port-finance / bug-bounty Goto Github PK

Discord ID: abra#2539

Description: The "available environment" and "wallet details" tabs overlay with each other when opened together.

Components that are affected: Not able select / see the wallet address and other details available in the wallet tab.

Any other details / possible fix :1) Both tabs should be kept wider apart from each other solving the issue.

2. Auto closing of the "available ecosystem" tab when we move the cursor away from it would also fix the issue.

Cosmetic: incorrect or misleading UI

SPL WALLET ADDRESS : annauneRTfWLawrWW89PuYGwcRtjpnrp6yR2D9pEDfW

Discord ID: abra#2539
Description: Not able to repay 100% of the remaining borrowed amount . The transaction is getting rejected all the time .
The transaction gets approved if the amount is lesser than maximum .
Recreation : Borrow 0.01 to the USDC asset . The borrowed amount should be around 0.01 now .
Go to repay option and move the slider to maximum . After approving the transaction it would show the transaction has been rejected error.
TID for reference : 4Axiz5i3kSiJ87TNanEz4MTVT5837aby6x7WoGj118Y7ewENZeRMQBE9R3mhdpXXpWVp7nzyquSLnsweYAYYFp6A


SPL : annauneRTfWLawrWW89PuYGwcRtjpnrp6yR2D9pEDfW

Description: Fixed Rate APY displaying negative value on https://mainnet.port.finance/#/fixedRate
Vulnerability: None
Components that are affected: [Cosmetic] Fixed Rate APY
Any other details:

• Win10, Chrome Version 96.0.4664.93 (Official Build) (64-bit)
• Tried to hard clear cache, did not help.
  

Discord : DASH#9837
1.When we supply a token , the color of the deposit tab is the same . . might create confusion for some.
2. When we add the token as collateral it shows the toggle bt i would suggest there should be color change in toggles for collateral n non collateral something like nyan blue would look appealing
3. The deposit option arrow (green) should be interactive when clicked upon . For example if i change deposit sol option to deposit usdc option it will change bt i wont be able to make out that diffrence just by the arrows . I would suggest that whatever i chose should either highlight or change color .
Attaching some ss so it would be helpful. I hope some of my suggestions did add value to the feedback
https://postimg.cc/gallery/R3Y5gJd

SPL wallet used : 4kRvjctHeJkWZYExvgVNQ5UT56WaFQ6ARH6bwoVof6Tu

Wallet Address:

• Figqnjr1Y8SLv8JBcuJPeSSZUszoDKNP4bxMR1JeiJD9

Description:

• In the Liquidate page of PortFinance V2, when clicking on the user address , it will jump to the Aries Markets - DashBoard of the Aptos network
• The expected behavior here is jump to the Default Explorer selected in Settings, should be SOLANA FM / SOLSCAN / EXPLORER
• For example: https://app.ariesmarkets.xyz/dashboard/FG1igWX6mseVcApaXqwZDwe7kWGpPU1eBy1v5a3imQHT

Any other details:

Discord ID: Willake#8873

Description: I think this issue was related to #2. Input was worked fine while typing integers. After trying to type decimal in the field of port amount then all inputs were blocked.

Vulnerability: UI Display Issue

Components that are affected: token amount field

Any other details:

• This issue only appears when typing the amount of PORT token. SOL and BTC were fine
• Video

Discord ID: abra#2539
Description: Whenever the transaction fails under borrow section. The slider gets a stop sign over it. Making the user unable to move the slider.


How to recreate: Try to repay 100% of the funds . This would make the transaction to fail . And there would be a freeze set on the slider bar. User have to refresh the page and reconnect the wallet every time this happens to be able to move the slider again.

Components that are affected: User experience , Borrow and repay tab.
SPL Wallet Address: annauneRTfWLawrWW89PuYGwcRtjpnrp6yR2D9pEDfW

DASH#9837
When i try to release mu USDC from collateral . .1. I have to manually visit the wallet to approve . . should there be a pop up to my screen it would be easy
Reason : If any new user tries the app he might get confused because other options for eg repaying borrowed asset show pop up for transaction on the screen. This might be sollet issue but it can create confusion

And when you cancel the request , if you try again to release usdc Errors: Failed to get recent blockhash /Failed to fetch shows up . The same when tried repay asset option even if we cancel it multiple times we dont get that error
Have to reconnect wallet
User experience affected

Sol 4kRvjctHeJkWZYExvgVNQ5UT56WaFQ6ARH6bwoVof6Tu

Discord ID: froggo#5434

Description: The slider overlapped between 75% and something. Able to reproduce it with Brave Browser.

Vulnerability: Cosmetic.

Components that are affected: The UI Slidebar.

Any other details:

• I've attached a screenshot for better understanding.
• I'm using Phantom wallet.
  

First one
That's a big one for me, it is up to you guys if you going to understand how important it is, how much it has impact on proper media share, and actual consumption of your product.
Stop using hash # in your URLs, at least avoid doing it as much as possible.

1. It impacts how people can share links with their friends.
2. It impacts how other crawling engines can browse and take a screenshot for your pages.
   a) Try linking on twitter https://mainnet.port.finance/#/markets and https://mainnet.port.finance/#/dashboard, it is a different page that should be displayed, but the systems will pick up only the default one before the hash tag. Maybe not the best example with twitter, but I hope you get what I mean.
   Please understand I don't want to discredit the developers practices, but It is just a bad practice.

Second one

It is a production site, that has debug information in the console being printed out, this is consuming resources on every clients browser. While it doesnt affect you directly, it does run computer code on every clients browser, which is not very eco friendly.

SPL: 2TooLbSn4wySZPwyprTXuJUp7vByhVqB1yArrwndXpSo

Discord ID: Willake#8873

Description: Borrow UI could not be used after transaction was failed. I am not sure is it a bug or not, I suggested it would be better to reupdate the page state rather than block user input.

Vulnerability: UI Display Issue

Components that are affected: Borrow UI

Any other details:
Video

DASH#9837
USDC : 3957.07 (44.57%)
SOL : 4920.43 (55.43%)

In the below section its mentioned 176.296 SOL ( 4920.43 USDC)
If we visit the market tab and market composition , the first thought comes 4920 SOL . If we can either change it to 176 SOL along with percentage or simply the distribution in %
This would not impact anything but everything should be near to perfect .

Bosunwoods#1967

Trying to deposit part of my available balance of 0.05sol but i cant type an amount less that that. So i had to use the meter stuff to choose the deposit amount. Basically i dont think i can specify deposit amount by typing in the box.

Discord ID: froggo#5434
Description: Borrow tab didn't update whenever user change their wallet, only the supply tab that updated. I'm using sollet and phantom wallet.
Video: YouTube

Description: We must click the change/disconnect text to make it work (not full section, only the text that clickable). The copy wallet function is worked fine (full section clickable).

Urgency: Low / cosmetic

Browser and network status: Brave, stable

Steps to reproduce the bug:

• Click your account on the top right corner.
• Click the change/disconnect button.

Screenshot of the bug:

Theories and Suggestions:
I suggest making the full section clickable like this for example:

Discord ID: silent666#8303
Description:
When I try to deposit 0.1 sol,It change to be 1 automatically.I think it's a bug

SPL Wallet Address: 7FZaTArvPtTRJ7GjBGMaJarxUxa5SK1T3MeuxaR7pVKc

I have deposited whETH and use it as collateral but could't withdraw it due to UI said that "need to paid loan first" but I already return borrow asset already. The UI still shown I have 2 position left and I dont know which position is it. If I misunderstand something please collect me if I doing something wrong.

UI said that need to pay loan first.


There is no loan to pay in this pic.

The position that shown on interface is what if i don't have any borrow asset left.

Best regard
Aquil2a

Discord ID: skyler#7400

Description: Borrowing interface shows the risk factor in words. Where it's written as "Risker" but it should be "Riskier". By the way, i prefer numbers when it comes to risk calculation.

Vulnerability: People might raise questions about it's professionalism and other stuffs.

Components that are affected: None

Any other details: I've attached a screenshot for better understanding.

Discord ID: silent666#8303
Description:
When borrowed something and click withdraw max,the number is still the all Balance In Port and no warning.Though after click withdraw,the transaction failed, in other lend product it won't be this.Port should show the user how much is the maximum withdraw number. And remind user the liduidate risk when withdraw Collateral.

SPL Wallet Address: 7FZaTArvPtTRJ7GjBGMaJarxUxa5SK1T3MeuxaR7pVKc

Description : Checking upon the details of an asset takes to the page were its written " Utillization " , correct spelling is supposed to be " Utilization" .
SPL : annauneRTfWLawrWW89PuYGwcRtjpnrp6yR2D9pEDfW

DASH#9837
When i try to borrow sol , I get directed to a page where i can select the range to borrow between safe and risky. After selecting that , the first impulse is i click on the Borrow tab above ,completely missing the actual tab to be clicked which is in bottom.

If we can accomodate that in one screen it would be easier for better navigation.
And when i click on borrow option it takes me to the page with Borrow / Repay option in which the arrow can be only on the one in use. so if we go to borrow page there should be only Borrow Title . . If we allow arrow to that it confuses us it with clickable option ( which on the contrary is on bottom ) . i will share ss for it .

• To remove arrow navigation from the top option which should be just meant as single headline of Borrow or Repay and focusing on bottom option whcih executes the command
  

• accomodate in one screen without the need to scroll
  
  FVgcfmS7TZ7eDnXPb3pXMm4zq5RDzwRc9ET49q87X9no

i think i confuse with the UI icon in borrow or repay is not good for user, u can use another icon for that. maybe u can use this icon

Base on google lighthouse i think we can improve the perfomance on the website.
Things to update :

• Does not use passive listeners to improve scrolling performance
  Browsers can't know if an event listener will prevent scrolling, so they always wait for the listener to finish executing before scrolling the page.

• Serve static assets with an efficient cache policy
  HTTP caching can speed up your page load time on repeat visits.

sol address : 7xCxNe86R4UG7e2DroBrJj3MMZ6FNebaEAxUpoREGZCn

• [ ]
  

• [ ]

jocode#2922

G9gmpa8MgyEvDbUDdep1pbgfCzwazV1oCYK8egB41Q54

The Bitcoin price is not correct there's a coma ' , ' missing there kindly check it out

Bitcoin component

First one:

Here bottom right FAQ leads to "#", e.g. nothing. Pretty misleading, if you dont have functionality you may as well remove it.

Second one:
Also if you go to: https://www.bramah.systems/ then to the bottom "Prior Audits", Port Finance is not there, but Saber.so is. I know this one is not so much on you, you may have an audit from them, but please ask them to include it in their portfolio. Otherwise it is very misleading to display on your main site that you are audited by them but it is missing on their side/site.

Third one:
https://mainnet.port.finance/#/dashboard
and
https://mainnet.port.finance/#/supply

Bottom part of 2021 Port Finance All Rights Reserved is 50% cut, because of the headers that push it, and it doesnt have a proper bottom margin spacing from the bottom of the page.
1920x1080, Mozilla Firefox, and no the inner scroller is to the bottom and it is not related, its not just coded perfectly to have a bottom margin.
Take a note, on https://mainnet.port.finance/#/markets it looks almost okay.

Forth one:

subdomain mainnet, but we are on the devnet according to the wallet setting, extremely misleading, I know it is a huge inconvinience to set this one properly, but please do, people will often look at the top of their browser and think they are on mainnet or the reserve.

SPL: 2TooLbSn4wySZPwyprTXuJUp7vByhVqB1yArrwndXpSo

Name : Akbar Ilahi
Discord ID : johnsnow#3487
SPL Wallet Address: EDuFhVZj8qkSFPczhH1pGLzCtUh27zx9B3pE6odGF3gC
Description : When you want to exchange a wallet address in the upper right corner you see a clashing display
Vulnerability : low/uncomfortable