# Folks Finance
## Reports by Severity
[Critical](#critical) | [High](#high) | [Medium](#medium) | [Low](#low) | [Insight](#insight)
Critical
* [Boost \_ Folks Finance 33269 - \[Smart Contract - Critical\] Logic flaw in UserLoanincreaseCollateral leads to double-counting of effectiveCollateral of userLoan](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33269-smart-contract-critical-logic-flaw-in-userloanincreasecollateral-leads-t)
* [Boost \_ Folks Finance 33311 - \[Smart Contract - Critical\] Infinite Interest rate bug](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33311-smart-contract-critical-infinite-interest-rate-bug)
* [Boost \_ Folks Finance 33533 - \[Smart Contract - Critical\] depositDatainterestRate is not correct](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33533-smart-contract-critical-depositdatainterestrate-is-not-correct)
* [Boost \_ Folks Finance 33665 - \[Smart Contract - Critical\] Collateral Inflation Exploit via Zero-Amount Deposits Allows An Attacker to Drain Any Pool](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33665-smart-contract-critical-collateral-inflation-exploit-via-zero-amount-dep)
* [Boost \_ Folks Finance 33684 - \[Smart Contract - Critical\] Lack of available liquidity check when sending token back from Hub leads to first deposit and inflation attack](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33684-smart-contract-critical-lack-of-available-liquidity-check-when-sending-t)
* [Boost \_ Folks Finance 33695 - \[Smart Contract - Critical\] Attacker can borrow more than the collateral deposit](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33695-smart-contract-critical-attacker-can-borrow-more-than-the-collateral-dep)
* [Boost \_ Folks Finance 33780 - \[Smart Contract - Critical\] Zero deposits can be used to artificially inflate a users collateral value allowing them to borrow excess funds](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33780-smart-contract-critical-zero-deposits-can-be-used-to-artificially-inflat)
* [Boost \_ Folks Finance 33816 - \[Smart Contract - Critical\] Attacker can get unlimited loan for some minimum deposit due to the incorrect calculation of user health in getLoanLiquidity](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33816-smart-contract-critical-attacker-can-get-unlimited-loan-for-some-minimum)
* [Boost \_ Folks Finance 33978 - \[Smart Contract - Critical\] Attacker can Inflate effectiveCollateralValue](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33978-smart-contract-critical-attacker-can-inflate-effectivecollateralvalue)
* [Boost \_ Folks Finance 34074 - \[Smart Contract - Critical\] Hub missing check for available liquidity could lead to locked fund and utilization ratio exceeding](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34074-smart-contract-critical-hub-missing-check-for-available-liquidity-could)
* [Boost \_ Folks Finance 34190 - \[Smart Contract - Critical\] Liquidated users can mix and manipulate stable and variable borrowings through exploitative liquidation process](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34190-smart-contract-critical-liquidated-users-can-mix-and-manipulate-stable-a)
High
* [Boost \_ Folks Finance 33630 - \[Smart Contract - High\] Incorrect calculation of loanBorrowbalance](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33630-smart-contract-high-incorrect-calculation-of-loanborrowbalance)
* [Boost \_ Folks Finance 33817 - \[Smart Contract - High\] Incorrect calculation of effective borrow value in getLoanLiquidity leads to protocol insolvency through wrong withdrawals and liquidations](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33817-smart-contract-high-incorrect-calculation-of-effective-borrow-value-in-g)
* [Boost \_ Folks Finance 34050 - \[Smart Contract - High\] Vulnerability in getLoanLiquidity leads to undervaluing stable debt](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34050-smart-contract-high-vulnerability-in-getloanliquidity-leads-to-undervalu)
* [Boost \_ Folks Finance 34122 - \[Smart Contract - High\] Wrong borrow balance calculation in the getLoanLiquidity function](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34122-smart-contract-high-wrong-borrow-balance-calculation-in-the-getloanliqui)
* [Boost \_ Folks Finance 34179 - \[Smart Contract - High\] Incorrect Updates to pooldepositDatatotalAmount and loancollateralUsed During Repayment with Collateral](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34179-smart-contract-high-incorrect-updates-to-pooldepositdatatotalamount-and)
Medium
* [Boost \_ Folks Finance 33272 - \[Smart Contract - Medium\] FrontRunning Attack on createAccount](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33272-smart-contract-medium-frontrunning-attack-on-createaccount)
* [Boost \_ Folks Finance 33534 - \[Smart Contract - Medium\] denial of service vulnerability and possible griefing in cross-chain account creation](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33534-smart-contract-medium-denial-of-service-vulnerability-and-possible-grief)
* [Boost \_ Folks Finance 33542 - \[Smart Contract - Medium\] Attacker can create loan before users tx is completed through bridge](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33542-smart-contract-medium-attacker-can-create-loan-before-users-tx-is-comple)
* [Boost \_ Folks Finance 33546 - \[Smart Contract - Medium\] Adversaries can manipulate victims stable rate to remain excessively high via flashloan](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33546-smart-contract-medium-adversaries-can-manipulate-victims-stable-rate-to)
* [Boost \_ Folks Finance 33568 - \[Smart Contract - Medium\] Front-running vulnerability in cross-chain loan creation process could lead in funds loss for users](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33568-smart-contract-medium-front-running-vulnerability-in-cross-chain-loan-cr)
* [Boost \_ Folks Finance 33589 - \[Smart Contract - Medium\] Anyone can call the BridgeRouter Recieve function with malicious data to transfer funds](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33589-smart-contract-medium-anyone-can-call-the-bridgerouter-recieve-function)
* [Boost \_ Folks Finance 33609 - \[Smart Contract - Medium\] Account creation can be frontrun making the users unable to create an account](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33609-smart-contract-medium-account-creation-can-be-frontrun-making-the-users)
* [Boost \_ Folks Finance 33611 - \[Smart Contract - Medium\] Adversary can perform a DoS on users createLoan and createLoanAndDeposit operation sent from Spoke chain](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33611-smart-contract-medium-adversary-can-perform-a-dos-on-users-createloan-an)
* [Boost \_ Folks Finance 33614 - \[Smart Contract - Medium\] Front-Running Vulnerability in createAccount Method](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33614-smart-contract-medium-front-running-vulnerability-in-createaccount-metho)
* [Boost \_ Folks Finance 33645 - \[Smart Contract - Medium\] Griefing an user from creating an account](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33645-smart-contract-medium-griefing-an-user-from-creating-an-account)
* [Boost \_ Folks Finance 33687 - \[Smart Contract - Medium\] Loan creation can be frontrun preventing the users from creating loans](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33687-smart-contract-medium-loan-creation-can-be-frontrun-preventing-the-users)
* [Boost \_ Folks Finance 33694 - \[Smart Contract - Medium\] stableBorrowRates are manipulatable through flashloan attacks](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33694-smart-contract-medium-stableborrowrates-are-manipulatable-through-flashl)
* [Boost \_ Folks Finance 33778 - \[Smart Contract - Medium\] The loan creation process can be griefed](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33778-smart-contract-medium-the-loan-creation-process-can-be-griefed)
* [Boost \_ Folks Finance 33779 - \[Smart Contract - Medium\] The account creation process can be griefed](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33779-smart-contract-medium-the-account-creation-process-can-be-griefed)
* [Boost \_ Folks Finance 33869 - \[Smart Contract - Medium\] loanIds are easy to reproduce and front-running enable malicious parties to lock user funds](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33869-smart-contract-medium-loanids-are-easy-to-reproduce-and-front-running-en)
* [Boost \_ Folks Finance 33880 - \[Smart Contract - Medium\] Front-Running Vulnerability in createUserLoan Method](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33880-smart-contract-medium-front-running-vulnerability-in-createuserloan-meth)
* [Boost \_ Folks Finance 33893 - \[Smart Contract - Medium\] Malicious users can DoS loan creations and deposits causing temporary funds freezing and additional costs incurred for message reversals](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33893-smart-contract-medium-malicious-users-can-dos-loan-creations-and-deposit)
* [Boost \_ Folks Finance 33970 - \[Smart Contract - Medium\] User deposits can be blocked](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33970-smart-contract-medium-user-deposits-can-be-blocked)
* [Boost \_ Folks Finance 33987 - \[Smart Contract - Medium\] Incorrect access control in receiveMessage leads to total loss of funds](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33987-smart-contract-medium-incorrect-access-control-in-receivemessage-leads-t)
* [Boost \_ Folks Finance 34025 - \[Smart Contract - Medium\] Malicious user can DoS the creation of every account at no cost by front running it with the same accountId](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34025-smart-contract-medium-malicious-user-can-dos-the-creation-of-every-accou)
* [Boost \_ Folks Finance 34028 - \[Smart Contract - Medium\] Denial of Service DoS vulnerability in UserLoan creation due to front-running attack](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34028-smart-contract-medium-denial-of-service-dos-vulnerability-in-userloan-cr)
* [Boost \_ Folks Finance 34029 - \[Smart Contract - Medium\] Contract fails to mitigate potential critical state where anyone can call BridgeRouterHubreceiveMessage directly](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34029-smart-contract-medium-contract-fails-to-mitigate-potential-critical-stat)
* [Boost \_ Folks Finance 34066 - \[Smart Contract - Medium\] Account Creation Front-Running Vulnerability Leading to Gas Fee Theft](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34066-smart-contract-medium-account-creation-front-running-vulnerability-leadi)
* [Boost \_ Folks Finance 34161 - \[Smart Contract - Medium\] Denial of Service via Front-Running in Loan Creation Mechanism](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34161-smart-contract-medium-denial-of-service-via-front-running-in-loan-creati)
Low
* [Boost \_ Folks Finance 33280 - \[Smart Contract - Low\] NodeManagersupportsInterface doesnt follow EIP-](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33280-smart-contract-low-nodemanagersupportsinterface-doesnt-follow-eip)
* [Boost \_ Folks Finance 33353 - \[Smart Contract - Low\] Incorrect implementation of Time-Weighted Average Price for a Chainlink feed will lead to Incorrect Liquidation amount and breaks multiple price consumption based function](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33353-smart-contract-low-incorrect-implementation-of-time-weighted-average-pri)
* [Boost \_ Folks Finance 33356 - \[Smart Contract - Low\] All data in \_userLoans mapping will not be deleted after calling deleteUserLoan](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33356-smart-contract-low-all-data-in-_userloans-mapping-will-not-be-deleted-af)
* [Boost \_ Folks Finance 33443 - \[Smart Contract - Low\] StalenessCircuitBreakerNode checks if the last update time of the parent node is less than the threshold but the publicTime could be greater than current blocktimestamp](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33443-smart-contract-low-stalenesscircuitbreakernode-checks-if-the-last-update)
* [Boost \_ Folks Finance 33454 - \[Smart Contract - Low\] unsafe casting will lead to break of PythNode Oracle](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33454-smart-contract-low-unsafe-casting-will-lead-to-break-of-pythnode-oracle)
* [Boost \_ Folks Finance 33540 - \[Smart Contract - Low\] ChainlinkNode uses cached decimals in the calculation instead of fresh one](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33540-smart-contract-low-chainlinknode-uses-cached-decimals-in-the-calculation)
* [Boost \_ Folks Finance 33566 - \[Smart Contract - Low\] RepayWithCollateral will almost always fail in partial repayment](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33566-smart-contract-low-repaywithcollateral-will-almost-always-fail-in-partia)
* [Boost \_ Folks Finance 33596 - \[Smart Contract - Low\] Incorrect rounding direction in HubPoolLogicupdateWithRepayWithCollateral can lead to accounting error of total token amount in HubPool](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33596-smart-contract-low-incorrect-rounding-direction-in-hubpoollogicupdatewit)
* [Boost \_ Folks Finance 33631 - \[Smart Contract - Low\] Wrong implementation of chainLink getTwapPrice Can lead to wrong price or latest price being used](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33631-smart-contract-low-wrong-implementation-of-chainlink-gettwapprice-can-le)
* [Boost \_ Folks Finance 33643 - \[Smart Contract - Low\] PriceFeed from PythNode will always revert for some pools](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33643-smart-contract-low-pricefeed-from-pythnode-will-always-revert-for-some-p)
* [Boost \_ Folks Finance 33675 - \[Smart Contract - Low\] PythNodeprocess can revert because of incorrect casting](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33675-smart-contract-low-pythnodeprocess-can-revert-because-of-incorrect-casti)
* [Boost \_ Folks Finance 33787 - \[Smart Contract - Low\] Function PythNodeprocess doesnt handle correctly PRECISION pythDataexpo](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33787-smart-contract-low-function-pythnodeprocess-doesnt-handle-correctly-prec)
* [Boost \_ Folks Finance 33807 - \[Smart Contract - Low\] updateInterestRate uses incorrect reference of borrow interest rate to calculate deposit interest can lead to the loss of lenders unclaimed yield](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33807-smart-contract-low-updateinterestrate-uses-incorrect-reference-of-borrow)
* [Boost \_ Folks Finance 33870 - \[Smart Contract - Low\] convToRepayBorrowAmount calculation is incorrect causing liquidators to repay extra instead of receiving a bonus](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33870-smart-contract-low-convtorepayborrowamount-calculation-is-incorrect-caus)
* [Boost \_ Folks Finance 33885 - \[Smart Contract - Low\] Incorrect prices will be returned if the NodeType is PRICE\_DEVIATION\_CIRCUIT\_BREAKER](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33885-smart-contract-low-incorrect-prices-will-be-returned-if-the-nodetype-is)
* [Boost \_ Folks Finance 33923 - \[Smart Contract - Low\] Function HubPoolLogicupdateWithWithdraw doesnt round up in favour of protocol if isFAmount false](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33923-smart-contract-low-function-hubpoollogicupdatewithwithdraw-doesnt-round)
* [Boost \_ Folks Finance 33947 - \[Smart Contract - Low\] During liquidations when borrowToRepay collateral the liquidator pays more borrowAmount than they should and receives no bonus](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33947-smart-contract-low-during-liquidations-when-borrowtorepay-collateral-the)
* [Boost \_ Folks Finance 33950 - \[Smart Contract - Low\] pythnode oracle unexpected revert](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33950-smart-contract-low-pythnode-oracle-unexpected-revert)
* [Boost \_ Folks Finance 33953 - \[Smart Contract - Low\] Calling process function will not revert even if two oracle nodes of the same type are used](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33953-smart-contract-low-calling-process-function-will-not-revert-even-if-two)
* [Boost \_ Folks Finance 33981 - \[Smart Contract - Low\] The PythNode library process function implementation does not account for pythDataexpo being greater than PRECISION](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33981-smart-contract-low-the-pythnode-library-process-function-implementation)
* [Boost \_ Folks Finance 34030 - \[Smart Contract - Low\] Incorrect rounding down in HubPoolLogicupdateWithWithdraw when users withdraw using underlying amount](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34030-smart-contract-low-incorrect-rounding-down-in-hubpoollogicupdatewithwith)
* [Boost \_ Folks Finance 34047 - \[Smart Contract - Low\] Adversaries can create a position that is nearly impossible to liquidate due to high gas consumption](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34047-smart-contract-low-adversaries-can-create-a-position-that-is-nearly-impo)
* [Boost \_ Folks Finance 34052 - \[Smart Contract - Low\] withdraw doesnt round in favour of protocol for isFamountFalse](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34052-smart-contract-low-withdraw-doesnt-round-in-favour-of-protocol-for-isfam)
* [Boost \_ Folks Finance 34054 - \[Smart Contract - Low\] In liquidation loanPoolcollateralUsed doesnt get reduced by collateralSeizedreserveAmount](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34054-smart-contract-low-in-liquidation-loanpoolcollateralused-doesnt-get-redu)
* [Boost \_ Folks Finance 34069 - \[Smart Contract - Low\] repayWithCollateral may revert when repay samll amount token](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34069-smart-contract-low-repaywithcollateral-may-revert-when-repay-samll-amoun)
* [Boost \_ Folks Finance 34076 - \[Smart Contract - Low\] Wrong way of deriving message keys using destination chains CCTP domain id](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34076-smart-contract-low-wrong-way-of-deriving-message-keys-using-destination)
* [Boost \_ Folks Finance 34085 - \[Smart Contract - Low\] partial repayment with collaterals will revert due to underflow](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34085-smart-contract-low-partial-repayment-with-collaterals-will-revert-due-to)
* [Boost \_ Folks Finance 34124 - \[Smart Contract - Low\] Smart contract cannot be accessed during the normal liquidation process that involves fully acquiring the borrowers balance](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34124-smart-contract-low-smart-contract-cannot-be-accessed-during-the-normal-l)
* [Boost \_ Folks Finance 34127 - \[Smart Contract - Low\] Liquidator gets more debt than usual](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34127-smart-contract-low-liquidator-gets-more-debt-than-usual)
* [Boost \_ Folks Finance 34132 - \[Smart Contract - Low\] Liquidation bonus incorrectly inflates repayBorrowAmount instead of seizeUnderlyingCollateralAmount leading to wrong liquidations](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34132-smart-contract-low-liquidation-bonus-incorrectly-inflates-repayborrowamo)
* [Boost \_ Folks Finance 34148 - \[Smart Contract - Low\] Full liquidations will fail for certain unhealthy positions](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34148-smart-contract-low-full-liquidations-will-fail-for-certain-unhealthy-pos)
* [Boost \_ Folks Finance 34150 - \[Smart Contract - Low\] Failed messages never expire and can be replayed by anyone potentially allowing users to be griefed](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34150-smart-contract-low-failed-messages-never-expire-and-can-be-replayed-by-a)
* [Boost \_ Folks Finance 34153 - \[Smart Contract - Low\] TWAP query by chainlink is wrong according to chainlink docs](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34153-smart-contract-low-twap-query-by-chainlink-is-wrong-according-to-chainli)
* [Boost \_ Folks Finance 34158 - \[Smart Contract - Low\] NodeManagersupportsInterface returns false for typeIERCinterfaceId](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34158-smart-contract-low-nodemanagersupportsinterface-returns-false-for-typeie)
* [Boost \_ Folks Finance 34169 - \[Smart Contract - Low\] Potential revert in PythNode library due to incorrect use of SafeCast toUint](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34169-smart-contract-low-potential-revert-in-pythnode-library-due-to-incorrect)
* [Boost \_ Folks Finance 34174 - \[Smart Contract - Low\] Bug in liquidation logic leads to stealing funds from liquidatorsunprofitable liquidations](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34174-smart-contract-low-bug-in-liquidation-logic-leads-to-stealing-funds-from)
Insight
* [Boost \_ Folks Finance 33258 - \[Smart Contract - Insight\] Usage of floating pragma](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33258-smart-contract-insight-usage-of-floating-pragma)
* [Boost \_ Folks Finance 33376 - \[Smart Contract - Insight\] BridgeRouterreceiveMessage Allows Message Replay Across Different Adapters](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33376-smart-contract-insight-bridgerouterreceivemessage-allows-message-replay)
* [Boost \_ Folks Finance 33441 - \[Smart Contract - Insight\] Protocol uses Pyth to fetch price which is a pull based oracle and requires price updates to be pushed by the user which is not taken care off](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33441-smart-contract-insight-protocol-uses-pyth-to-fetch-price-which-is-a-pull)
* [Boost \_ Folks Finance 33526 - \[Smart Contract - Insight\] Need to check returnAdapterId](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33526-smart-contract-insight-need-to-check-returnadapterid)
* [Boost \_ Folks Finance 33588 - \[Smart Contract - Insight\] The liquidator can make the protocol incur bad debt by partially liquidating the position](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33588-smart-contract-insight-the-liquidator-can-make-the-protocol-incur-bad-de)
* [Boost \_ Folks Finance 33644 - \[Smart Contract - Insight\] Insufficient msgvalue validation for Wormhole adapters will lead to Wormhole cross-chain messages being reverted](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33644-smart-contract-insight-insufficient-msgvalue-validation-for-wormhole-ada)
* [Boost \_ Folks Finance 33652 - \[Smart Contract - Insight\] BridgeRouters Unprotected Reversal Function Compromises User Control](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33652-smart-contract-insight-bridgerouters-unprotected-reversal-function-compr)
* [Boost \_ Folks Finance 33670 - \[Smart Contract - Insight\] Violator can deny his liquidation by front running it and changing the loan borrow type](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33670-smart-contract-insight-violator-can-deny-his-liquidation-by-front-runnin)
* [Boost \_ Folks Finance 33713 - \[Smart Contract - Insight\] Some transactions can revert when nodetype is PriceDeviationSameOracleCircuitBreakerNode](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33713-smart-contract-insight-some-transactions-can-revert-when-nodetype-is-pri)
* [Boost \_ Folks Finance 33746 - \[Smart Contract - Insight\] Rounding down to zero leads to liquidate function will be halted with Panic error](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33746-smart-contract-insight-rounding-down-to-zero-leads-to-liquidate-function)
* [Boost \_ Folks Finance 33852 - \[Smart Contract - Insight\] Small positions will not get liquidated](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33852-smart-contract-insight-small-positions-will-not-get-liquidated)
* [Boost \_ Folks Finance 33935 - \[Smart Contract - Insight\] Liquidations dont ensure the violator loan becomes healthy afterwards](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33935-smart-contract-insight-liquidations-dont-ensure-the-violator-loan-become)
* [Boost \_ Folks Finance 34183 - \[Smart Contract - Insight\] rebalanceUp could be used to lower the userLoanstableInterestRates in certain conditions](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34183-smart-contract-insight-rebalanceup-could-be-used-to-lower-the-userloanst)
* [Boost \_ Folks Finance 34188 - \[Smart Contract - Insight\] BridgeRouterHub can add address adapter](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34188-smart-contract-insight-bridgerouterhub-can-add-address-adapter)
## Reports by Type
[Smart Contract](#smart-contract)
Smart Contract
* [Boost \_ Folks Finance 33258 - \[Smart Contract - Insight\] Usage of floating pragma](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33258-smart-contract-insight-usage-of-floating-pragma)
* [Boost \_ Folks Finance 33269 - \[Smart Contract - Critical\] Logic flaw in UserLoanincreaseCollateral leads to double-counting of effectiveCollateral of userLoan](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33269-smart-contract-critical-logic-flaw-in-userloanincreasecollateral-leads-t)
* [Boost \_ Folks Finance 33272 - \[Smart Contract - Medium\] FrontRunning Attack on createAccount](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33272-smart-contract-medium-frontrunning-attack-on-createaccount)
* [Boost \_ Folks Finance 33280 - \[Smart Contract - Low\] NodeManagersupportsInterface doesnt follow EIP-](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33280-smart-contract-low-nodemanagersupportsinterface-doesnt-follow-eip)
* [Boost \_ Folks Finance 33311 - \[Smart Contract - Critical\] Infinite Interest rate bug](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33311-smart-contract-critical-infinite-interest-rate-bug)
* [Boost \_ Folks Finance 33353 - \[Smart Contract - Low\] Incorrect implementation of Time-Weighted Average Price for a Chainlink feed will lead to Incorrect Liquidation amount and breaks multiple price consumption based function](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33353-smart-contract-low-incorrect-implementation-of-time-weighted-average-pri)
* [Boost \_ Folks Finance 33356 - \[Smart Contract - Low\] All data in \_userLoans mapping will not be deleted after calling deleteUserLoan](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33356-smart-contract-low-all-data-in-_userloans-mapping-will-not-be-deleted-af)
* [Boost \_ Folks Finance 33376 - \[Smart Contract - Insight\] BridgeRouterreceiveMessage Allows Message Replay Across Different Adapters](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33376-smart-contract-insight-bridgerouterreceivemessage-allows-message-replay)
* [Boost \_ Folks Finance 33441 - \[Smart Contract - Insight\] Protocol uses Pyth to fetch price which is a pull based oracle and requires price updates to be pushed by the user which is not taken care off](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33441-smart-contract-insight-protocol-uses-pyth-to-fetch-price-which-is-a-pull)
* [Boost \_ Folks Finance 33443 - \[Smart Contract - Low\] StalenessCircuitBreakerNode checks if the last update time of the parent node is less than the threshold but the publicTime could be greater than current blocktimestamp](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33443-smart-contract-low-stalenesscircuitbreakernode-checks-if-the-last-update)
* [Boost \_ Folks Finance 33454 - \[Smart Contract - Low\] unsafe casting will lead to break of PythNode Oracle](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33454-smart-contract-low-unsafe-casting-will-lead-to-break-of-pythnode-oracle)
* [Boost \_ Folks Finance 33526 - \[Smart Contract - Insight\] Need to check returnAdapterId](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33526-smart-contract-insight-need-to-check-returnadapterid)
* [Boost \_ Folks Finance 33533 - \[Smart Contract - Critical\] depositDatainterestRate is not correct](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33533-smart-contract-critical-depositdatainterestrate-is-not-correct)
* [Boost \_ Folks Finance 33534 - \[Smart Contract - Medium\] denial of service vulnerability and possible griefing in cross-chain account creation](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33534-smart-contract-medium-denial-of-service-vulnerability-and-possible-grief)
* [Boost \_ Folks Finance 33540 - \[Smart Contract - Low\] ChainlinkNode uses cached decimals in the calculation instead of fresh one](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33540-smart-contract-low-chainlinknode-uses-cached-decimals-in-the-calculation)
* [Boost \_ Folks Finance 33542 - \[Smart Contract - Medium\] Attacker can create loan before users tx is completed through bridge](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33542-smart-contract-medium-attacker-can-create-loan-before-users-tx-is-comple)
* [Boost \_ Folks Finance 33546 - \[Smart Contract - Medium\] Adversaries can manipulate victims stable rate to remain excessively high via flashloan](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33546-smart-contract-medium-adversaries-can-manipulate-victims-stable-rate-to)
* [Boost \_ Folks Finance 33566 - \[Smart Contract - Low\] RepayWithCollateral will almost always fail in partial repayment](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33566-smart-contract-low-repaywithcollateral-will-almost-always-fail-in-partia)
* [Boost \_ Folks Finance 33568 - \[Smart Contract - Medium\] Front-running vulnerability in cross-chain loan creation process could lead in funds loss for users](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33568-smart-contract-medium-front-running-vulnerability-in-cross-chain-loan-cr)
* [Boost \_ Folks Finance 33588 - \[Smart Contract - Insight\] The liquidator can make the protocol incur bad debt by partially liquidating the position](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33588-smart-contract-insight-the-liquidator-can-make-the-protocol-incur-bad-de)
* [Boost \_ Folks Finance 33589 - \[Smart Contract - Medium\] Anyone can call the BridgeRouter Recieve function with malicious data to transfer funds](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33589-smart-contract-medium-anyone-can-call-the-bridgerouter-recieve-function)
* [Boost \_ Folks Finance 33596 - \[Smart Contract - Low\] Incorrect rounding direction in HubPoolLogicupdateWithRepayWithCollateral can lead to accounting error of total token amount in HubPool](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33596-smart-contract-low-incorrect-rounding-direction-in-hubpoollogicupdatewit)
* [Boost \_ Folks Finance 33609 - \[Smart Contract - Medium\] Account creation can be frontrun making the users unable to create an account](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33609-smart-contract-medium-account-creation-can-be-frontrun-making-the-users)
* [Boost \_ Folks Finance 33611 - \[Smart Contract - Medium\] Adversary can perform a DoS on users createLoan and createLoanAndDeposit operation sent from Spoke chain](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33611-smart-contract-medium-adversary-can-perform-a-dos-on-users-createloan-an)
* [Boost \_ Folks Finance 33614 - \[Smart Contract - Medium\] Front-Running Vulnerability in createAccount Method](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33614-smart-contract-medium-front-running-vulnerability-in-createaccount-metho)
* [Boost \_ Folks Finance 33630 - \[Smart Contract - High\] Incorrect calculation of loanBorrowbalance](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33630-smart-contract-high-incorrect-calculation-of-loanborrowbalance)
* [Boost \_ Folks Finance 33631 - \[Smart Contract - Low\] Wrong implementation of chainLink getTwapPrice Can lead to wrong price or latest price being used](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33631-smart-contract-low-wrong-implementation-of-chainlink-gettwapprice-can-le)
* [Boost \_ Folks Finance 33643 - \[Smart Contract - Low\] PriceFeed from PythNode will always revert for some pools](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33643-smart-contract-low-pricefeed-from-pythnode-will-always-revert-for-some-p)
* [Boost \_ Folks Finance 33644 - \[Smart Contract - Insight\] Insufficient msgvalue validation for Wormhole adapters will lead to Wormhole cross-chain messages being reverted](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33644-smart-contract-insight-insufficient-msgvalue-validation-for-wormhole-ada)
* [Boost \_ Folks Finance 33645 - \[Smart Contract - Medium\] Griefing an user from creating an account](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33645-smart-contract-medium-griefing-an-user-from-creating-an-account)
* [Boost \_ Folks Finance 33652 - \[Smart Contract - Insight\] BridgeRouters Unprotected Reversal Function Compromises User Control](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33652-smart-contract-insight-bridgerouters-unprotected-reversal-function-compr)
* [Boost \_ Folks Finance 33665 - \[Smart Contract - Critical\] Collateral Inflation Exploit via Zero-Amount Deposits Allows An Attacker to Drain Any Pool](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33665-smart-contract-critical-collateral-inflation-exploit-via-zero-amount-dep)
* [Boost \_ Folks Finance 33670 - \[Smart Contract - Insight\] Violator can deny his liquidation by front running it and changing the loan borrow type](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33670-smart-contract-insight-violator-can-deny-his-liquidation-by-front-runnin)
* [Boost \_ Folks Finance 33675 - \[Smart Contract - Low\] PythNodeprocess can revert because of incorrect casting](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33675-smart-contract-low-pythnodeprocess-can-revert-because-of-incorrect-casti)
* [Boost \_ Folks Finance 33684 - \[Smart Contract - Critical\] Lack of available liquidity check when sending token back from Hub leads to first deposit and inflation attack](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33684-smart-contract-critical-lack-of-available-liquidity-check-when-sending-t)
* [Boost \_ Folks Finance 33687 - \[Smart Contract - Medium\] Loan creation can be frontrun preventing the users from creating loans](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33687-smart-contract-medium-loan-creation-can-be-frontrun-preventing-the-users)
* [Boost \_ Folks Finance 33694 - \[Smart Contract - Medium\] stableBorrowRates are manipulatable through flashloan attacks](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33694-smart-contract-medium-stableborrowrates-are-manipulatable-through-flashl)
* [Boost \_ Folks Finance 33695 - \[Smart Contract - Critical\] Attacker can borrow more than the collateral deposit](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33695-smart-contract-critical-attacker-can-borrow-more-than-the-collateral-dep)
* [Boost \_ Folks Finance 33713 - \[Smart Contract - Insight\] Some transactions can revert when nodetype is PriceDeviationSameOracleCircuitBreakerNode](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33713-smart-contract-insight-some-transactions-can-revert-when-nodetype-is-pri)
* [Boost \_ Folks Finance 33746 - \[Smart Contract - Insight\] Rounding down to zero leads to liquidate function will be halted with Panic error](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33746-smart-contract-insight-rounding-down-to-zero-leads-to-liquidate-function)
* [Boost \_ Folks Finance 33778 - \[Smart Contract - Medium\] The loan creation process can be griefed](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33778-smart-contract-medium-the-loan-creation-process-can-be-griefed)
* [Boost \_ Folks Finance 33779 - \[Smart Contract - Medium\] The account creation process can be griefed](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33779-smart-contract-medium-the-account-creation-process-can-be-griefed)
* [Boost \_ Folks Finance 33780 - \[Smart Contract - Critical\] Zero deposits can be used to artificially inflate a users collateral value allowing them to borrow excess funds](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33780-smart-contract-critical-zero-deposits-can-be-used-to-artificially-inflat)
* [Boost \_ Folks Finance 33787 - \[Smart Contract - Low\] Function PythNodeprocess doesnt handle correctly PRECISION pythDataexpo](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33787-smart-contract-low-function-pythnodeprocess-doesnt-handle-correctly-prec)
* [Boost \_ Folks Finance 33807 - \[Smart Contract - Low\] updateInterestRate uses incorrect reference of borrow interest rate to calculate deposit interest can lead to the loss of lenders unclaimed yield](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33807-smart-contract-low-updateinterestrate-uses-incorrect-reference-of-borrow)
* [Boost \_ Folks Finance 33816 - \[Smart Contract - Critical\] Attacker can get unlimited loan for some minimum deposit due to the incorrect calculation of user health in getLoanLiquidity](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33816-smart-contract-critical-attacker-can-get-unlimited-loan-for-some-minimum)
* [Boost \_ Folks Finance 33817 - \[Smart Contract - High\] Incorrect calculation of effective borrow value in getLoanLiquidity leads to protocol insolvency through wrong withdrawals and liquidations](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33817-smart-contract-high-incorrect-calculation-of-effective-borrow-value-in-g)
* [Boost \_ Folks Finance 33852 - \[Smart Contract - Insight\] Small positions will not get liquidated](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33852-smart-contract-insight-small-positions-will-not-get-liquidated)
* [Boost \_ Folks Finance 33869 - \[Smart Contract - Medium\] loanIds are easy to reproduce and front-running enable malicious parties to lock user funds](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33869-smart-contract-medium-loanids-are-easy-to-reproduce-and-front-running-en)
* [Boost \_ Folks Finance 33870 - \[Smart Contract - Low\] convToRepayBorrowAmount calculation is incorrect causing liquidators to repay extra instead of receiving a bonus](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33870-smart-contract-low-convtorepayborrowamount-calculation-is-incorrect-caus)
* [Boost \_ Folks Finance 33880 - \[Smart Contract - Medium\] Front-Running Vulnerability in createUserLoan Method](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33880-smart-contract-medium-front-running-vulnerability-in-createuserloan-meth)
* [Boost \_ Folks Finance 33885 - \[Smart Contract - Low\] Incorrect prices will be returned if the NodeType is PRICE\_DEVIATION\_CIRCUIT\_BREAKER](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33885-smart-contract-low-incorrect-prices-will-be-returned-if-the-nodetype-is)
* [Boost \_ Folks Finance 33893 - \[Smart Contract - Medium\] Malicious users can DoS loan creations and deposits causing temporary funds freezing and additional costs incurred for message reversals](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33893-smart-contract-medium-malicious-users-can-dos-loan-creations-and-deposit)
* [Boost \_ Folks Finance 33923 - \[Smart Contract - Low\] Function HubPoolLogicupdateWithWithdraw doesnt round up in favour of protocol if isFAmount false](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33923-smart-contract-low-function-hubpoollogicupdatewithwithdraw-doesnt-round)
* [Boost \_ Folks Finance 33935 - \[Smart Contract - Insight\] Liquidations dont ensure the violator loan becomes healthy afterwards](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33935-smart-contract-insight-liquidations-dont-ensure-the-violator-loan-become)
* [Boost \_ Folks Finance 33947 - \[Smart Contract - Low\] During liquidations when borrowToRepay collateral the liquidator pays more borrowAmount than they should and receives no bonus](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33947-smart-contract-low-during-liquidations-when-borrowtorepay-collateral-the)
* [Boost \_ Folks Finance 33950 - \[Smart Contract - Low\] pythnode oracle unexpected revert](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33950-smart-contract-low-pythnode-oracle-unexpected-revert)
* [Boost \_ Folks Finance 33953 - \[Smart Contract - Low\] Calling process function will not revert even if two oracle nodes of the same type are used](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33953-smart-contract-low-calling-process-function-will-not-revert-even-if-two)
* [Boost \_ Folks Finance 33970 - \[Smart Contract - Medium\] User deposits can be blocked](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33970-smart-contract-medium-user-deposits-can-be-blocked)
* [Boost \_ Folks Finance 33978 - \[Smart Contract - Critical\] Attacker can Inflate effectiveCollateralValue](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33978-smart-contract-critical-attacker-can-inflate-effectivecollateralvalue)
* [Boost \_ Folks Finance 33981 - \[Smart Contract - Low\] The PythNode library process function implementation does not account for pythDataexpo being greater than PRECISION](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33981-smart-contract-low-the-pythnode-library-process-function-implementation)
* [Boost \_ Folks Finance 33987 - \[Smart Contract - Medium\] Incorrect access control in receiveMessage leads to total loss of funds](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-33987-smart-contract-medium-incorrect-access-control-in-receivemessage-leads-t)
* [Boost \_ Folks Finance 34025 - \[Smart Contract - Medium\] Malicious user can DoS the creation of every account at no cost by front running it with the same accountId](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34025-smart-contract-medium-malicious-user-can-dos-the-creation-of-every-accou)
* [Boost \_ Folks Finance 34028 - \[Smart Contract - Medium\] Denial of Service DoS vulnerability in UserLoan creation due to front-running attack](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34028-smart-contract-medium-denial-of-service-dos-vulnerability-in-userloan-cr)
* [Boost \_ Folks Finance 34029 - \[Smart Contract - Medium\] Contract fails to mitigate potential critical state where anyone can call BridgeRouterHubreceiveMessage directly](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34029-smart-contract-medium-contract-fails-to-mitigate-potential-critical-stat)
* [Boost \_ Folks Finance 34030 - \[Smart Contract - Low\] Incorrect rounding down in HubPoolLogicupdateWithWithdraw when users withdraw using underlying amount](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34030-smart-contract-low-incorrect-rounding-down-in-hubpoollogicupdatewithwith)
* [Boost \_ Folks Finance 34047 - \[Smart Contract - Low\] Adversaries can create a position that is nearly impossible to liquidate due to high gas consumption](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34047-smart-contract-low-adversaries-can-create-a-position-that-is-nearly-impo)
* [Boost \_ Folks Finance 34050 - \[Smart Contract - High\] Vulnerability in getLoanLiquidity leads to undervaluing stable debt](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34050-smart-contract-high-vulnerability-in-getloanliquidity-leads-to-undervalu)
* [Boost \_ Folks Finance 34052 - \[Smart Contract - Low\] withdraw doesnt round in favour of protocol for isFamountFalse](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34052-smart-contract-low-withdraw-doesnt-round-in-favour-of-protocol-for-isfam)
* [Boost \_ Folks Finance 34054 - \[Smart Contract - Low\] In liquidation loanPoolcollateralUsed doesnt get reduced by collateralSeizedreserveAmount](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34054-smart-contract-low-in-liquidation-loanpoolcollateralused-doesnt-get-redu)
* [Boost \_ Folks Finance 34066 - \[Smart Contract - Medium\] Account Creation Front-Running Vulnerability Leading to Gas Fee Theft](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34066-smart-contract-medium-account-creation-front-running-vulnerability-leadi)
* [Boost \_ Folks Finance 34069 - \[Smart Contract - Low\] repayWithCollateral may revert when repay samll amount token](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34069-smart-contract-low-repaywithcollateral-may-revert-when-repay-samll-amoun)
* [Boost \_ Folks Finance 34074 - \[Smart Contract - Critical\] Hub missing check for available liquidity could lead to locked fund and utilization ratio exceeding](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34074-smart-contract-critical-hub-missing-check-for-available-liquidity-could)
* [Boost \_ Folks Finance 34076 - \[Smart Contract - Low\] Wrong way of deriving message keys using destination chains CCTP domain id](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34076-smart-contract-low-wrong-way-of-deriving-message-keys-using-destination)
* [Boost \_ Folks Finance 34085 - \[Smart Contract - Low\] partial repayment with collaterals will revert due to underflow](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34085-smart-contract-low-partial-repayment-with-collaterals-will-revert-due-to)
* [Boost \_ Folks Finance 34122 - \[Smart Contract - High\] Wrong borrow balance calculation in the getLoanLiquidity function](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34122-smart-contract-high-wrong-borrow-balance-calculation-in-the-getloanliqui)
* [Boost \_ Folks Finance 34124 - \[Smart Contract - Low\] Smart contract cannot be accessed during the normal liquidation process that involves fully acquiring the borrowers balance](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34124-smart-contract-low-smart-contract-cannot-be-accessed-during-the-normal-l)
* [Boost \_ Folks Finance 34127 - \[Smart Contract - Low\] Liquidator gets more debt than usual](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34127-smart-contract-low-liquidator-gets-more-debt-than-usual)
* [Boost \_ Folks Finance 34132 - \[Smart Contract - Low\] Liquidation bonus incorrectly inflates repayBorrowAmount instead of seizeUnderlyingCollateralAmount leading to wrong liquidations](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34132-smart-contract-low-liquidation-bonus-incorrectly-inflates-repayborrowamo)
* [Boost \_ Folks Finance 34148 - \[Smart Contract - Low\] Full liquidations will fail for certain unhealthy positions](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34148-smart-contract-low-full-liquidations-will-fail-for-certain-unhealthy-pos)
* [Boost \_ Folks Finance 34150 - \[Smart Contract - Low\] Failed messages never expire and can be replayed by anyone potentially allowing users to be griefed](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34150-smart-contract-low-failed-messages-never-expire-and-can-be-replayed-by-a)
* [Boost \_ Folks Finance 34153 - \[Smart Contract - Low\] TWAP query by chainlink is wrong according to chainlink docs](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34153-smart-contract-low-twap-query-by-chainlink-is-wrong-according-to-chainli)
* [Boost \_ Folks Finance 34158 - \[Smart Contract - Low\] NodeManagersupportsInterface returns false for typeIERCinterfaceId](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34158-smart-contract-low-nodemanagersupportsinterface-returns-false-for-typeie)
* [Boost \_ Folks Finance 34161 - \[Smart Contract - Medium\] Denial of Service via Front-Running in Loan Creation Mechanism](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34161-smart-contract-medium-denial-of-service-via-front-running-in-loan-creati)
* [Boost \_ Folks Finance 34169 - \[Smart Contract - Low\] Potential revert in PythNode library due to incorrect use of SafeCast toUint](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34169-smart-contract-low-potential-revert-in-pythnode-library-due-to-incorrect)
* [Boost \_ Folks Finance 34174 - \[Smart Contract - Low\] Bug in liquidation logic leads to stealing funds from liquidatorsunprofitable liquidations](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34174-smart-contract-low-bug-in-liquidation-logic-leads-to-stealing-funds-from)
* [Boost \_ Folks Finance 34179 - \[Smart Contract - High\] Incorrect Updates to pooldepositDatatotalAmount and loancollateralUsed During Repayment with Collateral](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34179-smart-contract-high-incorrect-updates-to-pooldepositdatatotalamount-and)
* [Boost \_ Folks Finance 34183 - \[Smart Contract - Insight\] rebalanceUp could be used to lower the userLoanstableInterestRates in certain conditions](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34183-smart-contract-insight-rebalanceup-could-be-used-to-lower-the-userloanst)
* [Boost \_ Folks Finance 34188 - \[Smart Contract - Insight\] BridgeRouterHub can add address adapter](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34188-smart-contract-insight-bridgerouterhub-can-add-address-adapter)
* [Boost \_ Folks Finance 34190 - \[Smart Contract - Critical\] Liquidated users can mix and manipulate stable and variable borrowings through exploitative liquidation process](https://reports.immunefi.com/folks-finance/boost-_-folks-finance-34190-smart-contract-critical-liquidated-users-can-mix-and-manipulate-stable-a)
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://reports.immunefi.com/folks-finance.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.