Medium Findings
Presence Of Infinite Loop
Severity: Medium
Ecosystem: Sui
Protocol: Drife Technologies
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Dec 2023
Description:
If ride is less than three stops, continues to next iteration, but it does not increase causing infinite loop.
Multiple indexes can map to the same reserve
Severity: Medium
Ecosystem: Aptos
Protocol: AAVE
Auditor: Certora
Report Date: Apr 2025
Description:
The function init_reserve() does not break when finding a valid index to use.
When adding a new reserve, the function first looks for an unused index in the current range (and increases the range of indexes if none were found). If an unused index was found, we map this index to the new reserve. However, we do not break from the loop, but continue looking for more unused indexes. If we find multiple such indexes, we will have multiple indexes mapping to the same reserve. (For multiple indices to be unused within the current range, drop_reserve() will have to be called twice between uses of init_reserve().)
This will then lead to counting the reserve multiple times when calling calculate_user_account_data(), which can lead to counting the same coin as collateral twice and taking debt against it, resulting in a loan worth more than its collateral.
For this to work, drop_reserve() will have to be called twice between uses of init_reserve().
Inefficient Assignment Within Loop in the process_cluster Function
Severity: Medium
Ecosystem: Aptos
Protocol: Supra
Auditor: MoveBit
Report: https://movebit.xyz/reports/Supra-Smart-Contract-Audit-Report.pdf
Report Date: Sep 2023
Description:
It was identified that the assignment operation located at line 316 within the process_cluster function is unnecessarily repeated in every iteration of the loop. This will result in less efficient execution and increased gas consumption. It is recommended to move this assignment code to a position immediately before the loop, ensuring that the assignment is performed only once.