Issues: code-423n4/2021-09-defiprotocol-findings
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
Limit on growth size of pool - bond size
0 (Non-critical)
Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation
bug
Warden finding
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#275
opened Sep 23, 2021 by
code423n4
No input validation on parameter changes
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Warden finding
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#274
opened Sep 23, 2021 by
code423n4
Unnecessary require check
bug
Warden finding
G (Gas Optimization)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#273
opened Sep 23, 2021 by
code423n4
block.timestamp is a better timer than block.number
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Warden finding
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#271
opened Sep 23, 2021 by
code423n4
Add nonreentrant modifiers to external methods in 2 files
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Warden finding
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#270
opened Sep 23, 2021 by
code423n4
Owner can steal all Basket funds during auction
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Warden finding
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#265
opened Sep 22, 2021 by
code423n4
handleFees
reverts if supply is zero
1 (Low Risk)
#264
opened Sep 22, 2021 by
code423n4
Event BasketLicenseProposed needs an idNumber
0 (Non-critical)
Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation
bug
Warden finding
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#263
opened Sep 22, 2021 by
code423n4
bondTimestamp
is not a timestamp but a blocknumber
0 (Non-critical)
#261
opened Sep 22, 2021 by
code423n4
Lack of revert messages
0 (Non-critical)
Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation
bug
Warden finding
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#258
opened Sep 22, 2021 by
code423n4
mintTo
arguments order
0 (Non-critical)
#257
opened Sep 22, 2021 by
code423n4
Same tokens added to bounty
bug
Warden finding
G (Gas Optimization)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#253
opened Sep 22, 2021 by
code423n4
pack structs *3
bug
Warden finding
G (Gas Optimization)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#252
opened Sep 22, 2021 by
code423n4
Naming
0 (Non-critical)
Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation
bug
Warden finding
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#250
opened Sep 22, 2021 by
code423n4
burn
and mintTo
in Basket.sol
vulnerable to reentrancy
2 (Med Risk)
#248
opened Sep 22, 2021 by
code423n4
Unecessary transfer trips
bug
Warden finding
G (Gas Optimization)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#245
opened Sep 22, 2021 by
code423n4
Auction multiplier set to zero
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Warden finding
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#242
opened Sep 22, 2021 by
code423n4
Set functions to external.
bug
Warden finding
G (Gas Optimization)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#240
opened Sep 22, 2021 by
code423n4
Gas optimation proposal struct
bug
Warden finding
G (Gas Optimization)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#238
opened Sep 22, 2021 by
code423n4
Gas saving: pack struct
bug
Warden finding
G (Gas Optimization)
#237
opened Sep 22, 2021 by
code423n4
Fee on transfer tokens can lead to incorrect approval
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Warden finding
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#236
opened Sep 22, 2021 by
code423n4
Proposals can never get created due to reaching Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Warden finding
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
block.gaslimit
1 (Low Risk)
#235
opened Sep 22, 2021 by
code423n4
Sanity checks when the contract parameters are updated
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Warden finding
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#234
opened Sep 22, 2021 by
code423n4
The increment in for loop post condition can be made unchecked
bug
Warden finding
G (Gas Optimization)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#232
opened Sep 22, 2021 by
code423n4
Replace Warden finding
G (Gas Optimization)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
tokenList.length
by existing variable length
bug
#230
opened Sep 22, 2021 by
code423n4
Previous Next
ProTip!
Type g i on any issue or pull request to go back to the issue listing page.