Skip to content

Issues: code-423n4/2022-11-paraspace-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

119 Open 397 Closed
119 Open 397 Closed
Author
Filter by author
Label
Filter by label
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Milestones
Filter by milestone
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

QA Report bug Something isn't working grade-b Q-69 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#504 opened Dec 9, 2022 by code423n4
1
QA Report bug Something isn't working grade-b Q-68 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#503 opened Dec 9, 2022 by code423n4
1
QA Report bug Something isn't working grade-a Q-67 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#501 opened Dec 9, 2022 by code423n4
1
QA Report bug Something isn't working edited-by-warden grade-b Q-66 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#499 opened Dec 9, 2022 by code423n4
1
Attacker can drain pool using executeBuyWithCredit with malicious marketplace payload. 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-10 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report
#498 opened Dec 9, 2022 by code423n4
2
MintableIncentivizedERC721 and NToken do not comply with ERC721, breaking composability 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-24 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report
#497 opened Dec 9, 2022 by code423n4
4
Oracle will become invalid much faster than intended on non-mainnet chains 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-23 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report
#496 opened Dec 9, 2022 by code423n4
2
Price can deviate by much more than maxDeviationRate 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-22 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report
#491 opened Dec 9, 2022 by code423n4
2
Pausing assets only affects future price updates, not previous malicious updates. 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-21 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report
#490 opened Dec 9, 2022 by code423n4
3
Oracle does not treat upward and downward price movement the same in validity checks, causing safety issues in oracle usage. 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-20 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report
#487 opened Dec 9, 2022 by code423n4
4
UniswapV3 tokens of certain pairs will be wrongly valued, leading to liquidations. 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-09 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report
#486 opened Dec 9, 2022 by code423n4
2
NFTFloorOracle's asset and feeder structures can be corrupted 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-08 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report upgraded by judge Original issue severity upgraded from QA/Gas by judge
#482 opened Dec 9, 2022 by code423n4
5
Rewards are not accounted for properly in NTokenApeStaking contracts, limiting user's collateral. 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-19 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report
#481 opened Dec 9, 2022 by code423n4
4
Gas Optimizations bug Something isn't working G (Gas Optimization) G-15 grade-b
#480 opened Dec 9, 2022 by code423n4
2
Bad debt will likely incur when multiple NFTs are liquidated. 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-18 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report
#479 opened Dec 9, 2022 by code423n4
4
User can pass auction recovery health check easily with flashloan 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-07 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report
#478 opened Dec 9, 2022 by code423n4
3
Attacker can abuse victim's signature for marketplace bid to buy worthless item 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-17 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report
#475 opened Dec 9, 2022 by code423n4
2
When users sign a credit loan for bidding on an item, they are forever committed to the loan even if the NFT value drops massively. 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-16 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report
#474 opened Dec 9, 2022 by code423n4
2
QA Report bug Something isn't working grade-b Q-65 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#472 opened Dec 9, 2022 by code423n4
1
QA Report bug Something isn't working grade-b Q-64 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#468 opened Dec 9, 2022 by code423n4
1
QA Report bug Something isn't working grade-b Q-63 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#463 opened Dec 9, 2022 by code423n4
1
NFTFloorOracle's assets will use old prices if added back after removal 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-15 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report
#459 opened Dec 9, 2022 by code423n4
4
Discrepency in the Uniswap V3 position price calculation because of decimals 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-06 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report
#455 opened Dec 9, 2022 by code423n4
4
Gas Optimizations bug Something isn't working G (Gas Optimization) G-14 grade-b
#454 opened Dec 9, 2022 by code423n4
1
QA Report bug Something isn't working grade-b Q-62 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#451 opened Dec 9, 2022 by code423n4
1
ProTip! Updated in the last three days: updated:>2024-06-05.