-
Notifications
You must be signed in to change notification settings - Fork 4
Issues: code-423n4/2022-11-paraspace-findings
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
QA Report
bug
Something isn't working
edited-by-warden
grade-b
Q-66
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#499
opened Dec 9, 2022 by
code423n4
Attacker can drain pool using executeBuyWithCredit with malicious marketplace payload.
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-10
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
#498
opened Dec 9, 2022 by
code423n4
MintableIncentivizedERC721 and NToken do not comply with ERC721, breaking composability
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-24
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
#497
opened Dec 9, 2022 by
code423n4
Oracle will become invalid much faster than intended on non-mainnet chains
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-23
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
#496
opened Dec 9, 2022 by
code423n4
Price can deviate by much more than maxDeviationRate
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-22
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
#491
opened Dec 9, 2022 by
code423n4
Pausing assets only affects future price updates, not previous malicious updates.
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-21
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
#490
opened Dec 9, 2022 by
code423n4
Oracle does not treat upward and downward price movement the same in validity checks, causing safety issues in oracle usage.
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-20
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
#487
opened Dec 9, 2022 by
code423n4
UniswapV3 tokens of certain pairs will be wrongly valued, leading to liquidations.
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-09
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
#486
opened Dec 9, 2022 by
code423n4
NFTFloorOracle's asset and feeder structures can be corrupted
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-08
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
upgraded by judge
Original issue severity upgraded from QA/Gas by judge
#482
opened Dec 9, 2022 by
code423n4
Rewards are not accounted for properly in NTokenApeStaking contracts, limiting user's collateral.
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-19
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
#481
opened Dec 9, 2022 by
code423n4
Gas Optimizations
bug
Something isn't working
G (Gas Optimization)
G-15
grade-b
#480
opened Dec 9, 2022 by
code423n4
Bad debt will likely incur when multiple NFTs are liquidated.
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-18
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
#479
opened Dec 9, 2022 by
code423n4
User can pass auction recovery health check easily with flashloan
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-07
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
#478
opened Dec 9, 2022 by
code423n4
Attacker can abuse victim's signature for marketplace bid to buy worthless item
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-17
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
#475
opened Dec 9, 2022 by
code423n4
When users sign a credit loan for bidding on an item, they are forever committed to the loan even if the NFT value drops massively.
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-16
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
#474
opened Dec 9, 2022 by
code423n4
NFTFloorOracle's assets will use old prices if added back after removal
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-15
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
#459
opened Dec 9, 2022 by
code423n4
Discrepency in the Uniswap V3 position price calculation because of decimals
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-06
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
#455
opened Dec 9, 2022 by
code423n4
Gas Optimizations
bug
Something isn't working
G (Gas Optimization)
G-14
grade-b
#454
opened Dec 9, 2022 by
code423n4
Previous Next
ProTip!
Updated in the last three days: updated:>2024-06-05.