# Folks Finance
## Reports by Severity
[Critical](#critical) | [High](#high) | [Medium](#medium) | [Low](#low) | [Insight](#insight)
Critical
* [Boost \_ Folks Finance 33269 - \[Smart Contract - Critical\] Logic flaw in UserLoanincreaseCollateral leads to double-counting of effectiveCollateral of userLoan](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33269-smart-contract-critical-logic-flaw-in-userloanincreasecollateral-leads-t)
* [Boost \_ Folks Finance 33311 - \[Smart Contract - Critical\] Infinite Interest rate bug](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33311-smart-contract-critical-infinite-interest-rate-bug)
* [Boost \_ Folks Finance 33533 - \[Smart Contract - Critical\] depositDatainterestRate is not correct](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33533-smart-contract-critical-depositdatainterestrate-is-not-correct)
* [Boost \_ Folks Finance 33665 - \[Smart Contract - Critical\] Collateral Inflation Exploit via Zero-Amount Deposits Allows An Attacker to Drain Any Pool](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33665-smart-contract-critical-collateral-inflation-exploit-via-zero-amount-dep)
* [Boost \_ Folks Finance 33684 - \[Smart Contract - Critical\] Lack of available liquidity check when sending token back from Hub leads to first deposit and inflation attack](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33684-smart-contract-critical-lack-of-available-liquidity-check-when-sending-t)
* [Boost \_ Folks Finance 33695 - \[Smart Contract - Critical\] Attacker can borrow more than the collateral deposit](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33695-smart-contract-critical-attacker-can-borrow-more-than-the-collateral-dep)
* [Boost \_ Folks Finance 33780 - \[Smart Contract - Critical\] Zero deposits can be used to artificially inflate a users collateral value allowing them to borrow excess funds](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33780-smart-contract-critical-zero-deposits-can-be-used-to-artificially-inflat)
* [Boost \_ Folks Finance 33816 - \[Smart Contract - Critical\] Attacker can get unlimited loan for some minimum deposit due to the incorrect calculation of user health in getLoanLiquidity](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33816-smart-contract-critical-attacker-can-get-unlimited-loan-for-some-minimum)
* [Boost \_ Folks Finance 33978 - \[Smart Contract - Critical\] Attacker can Inflate effectiveCollateralValue](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33978-smart-contract-critical-attacker-can-inflate-effectivecollateralvalue)
* [Boost \_ Folks Finance 34074 - \[Smart Contract - Critical\] Hub missing check for available liquidity could lead to locked fund and utilization ratio exceeding](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34074-smart-contract-critical-hub-missing-check-for-available-liquidity-could)
* [Boost \_ Folks Finance 34190 - \[Smart Contract - Critical\] Liquidated users can mix and manipulate stable and variable borrowings through exploitative liquidation process](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34190-smart-contract-critical-liquidated-users-can-mix-and-manipulate-stable-a)
High
* [Boost \_ Folks Finance 33630 - \[Smart Contract - High\] Incorrect calculation of loanBorrowbalance](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33630-smart-contract-high-incorrect-calculation-of-loanborrowbalance)
* [Boost \_ Folks Finance 33817 - \[Smart Contract - High\] Incorrect calculation of effective borrow value in getLoanLiquidity leads to protocol insolvency through wrong withdrawals and liquidations](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33817-smart-contract-high-incorrect-calculation-of-effective-borrow-value-in-g)
* [Boost \_ Folks Finance 34050 - \[Smart Contract - High\] Vulnerability in getLoanLiquidity leads to undervaluing stable debt](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34050-smart-contract-high-vulnerability-in-getloanliquidity-leads-to-undervalu)
* [Boost \_ Folks Finance 34122 - \[Smart Contract - High\] Wrong borrow balance calculation in the getLoanLiquidity function](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34122-smart-contract-high-wrong-borrow-balance-calculation-in-the-getloanliqui)
* [Boost \_ Folks Finance 34179 - \[Smart Contract - High\] Incorrect Updates to pooldepositDatatotalAmount and loancollateralUsed During Repayment with Collateral](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34179-smart-contract-high-incorrect-updates-to-pooldepositdatatotalamount-and)
Medium
* [Boost \_ Folks Finance 33272 - \[Smart Contract - Medium\] FrontRunning Attack on createAccount](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33272-smart-contract-medium-frontrunning-attack-on-createaccount)
* [Boost \_ Folks Finance 33534 - \[Smart Contract - Medium\] denial of service vulnerability and possible griefing in cross-chain account creation](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33534-smart-contract-medium-denial-of-service-vulnerability-and-possible-grief)
* [Boost \_ Folks Finance 33542 - \[Smart Contract - Medium\] Attacker can create loan before users tx is completed through bridge](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33542-smart-contract-medium-attacker-can-create-loan-before-users-tx-is-comple)
* [Boost \_ Folks Finance 33546 - \[Smart Contract - Medium\] Adversaries can manipulate victims stable rate to remain excessively high via flashloan](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33546-smart-contract-medium-adversaries-can-manipulate-victims-stable-rate-to)
* [Boost \_ Folks Finance 33568 - \[Smart Contract - Medium\] Front-running vulnerability in cross-chain loan creation process could lead in funds loss for users](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33568-smart-contract-medium-front-running-vulnerability-in-cross-chain-loan-cr)
* [Boost \_ Folks Finance 33589 - \[Smart Contract - Medium\] Anyone can call the BridgeRouter Recieve function with malicious data to transfer funds](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33589-smart-contract-medium-anyone-can-call-the-bridgerouter-recieve-function)
* [Boost \_ Folks Finance 33609 - \[Smart Contract - Medium\] Account creation can be frontrun making the users unable to create an account](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33609-smart-contract-medium-account-creation-can-be-frontrun-making-the-users)
* [Boost \_ Folks Finance 33611 - \[Smart Contract - Medium\] Adversary can perform a DoS on users createLoan and createLoanAndDeposit operation sent from Spoke chain](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33611-smart-contract-medium-adversary-can-perform-a-dos-on-users-createloan-an)
* [Boost \_ Folks Finance 33614 - \[Smart Contract - Medium\] Front-Running Vulnerability in createAccount Method](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33614-smart-contract-medium-front-running-vulnerability-in-createaccount-metho)
* [Boost \_ Folks Finance 33645 - \[Smart Contract - Medium\] Griefing an user from creating an account](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33645-smart-contract-medium-griefing-an-user-from-creating-an-account)
* [Boost \_ Folks Finance 33687 - \[Smart Contract - Medium\] Loan creation can be frontrun preventing the users from creating loans](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33687-smart-contract-medium-loan-creation-can-be-frontrun-preventing-the-users)
* [Boost \_ Folks Finance 33694 - \[Smart Contract - Medium\] stableBorrowRates are manipulatable through flashloan attacks](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33694-smart-contract-medium-stableborrowrates-are-manipulatable-through-flashl)
* [Boost \_ Folks Finance 33778 - \[Smart Contract - Medium\] The loan creation process can be griefed](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33778-smart-contract-medium-the-loan-creation-process-can-be-griefed)
* [Boost \_ Folks Finance 33779 - \[Smart Contract - Medium\] The account creation process can be griefed](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33779-smart-contract-medium-the-account-creation-process-can-be-griefed)
* [Boost \_ Folks Finance 33869 - \[Smart Contract - Medium\] loanIds are easy to reproduce and front-running enable malicious parties to lock user funds](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33869-smart-contract-medium-loanids-are-easy-to-reproduce-and-front-running-en)
* [Boost \_ Folks Finance 33880 - \[Smart Contract - Medium\] Front-Running Vulnerability in createUserLoan Method](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33880-smart-contract-medium-front-running-vulnerability-in-createuserloan-meth)
* [Boost \_ Folks Finance 33893 - \[Smart Contract - Medium\] Malicious users can DoS loan creations and deposits causing temporary funds freezing and additional costs incurred for message reversals](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33893-smart-contract-medium-malicious-users-can-dos-loan-creations-and-deposit)
* [Boost \_ Folks Finance 33970 - \[Smart Contract - Medium\] User deposits can be blocked](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33970-smart-contract-medium-user-deposits-can-be-blocked)
* [Boost \_ Folks Finance 33987 - \[Smart Contract - Medium\] Incorrect access control in receiveMessage leads to total loss of funds](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33987-smart-contract-medium-incorrect-access-control-in-receivemessage-leads-t)
* [Boost \_ Folks Finance 34025 - \[Smart Contract - Medium\] Malicious user can DoS the creation of every account at no cost by front running it with the same accountId](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34025-smart-contract-medium-malicious-user-can-dos-the-creation-of-every-accou)
* [Boost \_ Folks Finance 34028 - \[Smart Contract - Medium\] Denial of Service DoS vulnerability in UserLoan creation due to front-running attack](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34028-smart-contract-medium-denial-of-service-dos-vulnerability-in-userloan-cr)
* [Boost \_ Folks Finance 34029 - \[Smart Contract - Medium\] Contract fails to mitigate potential critical state where anyone can call BridgeRouterHubreceiveMessage directly](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34029-smart-contract-medium-contract-fails-to-mitigate-potential-critical-stat)
* [Boost \_ Folks Finance 34066 - \[Smart Contract - Medium\] Account Creation Front-Running Vulnerability Leading to Gas Fee Theft](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34066-smart-contract-medium-account-creation-front-running-vulnerability-leadi)
* [Boost \_ Folks Finance 34161 - \[Smart Contract - Medium\] Denial of Service via Front-Running in Loan Creation Mechanism](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34161-smart-contract-medium-denial-of-service-via-front-running-in-loan-creati)
Low
* [Boost \_ Folks Finance 33280 - \[Smart Contract - Low\] NodeManagersupportsInterface doesnt follow EIP-](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33280-smart-contract-low-nodemanagersupportsinterface-doesnt-follow-eip)
* [Boost \_ Folks Finance 33353 - \[Smart Contract - Low\] Incorrect implementation of Time-Weighted Average Price for a Chainlink feed will lead to Incorrect Liquidation amount and breaks multiple price consumption based function](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33353-smart-contract-low-incorrect-implementation-of-time-weighted-average-pri)
* [Boost \_ Folks Finance 33356 - \[Smart Contract - Low\] All data in \_userLoans mapping will not be deleted after calling deleteUserLoan](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33356-smart-contract-low-all-data-in-_userloans-mapping-will-not-be-deleted-af)
* [Boost \_ Folks Finance 33443 - \[Smart Contract - Low\] StalenessCircuitBreakerNode checks if the last update time of the parent node is less than the threshold but the publicTime could be greater than current blocktimestamp](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33443-smart-contract-low-stalenesscircuitbreakernode-checks-if-the-last-update)
* [Boost \_ Folks Finance 33454 - \[Smart Contract - Low\] unsafe casting will lead to break of PythNode Oracle](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33454-smart-contract-low-unsafe-casting-will-lead-to-break-of-pythnode-oracle)
* [Boost \_ Folks Finance 33540 - \[Smart Contract - Low\] ChainlinkNode uses cached decimals in the calculation instead of fresh one](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33540-smart-contract-low-chainlinknode-uses-cached-decimals-in-the-calculation)
* [Boost \_ Folks Finance 33566 - \[Smart Contract - Low\] RepayWithCollateral will almost always fail in partial repayment](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33566-smart-contract-low-repaywithcollateral-will-almost-always-fail-in-partia)
* [Boost \_ Folks Finance 33596 - \[Smart Contract - Low\] Incorrect rounding direction in HubPoolLogicupdateWithRepayWithCollateral can lead to accounting error of total token amount in HubPool](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33596-smart-contract-low-incorrect-rounding-direction-in-hubpoollogicupdatewit)
* [Boost \_ Folks Finance 33631 - \[Smart Contract - Low\] Wrong implementation of chainLink getTwapPrice Can lead to wrong price or latest price being used](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33631-smart-contract-low-wrong-implementation-of-chainlink-gettwapprice-can-le)
* [Boost \_ Folks Finance 33643 - \[Smart Contract - Low\] PriceFeed from PythNode will always revert for some pools](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33643-smart-contract-low-pricefeed-from-pythnode-will-always-revert-for-some-p)
* [Boost \_ Folks Finance 33675 - \[Smart Contract - Low\] PythNodeprocess can revert because of incorrect casting](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33675-smart-contract-low-pythnodeprocess-can-revert-because-of-incorrect-casti)
* [Boost \_ Folks Finance 33787 - \[Smart Contract - Low\] Function PythNodeprocess doesnt handle correctly PRECISION pythDataexpo](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33787-smart-contract-low-function-pythnodeprocess-doesnt-handle-correctly-prec)
* [Boost \_ Folks Finance 33807 - \[Smart Contract - Low\] updateInterestRate uses incorrect reference of borrow interest rate to calculate deposit interest can lead to the loss of lenders unclaimed yield](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33807-smart-contract-low-updateinterestrate-uses-incorrect-reference-of-borrow)
* [Boost \_ Folks Finance 33870 - \[Smart Contract - Low\] convToRepayBorrowAmount calculation is incorrect causing liquidators to repay extra instead of receiving a bonus](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33870-smart-contract-low-convtorepayborrowamount-calculation-is-incorrect-caus)
* [Boost \_ Folks Finance 33885 - \[Smart Contract - Low\] Incorrect prices will be returned if the NodeType is PRICE\_DEVIATION\_CIRCUIT\_BREAKER](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33885-smart-contract-low-incorrect-prices-will-be-returned-if-the-nodetype-is)
* [Boost \_ Folks Finance 33923 - \[Smart Contract - Low\] Function HubPoolLogicupdateWithWithdraw doesnt round up in favour of protocol if isFAmount false](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33923-smart-contract-low-function-hubpoollogicupdatewithwithdraw-doesnt-round)
* [Boost \_ Folks Finance 33947 - \[Smart Contract - Low\] During liquidations when borrowToRepay collateral the liquidator pays more borrowAmount than they should and receives no bonus](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33947-smart-contract-low-during-liquidations-when-borrowtorepay-collateral-the)
* [Boost \_ Folks Finance 33950 - \[Smart Contract - Low\] pythnode oracle unexpected revert](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33950-smart-contract-low-pythnode-oracle-unexpected-revert)
* [Boost \_ Folks Finance 33953 - \[Smart Contract - Low\] Calling process function will not revert even if two oracle nodes of the same type are used](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33953-smart-contract-low-calling-process-function-will-not-revert-even-if-two)
* [Boost \_ Folks Finance 33981 - \[Smart Contract - Low\] The PythNode library process function implementation does not account for pythDataexpo being greater than PRECISION](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33981-smart-contract-low-the-pythnode-library-process-function-implementation)
* [Boost \_ Folks Finance 34030 - \[Smart Contract - Low\] Incorrect rounding down in HubPoolLogicupdateWithWithdraw when users withdraw using underlying amount](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34030-smart-contract-low-incorrect-rounding-down-in-hubpoollogicupdatewithwith)
* [Boost \_ Folks Finance 34047 - \[Smart Contract - Low\] Adversaries can create a position that is nearly impossible to liquidate due to high gas consumption](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34047-smart-contract-low-adversaries-can-create-a-position-that-is-nearly-impo)
* [Boost \_ Folks Finance 34052 - \[Smart Contract - Low\] withdraw doesnt round in favour of protocol for isFamountFalse](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34052-smart-contract-low-withdraw-doesnt-round-in-favour-of-protocol-for-isfam)
* [Boost \_ Folks Finance 34054 - \[Smart Contract - Low\] In liquidation loanPoolcollateralUsed doesnt get reduced by collateralSeizedreserveAmount](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34054-smart-contract-low-in-liquidation-loanpoolcollateralused-doesnt-get-redu)
* [Boost \_ Folks Finance 34069 - \[Smart Contract - Low\] repayWithCollateral may revert when repay samll amount token](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34069-smart-contract-low-repaywithcollateral-may-revert-when-repay-samll-amoun)
* [Boost \_ Folks Finance 34076 - \[Smart Contract - Low\] Wrong way of deriving message keys using destination chains CCTP domain id](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34076-smart-contract-low-wrong-way-of-deriving-message-keys-using-destination)
* [Boost \_ Folks Finance 34085 - \[Smart Contract - Low\] partial repayment with collaterals will revert due to underflow](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34085-smart-contract-low-partial-repayment-with-collaterals-will-revert-due-to)
* [Boost \_ Folks Finance 34124 - \[Smart Contract - Low\] Smart contract cannot be accessed during the normal liquidation process that involves fully acquiring the borrowers balance](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34124-smart-contract-low-smart-contract-cannot-be-accessed-during-the-normal-l)
* [Boost \_ Folks Finance 34127 - \[Smart Contract - Low\] Liquidator gets more debt than usual](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34127-smart-contract-low-liquidator-gets-more-debt-than-usual)
* [Boost \_ Folks Finance 34132 - \[Smart Contract - Low\] Liquidation bonus incorrectly inflates repayBorrowAmount instead of seizeUnderlyingCollateralAmount leading to wrong liquidations](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34132-smart-contract-low-liquidation-bonus-incorrectly-inflates-repayborrowamo)
* [Boost \_ Folks Finance 34148 - \[Smart Contract - Low\] Full liquidations will fail for certain unhealthy positions](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34148-smart-contract-low-full-liquidations-will-fail-for-certain-unhealthy-pos)
* [Boost \_ Folks Finance 34150 - \[Smart Contract - Low\] Failed messages never expire and can be replayed by anyone potentially allowing users to be griefed](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34150-smart-contract-low-failed-messages-never-expire-and-can-be-replayed-by-a)
* [Boost \_ Folks Finance 34153 - \[Smart Contract - Low\] TWAP query by chainlink is wrong according to chainlink docs](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34153-smart-contract-low-twap-query-by-chainlink-is-wrong-according-to-chainli)
* [Boost \_ Folks Finance 34158 - \[Smart Contract - Low\] NodeManagersupportsInterface returns false for typeIERCinterfaceId](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34158-smart-contract-low-nodemanagersupportsinterface-returns-false-for-typeie)
* [Boost \_ Folks Finance 34169 - \[Smart Contract - Low\] Potential revert in PythNode library due to incorrect use of SafeCast toUint](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34169-smart-contract-low-potential-revert-in-pythnode-library-due-to-incorrect)
* [Boost \_ Folks Finance 34174 - \[Smart Contract - Low\] Bug in liquidation logic leads to stealing funds from liquidatorsunprofitable liquidations](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34174-smart-contract-low-bug-in-liquidation-logic-leads-to-stealing-funds-from)
Insight
* [Boost \_ Folks Finance 33258 - \[Smart Contract - Insight\] Usage of floating pragma](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33258-smart-contract-insight-usage-of-floating-pragma)
* [Boost \_ Folks Finance 33376 - \[Smart Contract - Insight\] BridgeRouterreceiveMessage Allows Message Replay Across Different Adapters](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33376-smart-contract-insight-bridgerouterreceivemessage-allows-message-replay)
* [Boost \_ Folks Finance 33441 - \[Smart Contract - Insight\] Protocol uses Pyth to fetch price which is a pull based oracle and requires price updates to be pushed by the user which is not taken care off](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33441-smart-contract-insight-protocol-uses-pyth-to-fetch-price-which-is-a-pull)
* [Boost \_ Folks Finance 33526 - \[Smart Contract - Insight\] Need to check returnAdapterId](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33526-smart-contract-insight-need-to-check-returnadapterid)
* [Boost \_ Folks Finance 33588 - \[Smart Contract - Insight\] The liquidator can make the protocol incur bad debt by partially liquidating the position](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33588-smart-contract-insight-the-liquidator-can-make-the-protocol-incur-bad-de)
* [Boost \_ Folks Finance 33644 - \[Smart Contract - Insight\] Insufficient msgvalue validation for Wormhole adapters will lead to Wormhole cross-chain messages being reverted](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33644-smart-contract-insight-insufficient-msgvalue-validation-for-wormhole-ada)
* [Boost \_ Folks Finance 33652 - \[Smart Contract - Insight\] BridgeRouters Unprotected Reversal Function Compromises User Control](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33652-smart-contract-insight-bridgerouters-unprotected-reversal-function-compr)
* [Boost \_ Folks Finance 33670 - \[Smart Contract - Insight\] Violator can deny his liquidation by front running it and changing the loan borrow type](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33670-smart-contract-insight-violator-can-deny-his-liquidation-by-front-runnin)
* [Boost \_ Folks Finance 33713 - \[Smart Contract - Insight\] Some transactions can revert when nodetype is PriceDeviationSameOracleCircuitBreakerNode](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33713-smart-contract-insight-some-transactions-can-revert-when-nodetype-is-pri)
* [Boost \_ Folks Finance 33746 - \[Smart Contract - Insight\] Rounding down to zero leads to liquidate function will be halted with Panic error](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33746-smart-contract-insight-rounding-down-to-zero-leads-to-liquidate-function)
* [Boost \_ Folks Finance 33852 - \[Smart Contract - Insight\] Small positions will not get liquidated](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33852-smart-contract-insight-small-positions-will-not-get-liquidated)
* [Boost \_ Folks Finance 33935 - \[Smart Contract - Insight\] Liquidations dont ensure the violator loan becomes healthy afterwards](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33935-smart-contract-insight-liquidations-dont-ensure-the-violator-loan-become)
* [Boost \_ Folks Finance 34183 - \[Smart Contract - Insight\] rebalanceUp could be used to lower the userLoanstableInterestRates in certain conditions](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34183-smart-contract-insight-rebalanceup-could-be-used-to-lower-the-userloanst)
* [Boost \_ Folks Finance 34188 - \[Smart Contract - Insight\] BridgeRouterHub can add address adapter](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34188-smart-contract-insight-bridgerouterhub-can-add-address-adapter)
## Reports by Type
[Smart Contract](#smart-contract)
Smart Contract
* [Boost \_ Folks Finance 33258 - \[Smart Contract - Insight\] Usage of floating pragma](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33258-smart-contract-insight-usage-of-floating-pragma)
* [Boost \_ Folks Finance 33269 - \[Smart Contract - Critical\] Logic flaw in UserLoanincreaseCollateral leads to double-counting of effectiveCollateral of userLoan](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33269-smart-contract-critical-logic-flaw-in-userloanincreasecollateral-leads-t)
* [Boost \_ Folks Finance 33272 - \[Smart Contract - Medium\] FrontRunning Attack on createAccount](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33272-smart-contract-medium-frontrunning-attack-on-createaccount)
* [Boost \_ Folks Finance 33280 - \[Smart Contract - Low\] NodeManagersupportsInterface doesnt follow EIP-](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33280-smart-contract-low-nodemanagersupportsinterface-doesnt-follow-eip)
* [Boost \_ Folks Finance 33311 - \[Smart Contract - Critical\] Infinite Interest rate bug](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33311-smart-contract-critical-infinite-interest-rate-bug)
* [Boost \_ Folks Finance 33353 - \[Smart Contract - Low\] Incorrect implementation of Time-Weighted Average Price for a Chainlink feed will lead to Incorrect Liquidation amount and breaks multiple price consumption based function](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33353-smart-contract-low-incorrect-implementation-of-time-weighted-average-pri)
* [Boost \_ Folks Finance 33356 - \[Smart Contract - Low\] All data in \_userLoans mapping will not be deleted after calling deleteUserLoan](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33356-smart-contract-low-all-data-in-_userloans-mapping-will-not-be-deleted-af)
* [Boost \_ Folks Finance 33376 - \[Smart Contract - Insight\] BridgeRouterreceiveMessage Allows Message Replay Across Different Adapters](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33376-smart-contract-insight-bridgerouterreceivemessage-allows-message-replay)
* [Boost \_ Folks Finance 33441 - \[Smart Contract - Insight\] Protocol uses Pyth to fetch price which is a pull based oracle and requires price updates to be pushed by the user which is not taken care off](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33441-smart-contract-insight-protocol-uses-pyth-to-fetch-price-which-is-a-pull)
* [Boost \_ Folks Finance 33443 - \[Smart Contract - Low\] StalenessCircuitBreakerNode checks if the last update time of the parent node is less than the threshold but the publicTime could be greater than current blocktimestamp](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33443-smart-contract-low-stalenesscircuitbreakernode-checks-if-the-last-update)
* [Boost \_ Folks Finance 33454 - \[Smart Contract - Low\] unsafe casting will lead to break of PythNode Oracle](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33454-smart-contract-low-unsafe-casting-will-lead-to-break-of-pythnode-oracle)
* [Boost \_ Folks Finance 33526 - \[Smart Contract - Insight\] Need to check returnAdapterId](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33526-smart-contract-insight-need-to-check-returnadapterid)
* [Boost \_ Folks Finance 33533 - \[Smart Contract - Critical\] depositDatainterestRate is not correct](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33533-smart-contract-critical-depositdatainterestrate-is-not-correct)
* [Boost \_ Folks Finance 33534 - \[Smart Contract - Medium\] denial of service vulnerability and possible griefing in cross-chain account creation](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33534-smart-contract-medium-denial-of-service-vulnerability-and-possible-grief)
* [Boost \_ Folks Finance 33540 - \[Smart Contract - Low\] ChainlinkNode uses cached decimals in the calculation instead of fresh one](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33540-smart-contract-low-chainlinknode-uses-cached-decimals-in-the-calculation)
* [Boost \_ Folks Finance 33542 - \[Smart Contract - Medium\] Attacker can create loan before users tx is completed through bridge](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33542-smart-contract-medium-attacker-can-create-loan-before-users-tx-is-comple)
* [Boost \_ Folks Finance 33546 - \[Smart Contract - Medium\] Adversaries can manipulate victims stable rate to remain excessively high via flashloan](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33546-smart-contract-medium-adversaries-can-manipulate-victims-stable-rate-to)
* [Boost \_ Folks Finance 33566 - \[Smart Contract - Low\] RepayWithCollateral will almost always fail in partial repayment](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33566-smart-contract-low-repaywithcollateral-will-almost-always-fail-in-partia)
* [Boost \_ Folks Finance 33568 - \[Smart Contract - Medium\] Front-running vulnerability in cross-chain loan creation process could lead in funds loss for users](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33568-smart-contract-medium-front-running-vulnerability-in-cross-chain-loan-cr)
* [Boost \_ Folks Finance 33588 - \[Smart Contract - Insight\] The liquidator can make the protocol incur bad debt by partially liquidating the position](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33588-smart-contract-insight-the-liquidator-can-make-the-protocol-incur-bad-de)
* [Boost \_ Folks Finance 33589 - \[Smart Contract - Medium\] Anyone can call the BridgeRouter Recieve function with malicious data to transfer funds](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33589-smart-contract-medium-anyone-can-call-the-bridgerouter-recieve-function)
* [Boost \_ Folks Finance 33596 - \[Smart Contract - Low\] Incorrect rounding direction in HubPoolLogicupdateWithRepayWithCollateral can lead to accounting error of total token amount in HubPool](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33596-smart-contract-low-incorrect-rounding-direction-in-hubpoollogicupdatewit)
* [Boost \_ Folks Finance 33609 - \[Smart Contract - Medium\] Account creation can be frontrun making the users unable to create an account](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33609-smart-contract-medium-account-creation-can-be-frontrun-making-the-users)
* [Boost \_ Folks Finance 33611 - \[Smart Contract - Medium\] Adversary can perform a DoS on users createLoan and createLoanAndDeposit operation sent from Spoke chain](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33611-smart-contract-medium-adversary-can-perform-a-dos-on-users-createloan-an)
* [Boost \_ Folks Finance 33614 - \[Smart Contract - Medium\] Front-Running Vulnerability in createAccount Method](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33614-smart-contract-medium-front-running-vulnerability-in-createaccount-metho)
* [Boost \_ Folks Finance 33630 - \[Smart Contract - High\] Incorrect calculation of loanBorrowbalance](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33630-smart-contract-high-incorrect-calculation-of-loanborrowbalance)
* [Boost \_ Folks Finance 33631 - \[Smart Contract - Low\] Wrong implementation of chainLink getTwapPrice Can lead to wrong price or latest price being used](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33631-smart-contract-low-wrong-implementation-of-chainlink-gettwapprice-can-le)
* [Boost \_ Folks Finance 33643 - \[Smart Contract - Low\] PriceFeed from PythNode will always revert for some pools](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33643-smart-contract-low-pricefeed-from-pythnode-will-always-revert-for-some-p)
* [Boost \_ Folks Finance 33644 - \[Smart Contract - Insight\] Insufficient msgvalue validation for Wormhole adapters will lead to Wormhole cross-chain messages being reverted](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33644-smart-contract-insight-insufficient-msgvalue-validation-for-wormhole-ada)
* [Boost \_ Folks Finance 33645 - \[Smart Contract - Medium\] Griefing an user from creating an account](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33645-smart-contract-medium-griefing-an-user-from-creating-an-account)
* [Boost \_ Folks Finance 33652 - \[Smart Contract - Insight\] BridgeRouters Unprotected Reversal Function Compromises User Control](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33652-smart-contract-insight-bridgerouters-unprotected-reversal-function-compr)
* [Boost \_ Folks Finance 33665 - \[Smart Contract - Critical\] Collateral Inflation Exploit via Zero-Amount Deposits Allows An Attacker to Drain Any Pool](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33665-smart-contract-critical-collateral-inflation-exploit-via-zero-amount-dep)
* [Boost \_ Folks Finance 33670 - \[Smart Contract - Insight\] Violator can deny his liquidation by front running it and changing the loan borrow type](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33670-smart-contract-insight-violator-can-deny-his-liquidation-by-front-runnin)
* [Boost \_ Folks Finance 33675 - \[Smart Contract - Low\] PythNodeprocess can revert because of incorrect casting](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33675-smart-contract-low-pythnodeprocess-can-revert-because-of-incorrect-casti)
* [Boost \_ Folks Finance 33684 - \[Smart Contract - Critical\] Lack of available liquidity check when sending token back from Hub leads to first deposit and inflation attack](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33684-smart-contract-critical-lack-of-available-liquidity-check-when-sending-t)
* [Boost \_ Folks Finance 33687 - \[Smart Contract - Medium\] Loan creation can be frontrun preventing the users from creating loans](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33687-smart-contract-medium-loan-creation-can-be-frontrun-preventing-the-users)
* [Boost \_ Folks Finance 33694 - \[Smart Contract - Medium\] stableBorrowRates are manipulatable through flashloan attacks](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33694-smart-contract-medium-stableborrowrates-are-manipulatable-through-flashl)
* [Boost \_ Folks Finance 33695 - \[Smart Contract - Critical\] Attacker can borrow more than the collateral deposit](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33695-smart-contract-critical-attacker-can-borrow-more-than-the-collateral-dep)
* [Boost \_ Folks Finance 33713 - \[Smart Contract - Insight\] Some transactions can revert when nodetype is PriceDeviationSameOracleCircuitBreakerNode](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33713-smart-contract-insight-some-transactions-can-revert-when-nodetype-is-pri)
* [Boost \_ Folks Finance 33746 - \[Smart Contract - Insight\] Rounding down to zero leads to liquidate function will be halted with Panic error](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33746-smart-contract-insight-rounding-down-to-zero-leads-to-liquidate-function)
* [Boost \_ Folks Finance 33778 - \[Smart Contract - Medium\] The loan creation process can be griefed](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33778-smart-contract-medium-the-loan-creation-process-can-be-griefed)
* [Boost \_ Folks Finance 33779 - \[Smart Contract - Medium\] The account creation process can be griefed](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33779-smart-contract-medium-the-account-creation-process-can-be-griefed)
* [Boost \_ Folks Finance 33780 - \[Smart Contract - Critical\] Zero deposits can be used to artificially inflate a users collateral value allowing them to borrow excess funds](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33780-smart-contract-critical-zero-deposits-can-be-used-to-artificially-inflat)
* [Boost \_ Folks Finance 33787 - \[Smart Contract - Low\] Function PythNodeprocess doesnt handle correctly PRECISION pythDataexpo](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33787-smart-contract-low-function-pythnodeprocess-doesnt-handle-correctly-prec)
* [Boost \_ Folks Finance 33807 - \[Smart Contract - Low\] updateInterestRate uses incorrect reference of borrow interest rate to calculate deposit interest can lead to the loss of lenders unclaimed yield](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33807-smart-contract-low-updateinterestrate-uses-incorrect-reference-of-borrow)
* [Boost \_ Folks Finance 33816 - \[Smart Contract - Critical\] Attacker can get unlimited loan for some minimum deposit due to the incorrect calculation of user health in getLoanLiquidity](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33816-smart-contract-critical-attacker-can-get-unlimited-loan-for-some-minimum)
* [Boost \_ Folks Finance 33817 - \[Smart Contract - High\] Incorrect calculation of effective borrow value in getLoanLiquidity leads to protocol insolvency through wrong withdrawals and liquidations](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33817-smart-contract-high-incorrect-calculation-of-effective-borrow-value-in-g)
* [Boost \_ Folks Finance 33852 - \[Smart Contract - Insight\] Small positions will not get liquidated](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33852-smart-contract-insight-small-positions-will-not-get-liquidated)
* [Boost \_ Folks Finance 33869 - \[Smart Contract - Medium\] loanIds are easy to reproduce and front-running enable malicious parties to lock user funds](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33869-smart-contract-medium-loanids-are-easy-to-reproduce-and-front-running-en)
* [Boost \_ Folks Finance 33870 - \[Smart Contract - Low\] convToRepayBorrowAmount calculation is incorrect causing liquidators to repay extra instead of receiving a bonus](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33870-smart-contract-low-convtorepayborrowamount-calculation-is-incorrect-caus)
* [Boost \_ Folks Finance 33880 - \[Smart Contract - Medium\] Front-Running Vulnerability in createUserLoan Method](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33880-smart-contract-medium-front-running-vulnerability-in-createuserloan-meth)
* [Boost \_ Folks Finance 33885 - \[Smart Contract - Low\] Incorrect prices will be returned if the NodeType is PRICE\_DEVIATION\_CIRCUIT\_BREAKER](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33885-smart-contract-low-incorrect-prices-will-be-returned-if-the-nodetype-is)
* [Boost \_ Folks Finance 33893 - \[Smart Contract - Medium\] Malicious users can DoS loan creations and deposits causing temporary funds freezing and additional costs incurred for message reversals](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33893-smart-contract-medium-malicious-users-can-dos-loan-creations-and-deposit)
* [Boost \_ Folks Finance 33923 - \[Smart Contract - Low\] Function HubPoolLogicupdateWithWithdraw doesnt round up in favour of protocol if isFAmount false](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33923-smart-contract-low-function-hubpoollogicupdatewithwithdraw-doesnt-round)
* [Boost \_ Folks Finance 33935 - \[Smart Contract - Insight\] Liquidations dont ensure the violator loan becomes healthy afterwards](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33935-smart-contract-insight-liquidations-dont-ensure-the-violator-loan-become)
* [Boost \_ Folks Finance 33947 - \[Smart Contract - Low\] During liquidations when borrowToRepay collateral the liquidator pays more borrowAmount than they should and receives no bonus](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33947-smart-contract-low-during-liquidations-when-borrowtorepay-collateral-the)
* [Boost \_ Folks Finance 33950 - \[Smart Contract - Low\] pythnode oracle unexpected revert](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33950-smart-contract-low-pythnode-oracle-unexpected-revert)
* [Boost \_ Folks Finance 33953 - \[Smart Contract - Low\] Calling process function will not revert even if two oracle nodes of the same type are used](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33953-smart-contract-low-calling-process-function-will-not-revert-even-if-two)
* [Boost \_ Folks Finance 33970 - \[Smart Contract - Medium\] User deposits can be blocked](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33970-smart-contract-medium-user-deposits-can-be-blocked)
* [Boost \_ Folks Finance 33978 - \[Smart Contract - Critical\] Attacker can Inflate effectiveCollateralValue](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33978-smart-contract-critical-attacker-can-inflate-effectivecollateralvalue)
* [Boost \_ Folks Finance 33981 - \[Smart Contract - Low\] The PythNode library process function implementation does not account for pythDataexpo being greater than PRECISION](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33981-smart-contract-low-the-pythnode-library-process-function-implementation)
* [Boost \_ Folks Finance 33987 - \[Smart Contract - Medium\] Incorrect access control in receiveMessage leads to total loss of funds](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33987-smart-contract-medium-incorrect-access-control-in-receivemessage-leads-t)
* [Boost \_ Folks Finance 34025 - \[Smart Contract - Medium\] Malicious user can DoS the creation of every account at no cost by front running it with the same accountId](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34025-smart-contract-medium-malicious-user-can-dos-the-creation-of-every-accou)
* [Boost \_ Folks Finance 34028 - \[Smart Contract - Medium\] Denial of Service DoS vulnerability in UserLoan creation due to front-running attack](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34028-smart-contract-medium-denial-of-service-dos-vulnerability-in-userloan-cr)
* [Boost \_ Folks Finance 34029 - \[Smart Contract - Medium\] Contract fails to mitigate potential critical state where anyone can call BridgeRouterHubreceiveMessage directly](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34029-smart-contract-medium-contract-fails-to-mitigate-potential-critical-stat)
* [Boost \_ Folks Finance 34030 - \[Smart Contract - Low\] Incorrect rounding down in HubPoolLogicupdateWithWithdraw when users withdraw using underlying amount](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34030-smart-contract-low-incorrect-rounding-down-in-hubpoollogicupdatewithwith)
* [Boost \_ Folks Finance 34047 - \[Smart Contract - Low\] Adversaries can create a position that is nearly impossible to liquidate due to high gas consumption](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34047-smart-contract-low-adversaries-can-create-a-position-that-is-nearly-impo)
* [Boost \_ Folks Finance 34050 - \[Smart Contract - High\] Vulnerability in getLoanLiquidity leads to undervaluing stable debt](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34050-smart-contract-high-vulnerability-in-getloanliquidity-leads-to-undervalu)
* [Boost \_ Folks Finance 34052 - \[Smart Contract - Low\] withdraw doesnt round in favour of protocol for isFamountFalse](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34052-smart-contract-low-withdraw-doesnt-round-in-favour-of-protocol-for-isfam)
* [Boost \_ Folks Finance 34054 - \[Smart Contract - Low\] In liquidation loanPoolcollateralUsed doesnt get reduced by collateralSeizedreserveAmount](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34054-smart-contract-low-in-liquidation-loanpoolcollateralused-doesnt-get-redu)
* [Boost \_ Folks Finance 34066 - \[Smart Contract - Medium\] Account Creation Front-Running Vulnerability Leading to Gas Fee Theft](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34066-smart-contract-medium-account-creation-front-running-vulnerability-leadi)
* [Boost \_ Folks Finance 34069 - \[Smart Contract - Low\] repayWithCollateral may revert when repay samll amount token](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34069-smart-contract-low-repaywithcollateral-may-revert-when-repay-samll-amoun)
* [Boost \_ Folks Finance 34074 - \[Smart Contract - Critical\] Hub missing check for available liquidity could lead to locked fund and utilization ratio exceeding](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34074-smart-contract-critical-hub-missing-check-for-available-liquidity-could)
* [Boost \_ Folks Finance 34076 - \[Smart Contract - Low\] Wrong way of deriving message keys using destination chains CCTP domain id](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34076-smart-contract-low-wrong-way-of-deriving-message-keys-using-destination)
* [Boost \_ Folks Finance 34085 - \[Smart Contract - Low\] partial repayment with collaterals will revert due to underflow](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34085-smart-contract-low-partial-repayment-with-collaterals-will-revert-due-to)
* [Boost \_ Folks Finance 34122 - \[Smart Contract - High\] Wrong borrow balance calculation in the getLoanLiquidity function](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34122-smart-contract-high-wrong-borrow-balance-calculation-in-the-getloanliqui)
* [Boost \_ Folks Finance 34124 - \[Smart Contract - Low\] Smart contract cannot be accessed during the normal liquidation process that involves fully acquiring the borrowers balance](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34124-smart-contract-low-smart-contract-cannot-be-accessed-during-the-normal-l)
* [Boost \_ Folks Finance 34127 - \[Smart Contract - Low\] Liquidator gets more debt than usual](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34127-smart-contract-low-liquidator-gets-more-debt-than-usual)
* [Boost \_ Folks Finance 34132 - \[Smart Contract - Low\] Liquidation bonus incorrectly inflates repayBorrowAmount instead of seizeUnderlyingCollateralAmount leading to wrong liquidations](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34132-smart-contract-low-liquidation-bonus-incorrectly-inflates-repayborrowamo)
* [Boost \_ Folks Finance 34148 - \[Smart Contract - Low\] Full liquidations will fail for certain unhealthy positions](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34148-smart-contract-low-full-liquidations-will-fail-for-certain-unhealthy-pos)
* [Boost \_ Folks Finance 34150 - \[Smart Contract - Low\] Failed messages never expire and can be replayed by anyone potentially allowing users to be griefed](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34150-smart-contract-low-failed-messages-never-expire-and-can-be-replayed-by-a)
* [Boost \_ Folks Finance 34153 - \[Smart Contract - Low\] TWAP query by chainlink is wrong according to chainlink docs](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34153-smart-contract-low-twap-query-by-chainlink-is-wrong-according-to-chainli)
* [Boost \_ Folks Finance 34158 - \[Smart Contract - Low\] NodeManagersupportsInterface returns false for typeIERCinterfaceId](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34158-smart-contract-low-nodemanagersupportsinterface-returns-false-for-typeie)
* [Boost \_ Folks Finance 34161 - \[Smart Contract - Medium\] Denial of Service via Front-Running in Loan Creation Mechanism](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34161-smart-contract-medium-denial-of-service-via-front-running-in-loan-creati)
* [Boost \_ Folks Finance 34169 - \[Smart Contract - Low\] Potential revert in PythNode library due to incorrect use of SafeCast toUint](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34169-smart-contract-low-potential-revert-in-pythnode-library-due-to-incorrect)
* [Boost \_ Folks Finance 34174 - \[Smart Contract - Low\] Bug in liquidation logic leads to stealing funds from liquidatorsunprofitable liquidations](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34174-smart-contract-low-bug-in-liquidation-logic-leads-to-stealing-funds-from)
* [Boost \_ Folks Finance 34179 - \[Smart Contract - High\] Incorrect Updates to pooldepositDatatotalAmount and loancollateralUsed During Repayment with Collateral](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34179-smart-contract-high-incorrect-updates-to-pooldepositdatatotalamount-and)
* [Boost \_ Folks Finance 34183 - \[Smart Contract - Insight\] rebalanceUp could be used to lower the userLoanstableInterestRates in certain conditions](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34183-smart-contract-insight-rebalanceup-could-be-used-to-lower-the-userloanst)
* [Boost \_ Folks Finance 34188 - \[Smart Contract - Insight\] BridgeRouterHub can add address adapter](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34188-smart-contract-insight-bridgerouterhub-can-add-address-adapter)
* [Boost \_ Folks Finance 34190 - \[Smart Contract - Critical\] Liquidated users can mix and manipulate stable and variable borrowings through exploitative liquidation process](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34190-smart-contract-critical-liquidated-users-can-mix-and-manipulate-stable-a)