Issues: code-423n4/2021-10-tally-findings
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
Token Can Deny Execution of Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
sweepFees()
Function
1 (Low Risk)
#81
opened Oct 23, 2021 by
code423n4
Ownable
Contract Does Not Implement Two-Step Transfer Ownership Pattern
1 (Low Risk)
#78
opened Oct 23, 2021 by
code423n4
Open TODOs
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#75
opened Oct 22, 2021 by
code423n4
Unnecessary Something isn't working
G (Gas Optimization)
CALLDATALOAD
s in for-each loops
bug
#74
opened Oct 22, 2021 by
code423n4
Unnecessary checked arithmetic in for loops
bug
Something isn't working
G (Gas Optimization)
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#73
opened Oct 22, 2021 by
code423n4
Unnecessary array boundaries check when loading an array element twice
bug
Something isn't working
G (Gas Optimization)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#72
opened Oct 22, 2021 by
code423n4
Prefix increaments are cheaper than postfix increaments
bug
Something isn't working
G (Gas Optimization)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#71
opened Oct 22, 2021 by
code423n4
internal
functions can be private
bug
#70
opened Oct 22, 2021 by
code423n4
Users can avoid paying fees for ETH swaps
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#68
opened Oct 22, 2021 by
code423n4
Swap.setFeeRecipient()
emits a NewFeeRecipient
when the fee recipient hasn't changed
0 (Non-critical)
#67
opened Oct 22, 2021 by
code423n4
Swap.setSwapFee()
emits a NewSwapFee
when the swap fee hasn't changed
0 (Non-critical)
#66
opened Oct 22, 2021 by
code423n4
Cache or use existing memory versions of state variables (feeRecipient, swapFee)
bug
Something isn't working
G (Gas Optimization)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#64
opened Oct 22, 2021 by
code423n4
Unnecessary Something isn't working
G (Gas Optimization)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
SLOAD
in Swap.setSwapFee()
bug
#63
opened Oct 22, 2021 by
code423n4
Unnecessary require statement in Something isn't working
G (Gas Optimization)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Swap
's constructor
bug
#62
opened Oct 22, 2021 by
code423n4
Unnecessary Something isn't working
G (Gas Optimization)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
SLOAD
s in EmergencyGovernable.onlyTimelockOrEmergencyGovernance()
bug
#61
opened Oct 22, 2021 by
code423n4
Inclusive check
0 (Non-critical)
Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation
bug
Something isn't working
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#49
opened Oct 22, 2021 by
code423n4
use of floating pragma
0 (Non-critical)
Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation
bug
Something isn't working
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#46
opened Oct 22, 2021 by
code423n4
Gas: Math library could be "unchecked"
bug
Something isn't working
G (Gas Optimization)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#43
opened Oct 22, 2021 by
code423n4
Gas: SafeMath is not needed when using Solidity version 0.8
bug
Something isn't working
G (Gas Optimization)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#42
opened Oct 22, 2021 by
code423n4
Gas: minReceived check can be simplified
bug
Something isn't working
G (Gas Optimization)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#41
opened Oct 22, 2021 by
code423n4
Contract does not work well with fee-on transfer tokens
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#40
opened Oct 22, 2021 by
code423n4
Arbitrary contract call allows attackers to steal ERC20 from users' wallets
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#37
opened Oct 22, 2021 by
code423n4
Unused ERC20 tokens are not refunded
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#36
opened Oct 22, 2021 by
code423n4
Consider removing Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation
bug
Something isn't working
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Math.sol
0 (Non-critical)
#35
opened Oct 22, 2021 by
code423n4
Wrong calculation of Assets can be stolen/lost/compromised directly
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
erc20Delta
and ethDelta
3 (High Risk)
#34
opened Oct 22, 2021 by
code423n4
Previous Next
ProTip!
Find all open issues with in progress development work with linked:pr.