Centrifuge / centrifuge-v3 bounty

Asset	Description
https://github.com/centrifuge/protocol-v3/releases/tag/v3	Centrifuge V3

Everything from previous V3 audits: https://github.com/centrifuge/protocol-v3/tree/main/docs/audits
Hub and Balance Sheet Managers are fully trusted ⇒ any issue caused by misuse from the manager is invalid
Griefing issue on Hub.createPool
Any issue related to arbitrage between different assets/currencies in the same pool. Solved by using identity valuation.
Issues related to cross-chain messages not being executed for a long time, in the wrong order or create race-conditions
Exception: Loss of tokens
GasService estimate is under/overestimated.
Subsidized funds can be spammed: we will add min investment limits to alleviate this.
AsyncRequest._withdraw() using current pricePoolPerAsset which is potentially unlikely pricePoolPerAsset during approval of redemption - see
Only deployed on chains with Cancun EVM support. And no zksync.
No fee-on-transfer, ERC777 callbacks, or rebasing tokens
After Root.relySchedule executes, the timelock does not apply anymore => intentional, combined with spell pattern it works
Guardian only works with Safe, if the admin is not a Safe the pause can only be executed by the full Safe and not individual owners
Liquidity can be stuck if a user is frozen
Liquidity can be stuck if all vaults are unlinked
While paused, users can still claim assets/shares
Auth pattern does not check that there is at least 1 ward
Manager needs to ensure hooks across domains are compatible
User needs to ensure they transfer valid share tokens eg member

centrifuge-v3