Skip to content

AayushJhaAudits/tetu-pawnshop-audit-2025-04-

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

6 Commits
README.md
README.md
Β 
Β 
TetuPawnShop.sol
TetuPawnShop.sol
Β 
Β 
TetuPawnShop_AuditReport.pdf
TetuPawnShop_AuditReport.pdf
Β 
Β 

Repository files navigation

TetuPawnShop.sol Security Audit Report

Tetu Finance Logo
Audit Conducted: April 2025
Auditor: Aayush

πŸ“œ Overview

This repository contains the complete security audit for TetuPawnShop.sol, a collateralized lending contract in the Tetu Finance ecosystem. The audit focuses on the redeem() function's critical vulnerability and provides remediation guidance.

πŸ” Audit Details

πŸ“Œ Scope

  • Contract: TetuPawnShop.sol (commit: [hash])
  • Focus: redeem() function state management vulnerability
  • Severity: Critical (CVSS: 8.5)

πŸ› οΈ Tools Used

  • Manual Code Review
  • Slither (Static Analysis)
  • Foundry (For PoC Tests)
  • Solidity CEI Pattern Verification

πŸ“ Findings Summary

Severity Issue Status
Critical Premature state change in redeem() Fixed βœ…
Medium Missing toSend amount validation Recommended πŸ”„
Low Insufficient event logging Optional ⏳

🚨 Critical Vulnerability: Improper State Change

Impact

  • Potential collateral theft via reentrancy-like exploitation
  • Broken atomicity in redemption flow
  • Estimated risk: High (Funds-at-risk)

πŸ”§ Recommended Fix

function redeem(uint id) external nonReentrant override {
    // ...checks...
    uint toSend = _toRedeem(id);
    IERC20(...).safeTransferFrom(...);  // Interactions first
    _transferCollateral(...);
    _endPosition(pos);  // State change last
}

πŸ“¬ Contact Me

For Security Discussions

βœ‰οΈ Email: [[email protected]]

Professional Networks

🐦 Twitter/X: @aayushjhaaudits (DMs open for security reports)

Response Time:

  • Critical Issues: <24 hours
  • General Inquiries: 3-5 business days

Note: For audit-related queries, include "TetuPawnShop Audit" in the subject line.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages