-
Notifications
You must be signed in to change notification settings - Fork 0
Issues: code-423n4/2021-09-yaxis-findings
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
Adding assymetric liquidity in _addLiquidity results in fewer LP tokens minted than what should be wanted
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Warden finding
#158
opened Sep 16, 2021 by
code423n4
getMostPremium() does not necessarily return the best asset to trade for.
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Warden finding
duplicate
Another warden found this issue
#156
opened Sep 16, 2021 by
code423n4
Be aware that transactions can be frontrun to exactly the estimated amount.
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Warden finding
duplicate
Another warden found this issue
#153
opened Sep 16, 2021 by
code423n4
harvestNextStrategy
can be optimized
bug
#146
opened Sep 15, 2021 by
code423n4
maxStrategies
can be lower than existing strategies
1 (Low Risk)
#145
opened Sep 15, 2021 by
code423n4
Missing check in Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Warden finding
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
reorderStrategies
1 (Low Risk)
#144
opened Sep 15, 2021 by
code423n4
tokens[i]
can be memorized
bug
#143
opened Sep 15, 2021 by
code423n4
Unnecessary Warden finding
G (Gas Optimization)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
balanceOfWant() > 0
bug
#141
opened Sep 15, 2021 by
code423n4
Harvest can be frontrun
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Warden finding
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#140
opened Sep 15, 2021 by
code423n4
getMostPremium()
can be wrong
1 (Low Risk)
#139
opened Sep 15, 2021 by
code423n4
Earn process emits two events that can be arranged into one
bug
Warden finding
G (Gas Optimization)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#138
opened Sep 15, 2021 by
code423n4
Unclear Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Warden finding
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
totalDepositCap
1 (Low Risk)
#135
opened Sep 15, 2021 by
code423n4
cap
isn't enforced
1 (Low Risk)
#134
opened Sep 15, 2021 by
code423n4
No slippage checks can lead to sandwich attacks
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Warden finding
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#133
opened Sep 15, 2021 by
code423n4
Vault.balance()
mixes normalized and standard amounts
3 (High Risk)
#132
opened Sep 15, 2021 by
code423n4
Vault.withdraw
mixes normalized and standard amounts
3 (High Risk)
#131
opened Sep 15, 2021 by
code423n4
Controller.inCaseStrategyGetStuck
does not update balance
2 (Med Risk)
#130
opened Sep 15, 2021 by
code423n4
Controller.setCap
sets wrong vault balance
3 (High Risk)
#128
opened Sep 15, 2021 by
code423n4
VaultHelper deposits don't work with fee-on transfer tokens
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Warden finding
#127
opened Sep 15, 2021 by
code423n4
token -> vault mapping can be overwritten
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Warden finding
duplicate
Another warden found this issue
#126
opened Sep 15, 2021 by
code423n4
Gas: Timestamp in router swap can be hardcoded
bug
Warden finding
G (Gas Optimization)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#125
opened Sep 15, 2021 by
code423n4
Gas: Loop in Warden finding
G (Gas Optimization)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
StablesConverter.expected
can be avoided
bug
#124
opened Sep 15, 2021 by
code423n4
Gas: Loop in Warden finding
G (Gas Optimization)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
StablesConverter.convert
can be avoided
bug
#123
opened Sep 15, 2021 by
code423n4
Withdraw event uses wrong parameter
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Warden finding
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#122
opened Sep 15, 2021 by
code423n4
Vault.withdraw
sometimes burns too many shares
2 (Med Risk)
#121
opened Sep 15, 2021 by
code423n4
Previous Next
ProTip!
Adding no:label will show everything without a label.