Skip to content

Issues: code-423n4/2021-09-defiprotocol-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

156 Open 121 Closed
156 Open 121 Closed
Author
Filter by author
Label
Filter by label
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Milestones
Filter by milestone
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Limit on growth size of pool - bond size 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Warden finding sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#275 opened Sep 23, 2021 by code423n4
2
No input validation on parameter changes 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#274 opened Sep 23, 2021 by code423n4
1
Unnecessary require check bug Warden finding G (Gas Optimization) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#273 opened Sep 23, 2021 by code423n4
1
block.timestamp is a better timer than block.number 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#271 opened Sep 23, 2021 by code423n4
1
Add nonreentrant modifiers to external methods in 2 files 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#270 opened Sep 23, 2021 by code423n4
1
Owner can steal all Basket funds during auction 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Warden finding disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#265 opened Sep 22, 2021 by code423n4
2
handleFees reverts if supply is zero 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#264 opened Sep 22, 2021 by code423n4
1
Event BasketLicenseProposed needs an idNumber 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Warden finding disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#263 opened Sep 22, 2021 by code423n4
2
bondTimestamp is not a timestamp but a blocknumber 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Warden finding disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#261 opened Sep 22, 2021 by code423n4
2
Lack of revert messages 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Warden finding disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#258 opened Sep 22, 2021 by code423n4
2
mintTo arguments order 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Warden finding sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#257 opened Sep 22, 2021 by code423n4
1
Same tokens added to bounty bug Warden finding G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#253 opened Sep 22, 2021 by code423n4
1
pack structs *3 bug Warden finding G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#252 opened Sep 22, 2021 by code423n4
1
Naming 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Warden finding disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#250 opened Sep 22, 2021 by code423n4
2
burn and mintTo in Basket.sol vulnerable to reentrancy 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Warden finding sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#248 opened Sep 22, 2021 by code423n4
3
Unecessary transfer trips bug Warden finding G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#245 opened Sep 22, 2021 by code423n4
1
Auction multiplier set to zero 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Warden finding disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#242 opened Sep 22, 2021 by code423n4
2
Set functions to external. bug Warden finding G (Gas Optimization) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#240 opened Sep 22, 2021 by code423n4
1
Gas optimation proposal struct bug Warden finding G (Gas Optimization) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#238 opened Sep 22, 2021 by code423n4
1
Gas saving: pack struct bug Warden finding G (Gas Optimization)
#237 opened Sep 22, 2021 by code423n4
1
Fee on transfer tokens can lead to incorrect approval 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Warden finding sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#236 opened Sep 22, 2021 by code423n4
2
Proposals can never get created due to reaching block.gaslimit 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#235 opened Sep 22, 2021 by code423n4
1
Sanity checks when the contract parameters are updated 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#234 opened Sep 22, 2021 by code423n4
2
The increment in for loop post condition can be made unchecked bug Warden finding G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#232 opened Sep 22, 2021 by code423n4
1
Replace tokenList.length by existing variable length bug Warden finding G (Gas Optimization) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#230 opened Sep 22, 2021 by code423n4
1
ProTip! Type g i on any issue or pull request to go back to the issue listing page.