` + + +## Discussion + +**sherlock-admin2** + +The protocol team fixed this issue in the following PRs/commits: +https://github.com/teller-protocol/teller-protocol-v2-audit-2024/pull/85 + + # Issue M-1: ERC20.approve Used Instead of Safe Approvals, Causing Pool Failures with Some ERC20s Source: https://github.com/sherlock-audit/2024-11-teller-finance-update-judging/issues/29 @@ -400,10 +430,22 @@ require( principalToken.safeApprove(address(TELLER_V2), _principalAmount); ``` + + +## Discussion + +**sherlock-admin2** + +The protocol team fixed this issue in the following PRs/commits: +https://github.com/teller-protocol/teller-protocol-v2-audit-2024/pull/78 + + # Issue M-2: Users can lower the interest rate by dividing a loan into multiple smaller loans Source: https://github.com/sherlock-audit/2024-11-teller-finance-update-judging/issues/34 +The protocol has acknowledged this issue. + ## Found by KupiaSec ### Summary @@ -559,6 +601,16 @@ _No response_ Perform access control checks + + +## Discussion + +**sherlock-admin2** + +The protocol team fixed this issue in the following PRs/commits: +https://github.com/teller-protocol/teller-protocol-v2-audit-2024/pull/77 + + # Issue M-4: Not updating state before making custom external call can cause borrower's to loose assets due to re-entrancy Source: https://github.com/sherlock-audit/2024-11-teller-finance-update-judging/issues/42 @@ -645,6 +697,16 @@ _No response_ Update the state before the `loanRepaymentListener` call is made + + +## Discussion + +**sherlock-admin2** + +The protocol team fixed this issue in the following PRs/commits: +https://github.com/teller-protocol/teller-protocol-v2-audit-2024/pull/81 + + # Issue M-5: Repayer can brick lending functionality of `LenderCommitmentGroup_Smart` by repaying excess Source: https://github.com/sherlock-audit/2024-11-teller-finance-update-judging/issues/46 @@ -727,6 +789,16 @@ _No response_ In case repaid principal is more, return 0 instead + + +## Discussion + +**sherlock-admin2** + +The protocol team fixed this issue in the following PRs/commits: +https://github.com/teller-protocol/teller-protocol-v2-audit-2024/pull/80 + + # Issue M-6: Tokens that revert of zero value transfers can cause reverts on liquidation Source: https://github.com/sherlock-audit/2024-11-teller-finance-update-judging/issues/51 @@ -800,6 +872,16 @@ _No response_ Check if amount is non-zero before transferring + + +## Discussion + +**sherlock-admin2** + +The protocol team fixed this issue in the following PRs/commits: +https://github.com/teller-protocol/teller-protocol-v2-audit-2024/pull/82 + + # Issue M-7: The `totalPrincipalTokensRepaid` and `totalInterestCollected` may not be updated even when funds are already transferred Source: https://github.com/sherlock-audit/2024-11-teller-finance-update-judging/issues/54 @@ -872,10 +954,22 @@ none ### Mitigation The `LenderCommitmentGroup_Smart.repayLoanCallback()` function should not revert when paused. + + +## Discussion + +**sherlock-admin2** + +The protocol team fixed this issue in the following PRs/commits: +https://github.com/teller-protocol/teller-protocol-v2-audit-2024/pull/83 + + # Issue M-8: EMI calculation is flawed Source: https://github.com/sherlock-audit/2024-11-teller-finance-update-judging/issues/71 +The protocol has acknowledged this issue. + ## Found by hash ### Summary