Skip to content

Issues: code-423n4/2022-01-notional-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

57 Open 173 Closed
57 Open 173 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Users Can Game sNOTE Minting If Buybacks Occur Infrequently 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#231 opened Feb 3, 2022 by code423n4
2
A Malicious Treasury Manager Can Burn Treasury Tokens By Setting makerFee To The Amount The Maker Receives 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#230 opened Feb 3, 2022 by code423n4
2
sNOTE Holders Are Not Incetivized To Vote On Proposals To Call extractTokensForCollateralShortfall 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#229 opened Feb 3, 2022 by code423n4
2
Prefix (++i), rather than postfix (i++), increment/decrement operators should be used in for-loops bug Something isn't working G (Gas Optimization) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#228 opened Feb 2, 2022 by code423n4
2
extractTokensForCollateralShortfall Can Be Frontrun By Non-Stakers 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#227 opened Feb 2, 2022 by code423n4
2
Improper Contract Upgrades Can Lead To Loss Of Contract Ownership 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Something isn't working sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#223 opened Feb 2, 2022 by code423n4
2
getVotingPower Truncates Result Leading To Inaccuracies In Voting Power 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#222 opened Feb 2, 2022 by code423n4
1
Double _requireAccountNotInCoolDown bug Something isn't working G (Gas Optimization) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#214 opened Feb 2, 2022 by code423n4
1
Optimization on _redeemAndTransfer bug Something isn't working G (Gas Optimization) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#213 opened Feb 2, 2022 by code423n4
1
considered changing it to storage bug Something isn't working G (Gas Optimization) sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#210 opened Feb 2, 2022 by code423n4
2
MAX_SHORTFALL_WITHDRAW limit on BTP extraction is not enforced 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#209 opened Feb 2, 2022 by code423n4
1
Unused state variables bug Something isn't working G (Gas Optimization) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#204 opened Feb 2, 2022 by code423n4
1
Inclusive conditions 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Something isn't working
#202 opened Feb 2, 2022 by code423n4
1
Gas: reserveInternal.subNoNeg(bufferInternal) can be unchecked bug Something isn't working G (Gas Optimization) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#199 opened Feb 2, 2022 by code423n4
1
makerPrice assumes oracle price is always in 18 decimals 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#198 opened Feb 2, 2022 by code423n4
1
Usage of deprecated ChainLink API in EIP1271Wallet 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working
#197 opened Feb 2, 2022 by code423n4
3
StorageId enums may never be shuffled 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Something isn't working sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#196 opened Feb 2, 2022 by code423n4
2
Missing parameter validation 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Something isn't working sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#195 opened Feb 2, 2022 by code423n4
2
Treasury cannot claim COMP tokens & COMP tokens are stuck 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
#192 opened Feb 2, 2022 by code423n4
2
No upper limit check on swap fee Percentage 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
#182 opened Feb 2, 2022 by code423n4
2
sNOTE.sol#_mintFromAssets() Lack of slippage control 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#181 opened Feb 2, 2022 by code423n4
1
Multiple Missing zero address checks 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
#174 opened Feb 2, 2022 by code423n4
2
Missing validation check in totalSupply() 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#170 opened Feb 2, 2022 by code423n4
1
getVotingPower Is Not Equipped To Handle On-Chain Voting 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#165 opened Feb 2, 2022 by code423n4
1
Gas Optimization: Unnecessary comparison bug Something isn't working G (Gas Optimization) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#161 opened Feb 2, 2022 by code423n4
1
ProTip! no:milestone will show everything without a milestone.