Prepared by:
HALBORN
Last Updated 07/26/2024
Date of Engagement by: June 12th, 2024 - June 28th, 2024
100% of all REPORTED Findings have been addressed
All findings
14
Critical
3
High
2
Medium
1
Low
5
Informational
3
Tenderize
engaged Halborn to conduct a security assessment on LpETH smart contracts beginning on 06/12/2024 and ending on 06/28/2024. The security assessment was scoped to the smart contracts provided to the Halborn team.
The team at Halborn dedicated 2 weeks for the engagement and assigned one full-time security engineer to evaluate the security of the smart contract.
The security engineer is a blockchain and smart-contract security expert with advanced penetration testing, smart-contract hacking, and deep knowledge of multiple blockchain protocols.
The purpose of this assessment is to:
Ensure that smart contract functions operate as intended.
Identify potential security issues with the smart contracts.
Security analysis | Risk level | Remediation |
---|---|---|
HAL-06 - LPEth Can Be Drained By Head Of Withdrawal Queue | Critical | Solved - 06/28/2024 |
HAL-08 - Batch Buy Unlocks Can Be Double Spent | Critical | Solved - 06/28/2024 |
HAL-14 - Partially Finalized Amounts Permit Claims In Excess Of Dues | Critical | Solved - 06/28/2024 |
HAL-17 - Denial Of Service Whilst Finalizing Withdrawals | High | Solved - 06/28/2024 |
HAL-11 - Malicious Liquidity Providers Steal Buy Unlock Excess Through Frontrunning | High | Solved - 06/28/2024 |
HAL-13 - Unlock Redemption Is Vulnerable To Poisoned Liquidity | Medium | Partially Solved - 06/28/2024 |
HAL-16 - MinMaxAmount Invariant Can Be Circumvented | Low | Risk Accepted - 06/28/2024 |
HAL-04 - Deposit Denial Of Service During Zero LP Supply With Open Liabilities | Low | Solved - 06/28/2024 |
HAL-01 - Renderer Produces Malformed JSON | Low | Solved - 06/28/2024 |
HAL-07 - Unlock Progress Calculations Over Unity Result In Panic Revert | Low | Solved - 06/28/2024 |
HAL-15 - Non-Zero Liabilities With Zero Circulating Supply Can Be Stolen | Low | Solved - 06/28/2024 |
HAL-02 - UUPSUpgradeable Is Not Initialized | Informational | Solved - 06/28/2024 |
HAL-09 - Economic Inefficiency Due To Common Expiration Time | Informational | Acknowledged |
HAL-12 - Reduce Code Surface Area | Informational | Solved - 06/28/2024 |
Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.
// Download the full report
* Use Google Chrome for best results
** Check "Background Graphics" in the print settings if needed