README.md

Folks Finance

Reports by Severity

Critical | High | Medium | Low | Insight

Critical

• Boost _ Folks Finance 33269 - [Smart Contract - Critical] Logic flaw in UserLoanincreaseCollateral leads to double-counting of effectiveCollateral of userLoan
• Boost _ Folks Finance 33311 - [Smart Contract - Critical] Infinite Interest rate bug
• Boost _ Folks Finance 33533 - [Smart Contract - Critical] depositDatainterestRate is not correct
• Boost _ Folks Finance 33665 - [Smart Contract - Critical] Collateral Inflation Exploit via Zero-Amount Deposits Allows An Attacker to Drain Any Pool
• Boost _ Folks Finance 33684 - [Smart Contract - Critical] Lack of available liquidity check when sending token back from Hub leads to first deposit and inflation attack
• Boost _ Folks Finance 33695 - [Smart Contract - Critical] Attacker can borrow more than the collateral deposit
• Boost _ Folks Finance 33780 - [Smart Contract - Critical] Zero deposits can be used to artificially inflate a users collateral value allowing them to borrow excess funds
• Boost _ Folks Finance 33816 - [Smart Contract - Critical] Attacker can get unlimited loan for some minimum deposit due to the incorrect calculation of user health in getLoanLiquidity
• Boost _ Folks Finance 33978 - [Smart Contract - Critical] Attacker can Inflate effectiveCollateralValue
• Boost _ Folks Finance 34074 - [Smart Contract - Critical] Hub missing check for available liquidity could lead to locked fund and utilization ratio exceeding
• Boost _ Folks Finance 34190 - [Smart Contract - Critical] Liquidated users can mix and manipulate stable and variable borrowings through exploitative liquidation process

High

• Boost _ Folks Finance 33630 - [Smart Contract - High] Incorrect calculation of loanBorrowbalance
• Boost _ Folks Finance 33817 - [Smart Contract - High] Incorrect calculation of effective borrow value in getLoanLiquidity leads to protocol insolvency through wrong withdrawals and liquidations
• Boost _ Folks Finance 34050 - [Smart Contract - High] Vulnerability in getLoanLiquidity leads to undervaluing stable debt
• Boost _ Folks Finance 34122 - [Smart Contract - High] Wrong borrow balance calculation in the getLoanLiquidity function
• Boost _ Folks Finance 34179 - [Smart Contract - High] Incorrect Updates to pooldepositDatatotalAmount and loancollateralUsed During Repayment with Collateral

Medium

• Boost _ Folks Finance 33272 - [Smart Contract - Medium] FrontRunning Attack on createAccount
• Boost _ Folks Finance 33534 - [Smart Contract - Medium] denial of service vulnerability and possible griefing in cross-chain account creation
• Boost _ Folks Finance 33542 - [Smart Contract - Medium] Attacker can create loan before users tx is completed through bridge
• Boost _ Folks Finance 33546 - [Smart Contract - Medium] Adversaries can manipulate victims stable rate to remain excessively high via flashloan
• Boost _ Folks Finance 33568 - [Smart Contract - Medium] Front-running vulnerability in cross-chain loan creation process could lead in funds loss for users
• Boost _ Folks Finance 33589 - [Smart Contract - Medium] Anyone can call the BridgeRouter Recieve function with malicious data to transfer funds
• Boost _ Folks Finance 33609 - [Smart Contract - Medium] Account creation can be frontrun making the users unable to create an account
• Boost _ Folks Finance 33611 - [Smart Contract - Medium] Adversary can perform a DoS on users createLoan and createLoanAndDeposit operation sent from Spoke chain
• Boost _ Folks Finance 33614 - [Smart Contract - Medium] Front-Running Vulnerability in createAccount Method
• Boost _ Folks Finance 33645 - [Smart Contract - Medium] Griefing an user from creating an account
• Boost _ Folks Finance 33687 - [Smart Contract - Medium] Loan creation can be frontrun preventing the users from creating loans
• Boost _ Folks Finance 33694 - [Smart Contract - Medium] stableBorrowRates are manipulatable through flashloan attacks
• Boost _ Folks Finance 33778 - [Smart Contract - Medium] The loan creation process can be griefed
• Boost _ Folks Finance 33779 - [Smart Contract - Medium] The account creation process can be griefed
• Boost _ Folks Finance 33869 - [Smart Contract - Medium] loanIds are easy to reproduce and front-running enable malicious parties to lock user funds
• Boost _ Folks Finance 33880 - [Smart Contract - Medium] Front-Running Vulnerability in createUserLoan Method
• Boost _ Folks Finance 33893 - [Smart Contract - Medium] Malicious users can DoS loan creations and deposits causing temporary funds freezing and additional costs incurred for message reversals
• Boost _ Folks Finance 33970 - [Smart Contract - Medium] User deposits can be blocked
• Boost _ Folks Finance 33987 - [Smart Contract - Medium] Incorrect access control in receiveMessage leads to total loss of funds
• Boost _ Folks Finance 34025 - [Smart Contract - Medium] Malicious user can DoS the creation of every account at no cost by front running it with the same accountId
• Boost _ Folks Finance 34028 - [Smart Contract - Medium] Denial of Service DoS vulnerability in UserLoan creation due to front-running attack
• Boost _ Folks Finance 34029 - [Smart Contract - Medium] Contract fails to mitigate potential critical state where anyone can call BridgeRouterHubreceiveMessage directly
• Boost _ Folks Finance 34066 - [Smart Contract - Medium] Account Creation Front-Running Vulnerability Leading to Gas Fee Theft
• Boost _ Folks Finance 34161 - [Smart Contract - Medium] Denial of Service via Front-Running in Loan Creation Mechanism

Low

• Boost _ Folks Finance 33280 - [Smart Contract - Low] NodeManagersupportsInterface doesnt follow EIP-
• Boost _ Folks Finance 33353 - [Smart Contract - Low] Incorrect implementation of Time-Weighted Average Price for a Chainlink feed will lead to Incorrect Liquidation amount and breaks multiple price consumption based function
• Boost _ Folks Finance 33356 - [Smart Contract - Low] All data in _userLoans mapping will not be deleted after calling deleteUserLoan
• Boost _ Folks Finance 33443 - [Smart Contract - Low] StalenessCircuitBreakerNode checks if the last update time of the parent node is less than the threshold but the publicTime could be greater than current blocktimestamp
• Boost _ Folks Finance 33454 - [Smart Contract - Low] unsafe casting will lead to break of PythNode Oracle
• Boost _ Folks Finance 33540 - [Smart Contract - Low] ChainlinkNode uses cached decimals in the calculation instead of fresh one
• Boost _ Folks Finance 33566 - [Smart Contract - Low] RepayWithCollateral will almost always fail in partial repayment
• Boost _ Folks Finance 33596 - [Smart Contract - Low] Incorrect rounding direction in HubPoolLogicupdateWithRepayWithCollateral can lead to accounting error of total token amount in HubPool
• Boost _ Folks Finance 33631 - [Smart Contract - Low] Wrong implementation of chainLink getTwapPrice Can lead to wrong price or latest price being used
• Boost _ Folks Finance 33643 - [Smart Contract - Low] PriceFeed from PythNode will always revert for some pools
• Boost _ Folks Finance 33675 - [Smart Contract - Low] PythNodeprocess can revert because of incorrect casting
• Boost _ Folks Finance 33787 - [Smart Contract - Low] Function PythNodeprocess doesnt handle correctly PRECISION pythDataexpo
• Boost _ Folks Finance 33807 - [Smart Contract - Low] updateInterestRate uses incorrect reference of borrow interest rate to calculate deposit interest can lead to the loss of lenders unclaimed yield
• Boost _ Folks Finance 33870 - [Smart Contract - Low] convToRepayBorrowAmount calculation is incorrect causing liquidators to repay extra instead of receiving a bonus
• Boost _ Folks Finance 33885 - [Smart Contract - Low] Incorrect prices will be returned if the NodeType is PRICE_DEVIATION_CIRCUIT_BREAKER
• Boost _ Folks Finance 33923 - [Smart Contract - Low] Function HubPoolLogicupdateWithWithdraw doesnt round up in favour of protocol if isFAmount false
• Boost _ Folks Finance 33947 - [Smart Contract - Low] During liquidations when borrowToRepay collateral the liquidator pays more borrowAmount than they should and receives no bonus
• Boost _ Folks Finance 33950 - [Smart Contract - Low] pythnode oracle unexpected revert
• Boost _ Folks Finance 33953 - [Smart Contract - Low] Calling process function will not revert even if two oracle nodes of the same type are used
• Boost _ Folks Finance 33981 - [Smart Contract - Low] The PythNode library process function implementation does not account for pythDataexpo being greater than PRECISION
• Boost _ Folks Finance 34030 - [Smart Contract - Low] Incorrect rounding down in HubPoolLogicupdateWithWithdraw when users withdraw using underlying amount
• Boost _ Folks Finance 34047 - [Smart Contract - Low] Adversaries can create a position that is nearly impossible to liquidate due to high gas consumption
• Boost _ Folks Finance 34052 - [Smart Contract - Low] withdraw doesnt round in favour of protocol for isFamountFalse
• Boost _ Folks Finance 34054 - [Smart Contract - Low] In liquidation loanPoolcollateralUsed doesnt get reduced by collateralSeizedreserveAmount
• Boost _ Folks Finance 34069 - [Smart Contract - Low] repayWithCollateral may revert when repay samll amount token
• Boost _ Folks Finance 34076 - [Smart Contract - Low] Wrong way of deriving message keys using destination chains CCTP domain id
• Boost _ Folks Finance 34085 - [Smart Contract - Low] partial repayment with collaterals will revert due to underflow
• Boost _ Folks Finance 34124 - [Smart Contract - Low] Smart contract cannot be accessed during the normal liquidation process that involves fully acquiring the borrowers balance
• Boost _ Folks Finance 34127 - [Smart Contract - Low] Liquidator gets more debt than usual
• Boost _ Folks Finance 34132 - [Smart Contract - Low] Liquidation bonus incorrectly inflates repayBorrowAmount instead of seizeUnderlyingCollateralAmount leading to wrong liquidations
• Boost _ Folks Finance 34148 - [Smart Contract - Low] Full liquidations will fail for certain unhealthy positions
• Boost _ Folks Finance 34150 - [Smart Contract - Low] Failed messages never expire and can be replayed by anyone potentially allowing users to be griefed
• Boost _ Folks Finance 34153 - [Smart Contract - Low] TWAP query by chainlink is wrong according to chainlink docs
• Boost _ Folks Finance 34158 - [Smart Contract - Low] NodeManagersupportsInterface returns false for typeIERCinterfaceId
• Boost _ Folks Finance 34169 - [Smart Contract - Low] Potential revert in PythNode library due to incorrect use of SafeCast toUint
• Boost _ Folks Finance 34174 - [Smart Contract - Low] Bug in liquidation logic leads to stealing funds from liquidatorsunprofitable liquidations

Insight

• Boost _ Folks Finance 33258 - [Smart Contract - Insight] Usage of floating pragma
• Boost _ Folks Finance 33376 - [Smart Contract - Insight] BridgeRouterreceiveMessage Allows Message Replay Across Different Adapters
• Boost _ Folks Finance 33441 - [Smart Contract - Insight] Protocol uses Pyth to fetch price which is a pull based oracle and requires price updates to be pushed by the user which is not taken care off
• Boost _ Folks Finance 33526 - [Smart Contract - Insight] Need to check returnAdapterId
• Boost _ Folks Finance 33588 - [Smart Contract - Insight] The liquidator can make the protocol incur bad debt by partially liquidating the position
• Boost _ Folks Finance 33644 - [Smart Contract - Insight] Insufficient msgvalue validation for Wormhole adapters will lead to Wormhole cross-chain messages being reverted
• Boost _ Folks Finance 33652 - [Smart Contract - Insight] BridgeRouters Unprotected Reversal Function Compromises User Control
• Boost _ Folks Finance 33670 - [Smart Contract - Insight] Violator can deny his liquidation by front running it and changing the loan borrow type
• Boost _ Folks Finance 33713 - [Smart Contract - Insight] Some transactions can revert when nodetype is PriceDeviationSameOracleCircuitBreakerNode
• Boost _ Folks Finance 33746 - [Smart Contract - Insight] Rounding down to zero leads to liquidate function will be halted with Panic error
• Boost _ Folks Finance 33852 - [Smart Contract - Insight] Small positions will not get liquidated
• Boost _ Folks Finance 33935 - [Smart Contract - Insight] Liquidations dont ensure the violator loan becomes healthy afterwards
• Boost _ Folks Finance 34183 - [Smart Contract - Insight] rebalanceUp could be used to lower the userLoanstableInterestRates in certain conditions
• Boost _ Folks Finance 34188 - [Smart Contract - Insight] BridgeRouterHub can add address adapter

Reports by Type

Smart Contract

Smart Contract

• Boost _ Folks Finance 33258 - [Smart Contract - Insight] Usage of floating pragma
• Boost _ Folks Finance 33269 - [Smart Contract - Critical] Logic flaw in UserLoanincreaseCollateral leads to double-counting of effectiveCollateral of userLoan
• Boost _ Folks Finance 33272 - [Smart Contract - Medium] FrontRunning Attack on createAccount
• Boost _ Folks Finance 33280 - [Smart Contract - Low] NodeManagersupportsInterface doesnt follow EIP-
• Boost _ Folks Finance 33311 - [Smart Contract - Critical] Infinite Interest rate bug
• Boost _ Folks Finance 33353 - [Smart Contract - Low] Incorrect implementation of Time-Weighted Average Price for a Chainlink feed will lead to Incorrect Liquidation amount and breaks multiple price consumption based function
• Boost _ Folks Finance 33356 - [Smart Contract - Low] All data in _userLoans mapping will not be deleted after calling deleteUserLoan
• Boost _ Folks Finance 33376 - [Smart Contract - Insight] BridgeRouterreceiveMessage Allows Message Replay Across Different Adapters
• Boost _ Folks Finance 33441 - [Smart Contract - Insight] Protocol uses Pyth to fetch price which is a pull based oracle and requires price updates to be pushed by the user which is not taken care off
• Boost _ Folks Finance 33443 - [Smart Contract - Low] StalenessCircuitBreakerNode checks if the last update time of the parent node is less than the threshold but the publicTime could be greater than current blocktimestamp
• Boost _ Folks Finance 33454 - [Smart Contract - Low] unsafe casting will lead to break of PythNode Oracle
• Boost _ Folks Finance 33526 - [Smart Contract - Insight] Need to check returnAdapterId
• Boost _ Folks Finance 33533 - [Smart Contract - Critical] depositDatainterestRate is not correct
• Boost _ Folks Finance 33534 - [Smart Contract - Medium] denial of service vulnerability and possible griefing in cross-chain account creation
• Boost _ Folks Finance 33540 - [Smart Contract - Low] ChainlinkNode uses cached decimals in the calculation instead of fresh one
• Boost _ Folks Finance 33542 - [Smart Contract - Medium] Attacker can create loan before users tx is completed through bridge
• Boost _ Folks Finance 33546 - [Smart Contract - Medium] Adversaries can manipulate victims stable rate to remain excessively high via flashloan
• Boost _ Folks Finance 33566 - [Smart Contract - Low] RepayWithCollateral will almost always fail in partial repayment
• Boost _ Folks Finance 33568 - [Smart Contract - Medium] Front-running vulnerability in cross-chain loan creation process could lead in funds loss for users
• Boost _ Folks Finance 33588 - [Smart Contract - Insight] The liquidator can make the protocol incur bad debt by partially liquidating the position
• Boost _ Folks Finance 33589 - [Smart Contract - Medium] Anyone can call the BridgeRouter Recieve function with malicious data to transfer funds
• Boost _ Folks Finance 33596 - [Smart Contract - Low] Incorrect rounding direction in HubPoolLogicupdateWithRepayWithCollateral can lead to accounting error of total token amount in HubPool
• Boost _ Folks Finance 33609 - [Smart Contract - Medium] Account creation can be frontrun making the users unable to create an account
• Boost _ Folks Finance 33611 - [Smart Contract - Medium] Adversary can perform a DoS on users createLoan and createLoanAndDeposit operation sent from Spoke chain
• Boost _ Folks Finance 33614 - [Smart Contract - Medium] Front-Running Vulnerability in createAccount Method
• Boost _ Folks Finance 33630 - [Smart Contract - High] Incorrect calculation of loanBorrowbalance
• Boost _ Folks Finance 33631 - [Smart Contract - Low] Wrong implementation of chainLink getTwapPrice Can lead to wrong price or latest price being used
• Boost _ Folks Finance 33643 - [Smart Contract - Low] PriceFeed from PythNode will always revert for some pools
• Boost _ Folks Finance 33644 - [Smart Contract - Insight] Insufficient msgvalue validation for Wormhole adapters will lead to Wormhole cross-chain messages being reverted
• Boost _ Folks Finance 33645 - [Smart Contract - Medium] Griefing an user from creating an account
• Boost _ Folks Finance 33652 - [Smart Contract - Insight] BridgeRouters Unprotected Reversal Function Compromises User Control
• Boost _ Folks Finance 33665 - [Smart Contract - Critical] Collateral Inflation Exploit via Zero-Amount Deposits Allows An Attacker to Drain Any Pool
• Boost _ Folks Finance 33670 - [Smart Contract - Insight] Violator can deny his liquidation by front running it and changing the loan borrow type
• Boost _ Folks Finance 33675 - [Smart Contract - Low] PythNodeprocess can revert because of incorrect casting
• Boost _ Folks Finance 33684 - [Smart Contract - Critical] Lack of available liquidity check when sending token back from Hub leads to first deposit and inflation attack
• Boost _ Folks Finance 33687 - [Smart Contract - Medium] Loan creation can be frontrun preventing the users from creating loans
• Boost _ Folks Finance 33694 - [Smart Contract - Medium] stableBorrowRates are manipulatable through flashloan attacks
• Boost _ Folks Finance 33695 - [Smart Contract - Critical] Attacker can borrow more than the collateral deposit
• Boost _ Folks Finance 33713 - [Smart Contract - Insight] Some transactions can revert when nodetype is PriceDeviationSameOracleCircuitBreakerNode
• Boost _ Folks Finance 33746 - [Smart Contract - Insight] Rounding down to zero leads to liquidate function will be halted with Panic error
• Boost _ Folks Finance 33778 - [Smart Contract - Medium] The loan creation process can be griefed
• Boost _ Folks Finance 33779 - [Smart Contract - Medium] The account creation process can be griefed
• Boost _ Folks Finance 33780 - [Smart Contract - Critical] Zero deposits can be used to artificially inflate a users collateral value allowing them to borrow excess funds
• Boost _ Folks Finance 33787 - [Smart Contract - Low] Function PythNodeprocess doesnt handle correctly PRECISION pythDataexpo
• Boost _ Folks Finance 33807 - [Smart Contract - Low] updateInterestRate uses incorrect reference of borrow interest rate to calculate deposit interest can lead to the loss of lenders unclaimed yield
• Boost _ Folks Finance 33816 - [Smart Contract - Critical] Attacker can get unlimited loan for some minimum deposit due to the incorrect calculation of user health in getLoanLiquidity
• Boost _ Folks Finance 33817 - [Smart Contract - High] Incorrect calculation of effective borrow value in getLoanLiquidity leads to protocol insolvency through wrong withdrawals and liquidations
• Boost _ Folks Finance 33852 - [Smart Contract - Insight] Small positions will not get liquidated
• Boost _ Folks Finance 33869 - [Smart Contract - Medium] loanIds are easy to reproduce and front-running enable malicious parties to lock user funds
• Boost _ Folks Finance 33870 - [Smart Contract - Low] convToRepayBorrowAmount calculation is incorrect causing liquidators to repay extra instead of receiving a bonus
• Boost _ Folks Finance 33880 - [Smart Contract - Medium] Front-Running Vulnerability in createUserLoan Method
• Boost _ Folks Finance 33885 - [Smart Contract - Low] Incorrect prices will be returned if the NodeType is PRICE_DEVIATION_CIRCUIT_BREAKER
• Boost _ Folks Finance 33893 - [Smart Contract - Medium] Malicious users can DoS loan creations and deposits causing temporary funds freezing and additional costs incurred for message reversals
• Boost _ Folks Finance 33923 - [Smart Contract - Low] Function HubPoolLogicupdateWithWithdraw doesnt round up in favour of protocol if isFAmount false
• Boost _ Folks Finance 33935 - [Smart Contract - Insight] Liquidations dont ensure the violator loan becomes healthy afterwards
• Boost _ Folks Finance 33947 - [Smart Contract - Low] During liquidations when borrowToRepay collateral the liquidator pays more borrowAmount than they should and receives no bonus
• Boost _ Folks Finance 33950 - [Smart Contract - Low] pythnode oracle unexpected revert
• Boost _ Folks Finance 33953 - [Smart Contract - Low] Calling process function will not revert even if two oracle nodes of the same type are used
• Boost _ Folks Finance 33970 - [Smart Contract - Medium] User deposits can be blocked
• Boost _ Folks Finance 33978 - [Smart Contract - Critical] Attacker can Inflate effectiveCollateralValue
• Boost _ Folks Finance 33981 - [Smart Contract - Low] The PythNode library process function implementation does not account for pythDataexpo being greater than PRECISION
• Boost _ Folks Finance 33987 - [Smart Contract - Medium] Incorrect access control in receiveMessage leads to total loss of funds
• Boost _ Folks Finance 34025 - [Smart Contract - Medium] Malicious user can DoS the creation of every account at no cost by front running it with the same accountId
• Boost _ Folks Finance 34028 - [Smart Contract - Medium] Denial of Service DoS vulnerability in UserLoan creation due to front-running attack
• Boost _ Folks Finance 34029 - [Smart Contract - Medium] Contract fails to mitigate potential critical state where anyone can call BridgeRouterHubreceiveMessage directly
• Boost _ Folks Finance 34030 - [Smart Contract - Low] Incorrect rounding down in HubPoolLogicupdateWithWithdraw when users withdraw using underlying amount
• Boost _ Folks Finance 34047 - [Smart Contract - Low] Adversaries can create a position that is nearly impossible to liquidate due to high gas consumption
• Boost _ Folks Finance 34050 - [Smart Contract - High] Vulnerability in getLoanLiquidity leads to undervaluing stable debt
• Boost _ Folks Finance 34052 - [Smart Contract - Low] withdraw doesnt round in favour of protocol for isFamountFalse
• Boost _ Folks Finance 34054 - [Smart Contract - Low] In liquidation loanPoolcollateralUsed doesnt get reduced by collateralSeizedreserveAmount
• Boost _ Folks Finance 34066 - [Smart Contract - Medium] Account Creation Front-Running Vulnerability Leading to Gas Fee Theft
• Boost _ Folks Finance 34069 - [Smart Contract - Low] repayWithCollateral may revert when repay samll amount token
• Boost _ Folks Finance 34074 - [Smart Contract - Critical] Hub missing check for available liquidity could lead to locked fund and utilization ratio exceeding
• Boost _ Folks Finance 34076 - [Smart Contract - Low] Wrong way of deriving message keys using destination chains CCTP domain id
• Boost _ Folks Finance 34085 - [Smart Contract - Low] partial repayment with collaterals will revert due to underflow
• Boost _ Folks Finance 34122 - [Smart Contract - High] Wrong borrow balance calculation in the getLoanLiquidity function
• Boost _ Folks Finance 34124 - [Smart Contract - Low] Smart contract cannot be accessed during the normal liquidation process that involves fully acquiring the borrowers balance
• Boost _ Folks Finance 34127 - [Smart Contract - Low] Liquidator gets more debt than usual
• Boost _ Folks Finance 34132 - [Smart Contract - Low] Liquidation bonus incorrectly inflates repayBorrowAmount instead of seizeUnderlyingCollateralAmount leading to wrong liquidations
• Boost _ Folks Finance 34148 - [Smart Contract - Low] Full liquidations will fail for certain unhealthy positions
• Boost _ Folks Finance 34150 - [Smart Contract - Low] Failed messages never expire and can be replayed by anyone potentially allowing users to be griefed
• Boost _ Folks Finance 34153 - [Smart Contract - Low] TWAP query by chainlink is wrong according to chainlink docs
• Boost _ Folks Finance 34158 - [Smart Contract - Low] NodeManagersupportsInterface returns false for typeIERCinterfaceId
• Boost _ Folks Finance 34161 - [Smart Contract - Medium] Denial of Service via Front-Running in Loan Creation Mechanism
• Boost _ Folks Finance 34169 - [Smart Contract - Low] Potential revert in PythNode library due to incorrect use of SafeCast toUint
• Boost _ Folks Finance 34174 - [Smart Contract - Low] Bug in liquidation logic leads to stealing funds from liquidatorsunprofitable liquidations
• Boost _ Folks Finance 34179 - [Smart Contract - High] Incorrect Updates to pooldepositDatatotalAmount and loancollateralUsed During Repayment with Collateral
• Boost _ Folks Finance 34183 - [Smart Contract - Insight] rebalanceUp could be used to lower the userLoanstableInterestRates in certain conditions
• Boost _ Folks Finance 34188 - [Smart Contract - Insight] BridgeRouterHub can add address adapter
• Boost _ Folks Finance 34190 - [Smart Contract - Critical] Liquidated users can mix and manipulate stable and variable borrowings through exploitative liquidation process