Skip to content

Issues: code-423n4/2021-09-yaxis-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

88 Open 76 Closed
88 Open 76 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Adding assymetric liquidity in _addLiquidity results in fewer LP tokens minted than what should be wanted 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Warden finding
#158 opened Sep 16, 2021 by code423n4
2
getMostPremium() does not necessarily return the best asset to trade for. 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding duplicate Another warden found this issue
#156 opened Sep 16, 2021 by code423n4
1
Be aware that transactions can be frontrun to exactly the estimated amount. 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding duplicate Another warden found this issue
#153 opened Sep 16, 2021 by code423n4
1
harvestNextStrategy can be optimized bug Warden finding G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#146 opened Sep 15, 2021 by code423n4
2
maxStrategies can be lower than existing strategies 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#145 opened Sep 15, 2021 by code423n4
2
Missing check in reorderStrategies 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#144 opened Sep 15, 2021 by code423n4
2
tokens[i] can be memorized bug Warden finding G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#143 opened Sep 15, 2021 by code423n4
1
3
Unnecessary balanceOfWant() > 0 bug Warden finding G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#141 opened Sep 15, 2021 by code423n4
1
Harvest can be frontrun 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Warden finding sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#140 opened Sep 15, 2021 by code423n4
2
getMostPremium() can be wrong 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#139 opened Sep 15, 2021 by code423n4
1
5
Earn process emits two events that can be arranged into one bug Warden finding G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#138 opened Sep 15, 2021 by code423n4
1
Unclear totalDepositCap 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#135 opened Sep 15, 2021 by code423n4
1
cap isn't enforced 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#134 opened Sep 15, 2021 by code423n4
4
No slippage checks can lead to sandwich attacks 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#133 opened Sep 15, 2021 by code423n4
2
Vault.balance() mixes normalized and standard amounts 3 (High Risk) Assets can be stolen/lost/compromised directly bug Warden finding sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#132 opened Sep 15, 2021 by code423n4
1
Vault.withdraw mixes normalized and standard amounts 3 (High Risk) Assets can be stolen/lost/compromised directly bug Warden finding duplicate Another warden found this issue
#131 opened Sep 15, 2021 by code423n4
1
Controller.inCaseStrategyGetStuck does not update balance 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Warden finding sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#130 opened Sep 15, 2021 by code423n4
1
Controller.setCap sets wrong vault balance 3 (High Risk) Assets can be stolen/lost/compromised directly bug Warden finding duplicate Another warden found this issue
#128 opened Sep 15, 2021 by code423n4
2
VaultHelper deposits don't work with fee-on transfer tokens 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Warden finding
#127 opened Sep 15, 2021 by code423n4
2
token -> vault mapping can be overwritten 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Warden finding duplicate Another warden found this issue
#126 opened Sep 15, 2021 by code423n4
1
Gas: Timestamp in router swap can be hardcoded bug Warden finding G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#125 opened Sep 15, 2021 by code423n4
1
2
Gas: Loop in StablesConverter.expected can be avoided bug Warden finding G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#124 opened Sep 15, 2021 by code423n4
1
Gas: Loop in StablesConverter.convert can be avoided bug Warden finding G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#123 opened Sep 15, 2021 by code423n4
1
Withdraw event uses wrong parameter 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#122 opened Sep 15, 2021 by code423n4
1
Vault.withdraw sometimes burns too many shares 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Warden finding duplicate Another warden found this issue
#121 opened Sep 15, 2021 by code423n4
2
ProTip! Adding no:label will show everything without a label.