High Findings
Unable to Withdraw Flash Loan Fees
Severity: High
Ecosystem: Sui
Protocol: Scallop
Auditor: MoveBit
Report Date: Jun 2023
Description:
The redeem function converts MarketCoin to Coin, but there is no implementation to extract or withdraw the associated fees.
Inability to Receive Unused Tokens
Severity: High
Ecosystem: Sui
Protocol: SuiPad
Auditor: MoveBit
Report Date: Apr 2023
Description:
Users cannot reclaim any remaining tokens in fund.vault or in Vault.reward_balance after distribution. There is no mechanism to recover unused tokens, potentially resulting in locked or lost assets.
Unused friend Functions
Severity: High
Ecosystem: Aptos
Protocol: vibrantX
Auditor: MoveBit
Report: https://movebit.xyz/reports/vibrantX-Final-Audit-Report.pdf
Report Date: Jan 2024
Description:
The add_address function is not used in this module and the vibrantx_package_manager module does not set the friend module so the add_address function can't be called by anyone, thus causing the module function to be disabled.