Skip to content

Issues: code-423n4/2021-10-tally-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

41 Open 40 Closed
41 Open 40 Closed
Author
Filter by author
Label
Filter by label
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Milestones
Filter by milestone
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Token Can Deny Execution of sweepFees() Function 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#81 opened Oct 23, 2021 by code423n4
2
Ownable Contract Does Not Implement Two-Step Transfer Ownership Pattern 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#78 opened Oct 23, 2021 by code423n4
1
Open TODOs 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#75 opened Oct 22, 2021 by code423n4
Unnecessary CALLDATALOADs in for-each loops bug Something isn't working G (Gas Optimization)
#74 opened Oct 22, 2021 by code423n4
2
Unnecessary checked arithmetic in for loops bug Something isn't working G (Gas Optimization) sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#73 opened Oct 22, 2021 by code423n4
4
Unnecessary array boundaries check when loading an array element twice bug Something isn't working G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#72 opened Oct 22, 2021 by code423n4
Prefix increaments are cheaper than postfix increaments bug Something isn't working G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#71 opened Oct 22, 2021 by code423n4
internal functions can be private bug Something isn't working G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#70 opened Oct 22, 2021 by code423n4
Users can avoid paying fees for ETH swaps 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#68 opened Oct 22, 2021 by code423n4
2
Swap.setFeeRecipient() emits a NewFeeRecipient when the fee recipient hasn't changed 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#67 opened Oct 22, 2021 by code423n4
2
Swap.setSwapFee() emits a NewSwapFee when the swap fee hasn't changed 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#66 opened Oct 22, 2021 by code423n4
2
Cache or use existing memory versions of state variables (feeRecipient, swapFee) bug Something isn't working G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#64 opened Oct 22, 2021 by code423n4
Unnecessary SLOAD in Swap.setSwapFee() bug Something isn't working G (Gas Optimization) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#63 opened Oct 22, 2021 by code423n4
Unnecessary require statement in Swap's constructor bug Something isn't working G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#62 opened Oct 22, 2021 by code423n4
1
Unnecessary SLOADs in EmergencyGovernable.onlyTimelockOrEmergencyGovernance() bug Something isn't working G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#61 opened Oct 22, 2021 by code423n4
1
Inclusive check 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Something isn't working sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#49 opened Oct 22, 2021 by code423n4
1
use of floating pragma 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Something isn't working sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#46 opened Oct 22, 2021 by code423n4
Gas: Math library could be "unchecked" bug Something isn't working G (Gas Optimization) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#43 opened Oct 22, 2021 by code423n4
Gas: SafeMath is not needed when using Solidity version 0.8 bug Something isn't working G (Gas Optimization) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#42 opened Oct 22, 2021 by code423n4
Gas: minReceived check can be simplified bug Something isn't working G (Gas Optimization) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#41 opened Oct 22, 2021 by code423n4
1
Contract does not work well with fee-on transfer tokens 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#40 opened Oct 22, 2021 by code423n4
1
Arbitrary contract call allows attackers to steal ERC20 from users' wallets 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#37 opened Oct 22, 2021 by code423n4
Unused ERC20 tokens are not refunded 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#36 opened Oct 22, 2021 by code423n4
2
Consider removing Math.sol 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Something isn't working sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#35 opened Oct 22, 2021 by code423n4
Wrong calculation of erc20Delta and ethDelta 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#34 opened Oct 22, 2021 by code423n4
3
ProTip! Find all open issues with in progress development work with linked:pr.