Paradex | IOP

#47198 [SC-Critical] The operator can perform unauthorized fund transfers.

#47370 [SC-Critical] `account_transfer_partial` should not be enabled when `transfer_registry_address` is not configured.

#46843 [SC-Critical] Bypass of Restrictions When Paraclear_transfer_registry Is Unregistered

#46892 [SC-High] small deposits could prevent users from withdrawing their funds

#46888 [SC-High] account_transfer_partial: lack of input validation when working with signed integers

#46997 [SC-Medium] The vault performs an unsafe conversion on the getAccountValue result.

#47309 [SC-Medium] Type mishandling allows for users to withdraw FAST from vault instead of STANDARD

#47314 [SC-Medium] account_transfer_partial(...) function doesn't check sender's health after transferring balances

#47310 [SC-Medium] Integer to Felt conversion completely ruins the Vaults accounting

#46856 [SC-Medium] The calculation of shares obtained through token trades will be incorrect, causing users to pay excessive yield fees.

#47316 [SC-Low] account_transfer_partial(...) function doesn't check that receiver has a registered account in the system

#47317 [SC-Low] Transfer function only allows collateral transfers from free balance but can be bypassed

#47330 [SC-Low] The fee calculation in `settle_market` is unreasonable.

#47351 [SC-Low] Funds get stuck in the bridge if attempted to be deposited into a restricted address

#46942 [SC-Low] set_perpetual_asset_balance_link - there is no cycle checks

#46639 [SC-Low] The `_settlement_fee_payments` function contains a calculation error that leads to abnormal user balances.

#46839 [SC-Low] `max_withdraw` and `max_withdraw` do not fully consider global restrictions.

#46867 [SC-Insight] The `is_liquidation` field in `transfer_internal` is not properly differentiated.

#47257 [SC-Insight] Lack of position quantity limit for a single account.

#46960 [SC-Insight] trade order sizes are not validated properly

#46989 [SC-Insight] Invalid trade side check

#46910 [SC-Insight] Token Balance Event Data Inconsistency in Position Transfers

#47291 [SC-Insight] Serveal bugs in function set_prices_and_funding_snapshot

#47295 [SC-Insight] Configurator Can Manipulate Critical Parameters to Force Mass Liquidations and Drain Protocol Funds

#47313 [SC-Insight] Transfer(...) function doesn't account for current USDC price

#47318 [SC-Insight] If the counterparty happens to be their own referrer, the protocol does not take the referral fee into account during the risk check.

#47377 [SC-Insight] No Restriction on Self Transfer

#47380 [SC-Insight] Incorrect token_assets_value in AccountLiquidated Event

#46570 [SC-Insight] account list DoS issue

#46747 [SC-Insight] Self-Referral Vulnerability in Account Referral System

#46675 [SC-Insight] Insufficient Time Validation in function settle_trade_v2

#46676 [SC-Insight] Unrestricted Minimum Lockup Period

#47299 [SC-Insight] The `is_risky` check is improper.

#46611 [SC-Insight] Missing staleness checks in oracle queries

#46997 [SC-Medium] The vault performs an unsafe conversion on the getAccountValue result.

#46867 [SC-Insight] The `is_liquidation` field in `transfer_internal` is not properly differentiated.

#47257 [SC-Insight] Lack of position quantity limit for a single account.

#46892 [SC-High] small deposits could prevent users from withdrawing their funds

#47198 [SC-Critical] The operator can perform unauthorized fund transfers.

#46960 [SC-Insight] trade order sizes are not validated properly

#46989 [SC-Insight] Invalid trade side check

#46910 [SC-Insight] Token Balance Event Data Inconsistency in Position Transfers

#47291 [SC-Insight] Serveal bugs in function set_prices_and_funding_snapshot

#47295 [SC-Insight] Configurator Can Manipulate Critical Parameters to Force Mass Liquidations and Drain Protocol Funds

#47309 [SC-Medium] Type mishandling allows for users to withdraw FAST from vault instead of STANDARD

#47313 [SC-Insight] Transfer(...) function doesn't account for current USDC price

#47314 [SC-Medium] account_transfer_partial(...) function doesn't check sender's health after transferring balances

#47316 [SC-Low] account_transfer_partial(...) function doesn't check that receiver has a registered account in the system

#47317 [SC-Low] Transfer function only allows collateral transfers from free balance but can be bypassed

#47318 [SC-Insight] If the counterparty happens to be their own referrer, the protocol does not take the referral fee into account during the risk check.

#47330 [SC-Low] The fee calculation in `settle_market` is unreasonable.

#47351 [SC-Low] Funds get stuck in the bridge if attempted to be deposited into a restricted address

#47370 [SC-Critical] `account_transfer_partial` should not be enabled when `transfer_registry_address` is not configured.

#47377 [SC-Insight] No Restriction on Self Transfer

#47380 [SC-Insight] Incorrect token_assets_value in AccountLiquidated Event

#46570 [SC-Insight] account list DoS issue

#46888 [SC-High] account_transfer_partial: lack of input validation when working with signed integers

#46747 [SC-Insight] Self-Referral Vulnerability in Account Referral System

#47310 [SC-Medium] Integer to Felt conversion completely ruins the Vaults accounting

#46675 [SC-Insight] Insufficient Time Validation in function settle_trade_v2

#46676 [SC-Insight] Unrestricted Minimum Lockup Period

#46942 [SC-Low] set_perpetual_asset_balance_link - there is no cycle checks

#46639 [SC-Low] The `_settlement_fee_payments` function contains a calculation error that leads to abnormal user balances.

#47299 [SC-Insight] The `is_risky` check is improper.

#46839 [SC-Low] `max_withdraw` and `max_withdraw` do not fully consider global restrictions.

#46611 [SC-Insight] Missing staleness checks in oracle queries

#46843 [SC-Critical] Bypass of Restrictions When Paraclear_transfer_registry Is Unregistered

#46856 [SC-Medium] The calculation of shares obtained through token trades will be incorrect, causing users to pay excessive yield fees.