diff --git a/README.md b/README.md index a57743dd9..07223141c 100644 --- a/README.md +++ b/README.md @@ -41,6 +41,8 @@ There you can also find a section on [contributing](https://ackee.xyz/wake/docs/ | Vulnerability | Severity | Project | Method | Discovered by | Resources | |-------------------------------------------------|----------|---------|------------------|------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Profit & loss accounted twice | Critical | IPOR | Fuzz test | Ackee Blockchain | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-ipor-protocol-report.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-ipor/blob/main/tests/test_fuzz.py) | +| Loan refinancing reentrancy | Critical | PWN | Detector | Ackee Blockchain | [Report](https://github.com/PWNDAO/pwn_audits/blob/main/protocol/pwn-v1.3-ackee.pdf) | +| Incorrect optimization in loan refinancing | Critical | PWN | Fuzz test | Ackee Blockchain | [Report](https://github.com/PWNDAO/pwn_audits/blob/main/protocol/pwn-v1.3-ackee.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-pwn-protocol/blob/main/tests/test_refinance_comm_transfer_missing_found_fuzz.py) | | Console permanent denial of service | High | Brahma | Fuzz test | Ackee Blockchain | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-brahma-console-v2-report.pdf) | | Swap unwinding formula error | High | IPOR | Fuzz test | Ackee Blockchain | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-ipor-protocol-report.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-ipor/blob/main/tests/test_fuzz.py) | | Swap unwinding fee accounted twice | High | IPOR | Fuzz test | Ackee Blockchain | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-ipor-protocol-report.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-ipor/blob/main/tests/test_fuzz.py) | @@ -52,6 +54,10 @@ There you can also find a section on [contributing](https://ackee.xyz/wake/docs/ | Missing receive function | Medium | Axelar | Fuzz test | Ackee Blockchain | [Wake tests](https://github.com/Ackee-Blockchain/tests-axelar-interchain-governance-executor/blob/main/tests/test_fuzz.py) | | `SafeERC20` not used for `approve` | Medium | Lido | Fuzz test | Ackee Blockchain | [Wake tests](https://github.com/Ackee-Blockchain/tests-lido-stonks/blob/main/tests/test_fuzz.py) | | Non-optimistic vetting & unbonded keys bad accounting | Medium | Lido | Fuzz test | Ackee Blockchain | [Report](https://github.com/lidofinance/audits/blob/main/Ackee%20Blockchain%20Lido%20Community%20Staking%20Module%20Report%2010-24.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-lido-csm/blob/main/tests/test_csm_fuzz.py) | +| Chainlink common denominator bad logic | Medium | PWN | Fuzz test | Ackee Blockchain | [Report](https://github.com/PWNDAO/pwn_audits/blob/main/protocol/pwn-v1.3-ackee.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-pwn-protocol/blob/main/tests/test_fuzz.py) | +| Outdated/reverting Chainlink feed causes DoS | Medium | PWN | Fuzz test | Ackee Blockchain | [Report](https://github.com/PWNDAO/pwn_audits/blob/main/protocol/pwn-v1.3-ackee.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-pwn-protocol/blob/main/tests/test_fuzz.py) | +| Incorrect EIP-712 typehash | Medium | PWN | Detector | Ackee Blockchain | [Report](https://github.com/PWNDAO/pwn_audits/blob/main/protocol/pwn-v1.3-ackee.pdf) | +| Incorrect EIP-712 data encoding | Medium | PWN | Fuzz test | Ackee Blockchain | [Report](https://github.com/PWNDAO/pwn_audits/blob/main/protocol/pwn-v1.3-ackee.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-pwn-protocol/blob/revision-2.0/tests/test_fuzz.py) | ## Features diff --git a/docs/index.md b/docs/index.md index 4d8953878..19815a1b8 100644 --- a/docs/index.md +++ b/docs/index.md @@ -26,6 +26,8 @@ Wake is used by the Ackee team to perform smart contract audits - and it helped | Vulnerability | Severity | Project | Method | Resources | |-------------------------------------------------|----------|---------|------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Profit & loss accounted twice | Critical | IPOR | Fuzz test | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-ipor-protocol-report.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-ipor/blob/main/tests/test_fuzz.py) | +| Loan refinancing reentrancy | Critical | PWN | Detector | [Report](https://github.com/PWNDAO/pwn_audits/blob/main/protocol/pwn-v1.3-ackee.pdf) | +| Incorrect optimization in loan refinancing | Critical | PWN | Fuzz test | [Report](https://github.com/PWNDAO/pwn_audits/blob/main/protocol/pwn-v1.3-ackee.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-pwn-protocol/blob/main/tests/test_refinance_comm_transfer_missing_found_fuzz.py) | | Console permanent denial of service | High | Brahma | Fuzz test | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-brahma-console-v2-report.pdf) | | Swap unwinding formula error | High | IPOR | Fuzz test | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-ipor-protocol-report.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-ipor/blob/main/tests/test_fuzz.py) | | Swap unwinding fee accounted twice | High | IPOR | Fuzz test | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-ipor-protocol-report.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-ipor/blob/main/tests/test_fuzz.py) | @@ -37,3 +39,7 @@ Wake is used by the Ackee team to perform smart contract audits - and it helped | Missing receive function | Medium | Axelar | Fuzz test | [Wake tests](https://github.com/Ackee-Blockchain/tests-axelar-interchain-governance-executor/blob/main/tests/test_fuzz.py) | | `SafeERC20` not used for `approve` | Medium | Lido | Fuzz test | [Wake tests](https://github.com/Ackee-Blockchain/tests-lido-stonks/blob/main/tests/test_fuzz.py) | | Non-optimistic vetting & unbonded keys bad accounting | Medium | Lido | Fuzz test | [Report](https://github.com/lidofinance/audits/blob/main/Ackee%20Blockchain%20Lido%20Community%20Staking%20Module%20Report%2010-24.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-lido-csm/blob/main/tests/test_csm_fuzz.py) | +| Chainlink common denominator bad logic | Medium | PWN | Fuzz test | [Report](https://github.com/PWNDAO/pwn_audits/blob/main/protocol/pwn-v1.3-ackee.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-pwn-protocol/blob/main/tests/test_fuzz.py) | +| Outdated/reverting Chainlink feed causes DoS | Medium | PWN | Fuzz test | [Report](https://github.com/PWNDAO/pwn_audits/blob/main/protocol/pwn-v1.3-ackee.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-pwn-protocol/blob/main/tests/test_fuzz.py) | +| Incorrect EIP-712 typehash | Medium | PWN | Detector | [Report](https://github.com/PWNDAO/pwn_audits/blob/main/protocol/pwn-v1.3-ackee.pdf) | +| Incorrect EIP-712 data encoding | Medium | PWN | Fuzz test | [Report](https://github.com/PWNDAO/pwn_audits/blob/main/protocol/pwn-v1.3-ackee.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-pwn-protocol/blob/revision-2.0/tests/test_fuzz.py) |